Closed
Bug 1160520
Opened 9 years ago
Closed 9 years ago
Mozreview 'Try' button should be disabled unless users have L1 access
Categories
(MozReview Graveyard :: General, defect, P1)
MozReview Graveyard
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dminor, Assigned: smacleod)
References
Details
Attachments
(6 files)
40 bytes,
text/x-review-board-request
|
Details | |
40 bytes,
text/x-review-board-request
|
gps
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
Details | |
40 bytes,
text/x-review-board-request
|
gps
:
review+
|
Details |
40 bytes,
text/x-review-board-request
|
Details | |
40 bytes,
text/x-review-board-request
|
Details |
Once we can check LDAP group membership we should disable the 'Try' button in the UI unless the user has at least L1 group membership.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → smacleod
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•9 years ago
|
||
mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps Mozilla's production ldap server has a bind-mozreview user for MozReview to query ldap group membership. Create a similar user in the ldap container so ldap integrations using the bind-mozreview user may be tested.
Attachment #8624851 -
Flags: review?(gps)
Assignee | ||
Comment 2•9 years ago
|
||
mozreview: add extension settings for ldap (Bug 1160520). r?gps The MozReview extension needs to know what ldap server to use. Add fields to its settings to configure the ldap url and the credentials for communicating with the server. Configure these settings as part of the test environment. Also link the ldap and rbweb containers.
Attachment #8624852 -
Flags: review?(gps)
Assignee | ||
Comment 3•9 years ago
|
||
mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps In order to query the ldap server from the MozReview extension we'll need python-ldap. We install openldap-devel on the system as well as it's needed for compiling python-ldap.
Attachment #8624853 -
Flags: review?(gps)
Assignee | ||
Comment 4•9 years ago
|
||
mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor Different mozilla ldap groups have different ways of representing group membership. scm_* groups specifically rely on the ldap users mail attribute being listed as a member of the group. Add a method to query an scm_* group by checking if the users stored ldap mail (ldap_username) is in the group. Other groups will require different mechanisms for checking membership, but MozReview only really cares about the scm_level_* groups at this time.
Attachment #8624854 -
Flags: review?(gps)
Attachment #8624854 -
Flags: review?(dminor)
Assignee | ||
Comment 5•9 years ago
|
||
mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio Add a new webapi_scm_groups_required to make restricting webapi operations to certain scm ldap groups easy.
Attachment #8624855 -
Flags: review?(mdoglio)
Attachment #8624855 -
Flags: review?(dminor)
Assignee | ||
Comment 6•9 years ago
|
||
mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor Prevent users who don't have scm_level_1 from hitting the TryAutolandTriggerResource. Also hide the button for triggering a try push if the user doesn't have scm_level_1.
Attachment #8624856 -
Flags: review?(mdoglio)
Attachment #8624856 -
Flags: review?(dminor)
Reporter | ||
Comment 7•9 years ago
|
||
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10213 Ship It!
Attachment #8624854 -
Flags: review?(dminor) → review+
Reporter | ||
Comment 8•9 years ago
|
||
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11753/#review10215 Ship It!
Attachment #8624855 -
Flags: review?(dminor) → review+
Reporter | ||
Comment 9•9 years ago
|
||
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11755/#review10217 Ship It!
Attachment #8624856 -
Flags: review?(dminor) → review+
Updated•9 years ago
|
Attachment #8624851 -
Flags: review?(gps) → review+
Comment 10•9 years ago
|
||
Comment on attachment 8624851 [details] MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps https://reviewboard.mozilla.org/r/11745/#review10227 Ship It!
Updated•9 years ago
|
Attachment #8624852 -
Flags: review?(gps) → review+
Comment 11•9 years ago
|
||
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps https://reviewboard.mozilla.org/r/11747/#review10229 ::: pylib/mozreview/mozreview/forms.py:48 (Diff revision 1) > + ldap_password = forms.CharField(required=False, > + widget=forms.PasswordInput) Is this going to suffer the same state-clearing fate as autoland_password? If so, I'd highly prefer you fix this while you are here.
Comment 12•9 years ago
|
||
Comment on attachment 8624853 [details] MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps https://reviewboard.mozilla.org/r/11749/#review10231 Ship It!
Attachment #8624853 -
Flags: review?(gps) → review+
Updated•9 years ago
|
Attachment #8624854 -
Flags: review?(gps)
Comment 13•9 years ago
|
||
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10235 ::: pylib/mozreview/mozreview/ldap/__init__.py:30 (Diff revision 1) > + c.simple_bind_s("uid=%s,ou=logins,dc=mozilla" % user, password) I don't like having "ou=logins,dc=mozilla" hardcoded here. Could you refactor this series so the full distinguished name (DN) is used instead of just the uid/username fragment?
Comment 14•9 years ago
|
||
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11755/#review10319 Ship It!
Attachment #8624856 -
Flags: review?(mdoglio) → review+
Updated•9 years ago
|
Attachment #8624855 -
Flags: review?(mdoglio) → review+
Comment 15•9 years ago
|
||
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11753/#review10321 Ship It!
Assignee | ||
Comment 16•9 years ago
|
||
Comment on attachment 8624851 [details] MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps Mozilla's production ldap server has a bind-mozreview user for MozReview to query ldap group membership. Create a similar user in the ldap container so ldap integrations using the bind-mozreview user may be tested.
Attachment #8624851 -
Attachment description: MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps → MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps
Attachment #8624851 -
Flags: review+
Assignee | ||
Updated•9 years ago
|
Attachment #8624852 -
Flags: review+ → review?(gps)
Assignee | ||
Comment 17•9 years ago
|
||
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps mozreview: add extension settings for ldap (Bug 1160520). r?gps The MozReview extension needs to know what ldap server to use. Add fields to its settings to configure the ldap url and the credentials for communicating with the server. Configure these settings as part of the test environment. Also link the ldap and rbweb containers.
Assignee | ||
Comment 18•9 years ago
|
||
Comment on attachment 8624853 [details] MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps In order to query the ldap server from the MozReview extension we'll need python-ldap. We install openldap-devel on the system as well as it's needed for compiling python-ldap.
Attachment #8624853 -
Attachment description: MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps → MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps
Attachment #8624853 -
Flags: review+
Assignee | ||
Comment 19•9 years ago
|
||
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor Different mozilla ldap groups have different ways of representing group membership. scm_* groups specifically rely on the ldap users mail attribute being listed as a member of the group. Add a method to query an scm_* group by checking if the users stored ldap mail (ldap_username) is in the group. Other groups will require different mechanisms for checking membership, but MozReview only really cares about the scm_level_* groups at this time.
Attachment #8624854 -
Attachment description: MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor → MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor
Attachment #8624854 -
Flags: review+ → review?(gps)
Assignee | ||
Comment 20•9 years ago
|
||
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio Add a new webapi_scm_groups_required to make restricting webapi operations to certain scm ldap groups easy.
Attachment #8624855 -
Attachment description: MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio → MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio
Attachment #8624855 -
Flags: review+
Assignee | ||
Comment 21•9 years ago
|
||
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio Prevent users who don't have scm_level_1 from hitting the TryAutolandTriggerResource. Also hide the button for triggering a try push if the user doesn't have scm_level_1.
Attachment #8624856 -
Attachment description: MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor → MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio
Attachment #8624856 -
Flags: review+
Comment 22•9 years ago
|
||
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps https://reviewboard.mozilla.org/r/11747/#review10323 Ship It!
Attachment #8624852 -
Flags: review?(gps) → review+
Comment 23•9 years ago
|
||
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10325 Ship It!
Attachment #8624854 -
Flags: review?(gps) → review+
Assignee | ||
Comment 24•9 years ago
|
||
https://hg.mozilla.org/hgcustom/version-control-tools/pushloghtml?changeset=b99d75db6e83 https://hg.mozilla.org/hgcustom/version-control-tools/rev/b99d75db6e83 We might want to wait a little to deploy this so people will already have their ldap username populated from Bug 1160517
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Developer Services → MozReview
You need to log in
before you can comment on or make changes to this bug.
Description
•