Closed Bug 1160520 Opened 10 years ago Closed 10 years ago

Mozreview 'Try' button should be disabled unless users have L1 access

Categories

(MozReview Graveyard :: General, defect, P1)

Product:
MozReview Graveyard
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dminor, Assigned: smacleod)

References

Details

Attachments

(6 files)

MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps
40 bytes, text/x-review-board-request
Details
MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps
40 bytes, text/x-review-board-request
gps
: review+
Details
MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps
40 bytes, text/x-review-board-request
Details
MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor
40 bytes, text/x-review-board-request
gps
: review+
Details
MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio
40 bytes, text/x-review-board-request
Details
MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio
40 bytes, text/x-review-board-request
Details
Once we can check LDAP group membership we should disable the 'Try' button in the UI unless the user has at least L1 group membership.
Assignee: nobody → smacleod
Status: NEW → ASSIGNED
mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps Mozilla's production ldap server has a bind-mozreview user for MozReview to query ldap group membership. Create a similar user in the ldap container so ldap integrations using the bind-mozreview user may be tested.
Attachment #8624851 - Flags: review?(gps)
mozreview: add extension settings for ldap (Bug 1160520). r?gps The MozReview extension needs to know what ldap server to use. Add fields to its settings to configure the ldap url and the credentials for communicating with the server. Configure these settings as part of the test environment. Also link the ldap and rbweb containers.
Attachment #8624852 - Flags: review?(gps)
mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps In order to query the ldap server from the MozReview extension we'll need python-ldap. We install openldap-devel on the system as well as it's needed for compiling python-ldap.
Attachment #8624853 - Flags: review?(gps)
mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor Different mozilla ldap groups have different ways of representing group membership. scm_* groups specifically rely on the ldap users mail attribute being listed as a member of the group. Add a method to query an scm_* group by checking if the users stored ldap mail (ldap_username) is in the group. Other groups will require different mechanisms for checking membership, but MozReview only really cares about the scm_level_* groups at this time.
Attachment #8624854 - Flags: review?(gps)
Attachment #8624854 - Flags: review?(dminor)
mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio Add a new webapi_scm_groups_required to make restricting webapi operations to certain scm ldap groups easy.
Attachment #8624855 - Flags: review?(mdoglio)
Attachment #8624855 - Flags: review?(dminor)
mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor Prevent users who don't have scm_level_1 from hitting the TryAutolandTriggerResource. Also hide the button for triggering a try push if the user doesn't have scm_level_1.
Attachment #8624856 - Flags: review?(mdoglio)
Attachment #8624856 - Flags: review?(dminor)
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10213 Ship It!
Attachment #8624854 - Flags: review?(dminor) → review+
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11753/#review10215 Ship It!
Attachment #8624855 - Flags: review?(dminor) → review+
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11755/#review10217 Ship It!
Attachment #8624856 - Flags: review?(dminor) → review+
Attachment #8624851 - Flags: review?(gps) → review+
Comment on attachment 8624851 [details] MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps https://reviewboard.mozilla.org/r/11745/#review10227 Ship It!
Attachment #8624852 - Flags: review?(gps) → review+
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps https://reviewboard.mozilla.org/r/11747/#review10229 ::: pylib/mozreview/mozreview/forms.py:48 (Diff revision 1) > + ldap_password = forms.CharField(required=False, > + widget=forms.PasswordInput) Is this going to suffer the same state-clearing fate as autoland_password? If so, I'd highly prefer you fix this while you are here.
Comment on attachment 8624853 [details] MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps https://reviewboard.mozilla.org/r/11749/#review10231 Ship It!
Attachment #8624853 - Flags: review?(gps) → review+
Attachment #8624854 - Flags: review?(gps)
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10235 ::: pylib/mozreview/mozreview/ldap/__init__.py:30 (Diff revision 1) > + c.simple_bind_s("uid=%s,ou=logins,dc=mozilla" % user, password) I don't like having "ou=logins,dc=mozilla" hardcoded here. Could you refactor this series so the full distinguished name (DN) is used instead of just the uid/username fragment?
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11755/#review10319 Ship It!
Attachment #8624856 - Flags: review?(mdoglio) → review+
Attachment #8624855 - Flags: review?(mdoglio) → review+
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio https://reviewboard.mozilla.org/r/11753/#review10321 Ship It!
Comment on attachment 8624851 [details] MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps Mozilla's production ldap server has a bind-mozreview user for MozReview to query ldap group membership. Create a similar user in the ldap container so ldap integrations using the bind-mozreview user may be tested.
Attachment #8624851 - Attachment description: MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r?gps → MozReview Request: mozreview: Add a bind-mozreview account to ldap container (Bug 1160520). r=gps
Attachment #8624851 - Flags: review+
Attachment #8624852 - Flags: review+ → review?(gps)
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps mozreview: add extension settings for ldap (Bug 1160520). r?gps The MozReview extension needs to know what ldap server to use. Add fields to its settings to configure the ldap url and the credentials for communicating with the server. Configure these settings as part of the test environment. Also link the ldap and rbweb containers.
Comment on attachment 8624853 [details] MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps In order to query the ldap server from the MozReview extension we'll need python-ldap. We install openldap-devel on the system as well as it's needed for compiling python-ldap.
Attachment #8624853 - Attachment description: MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r?gps → MozReview Request: mozreview: Install python-ldap in the mozreview-virtualenv (Bug 1160520). r=gps
Attachment #8624853 - Flags: review+
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor Different mozilla ldap groups have different ways of representing group membership. scm_* groups specifically rely on the ldap users mail attribute being listed as a member of the group. Add a method to query an scm_* group by checking if the users stored ldap mail (ldap_username) is in the group. Other groups will require different mechanisms for checking membership, but MozReview only really cares about the scm_level_* groups at this time.
Attachment #8624854 - Attachment description: MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r?dminor → MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor
Attachment #8624854 - Flags: review+ → review?(gps)
Comment on attachment 8624855 [details] MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio Add a new webapi_scm_groups_required to make restricting webapi operations to certain scm ldap groups easy.
Attachment #8624855 - Attachment description: MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r?dminor r?mdoglio → MozReview Request: mozreview: Add webapi decorator to check scm groups (Bug 1160520). r=dminor r=mdoglio
Attachment #8624855 - Flags: review+
Comment on attachment 8624856 [details] MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio Prevent users who don't have scm_level_1 from hitting the TryAutolandTriggerResource. Also hide the button for triggering a try push if the user doesn't have scm_level_1.
Attachment #8624856 - Attachment description: MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r?modglio r?dminor → MozReview Request: mozreview: restrict try pushes to scm_level_1 (Bug 1160520). r=dminor r=mdoglio
Attachment #8624856 - Flags: review+
Comment on attachment 8624852 [details] MozReview Request: mozreview: add extension settings for ldap (Bug 1160520). r?gps https://reviewboard.mozilla.org/r/11747/#review10323 Ship It!
Attachment #8624852 - Flags: review?(gps) → review+
Comment on attachment 8624854 [details] MozReview Request: mozreview: Add method to query scm level group membership (Bug 1160520). r?gps r=dminor https://reviewboard.mozilla.org/r/11751/#review10325 Ship It!
Attachment #8624854 - Flags: review?(gps) → review+
https://hg.mozilla.org/hgcustom/version-control-tools/pushloghtml?changeset=b99d75db6e83 https://hg.mozilla.org/hgcustom/version-control-tools/rev/b99d75db6e83 We might want to wait a little to deploy this so people will already have their ldap username populated from Bug 1160517
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Product: Developer Services → MozReview
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: