Can request a review from someone who can't see the merge proposal
Bug #330290 reported by
Martin Albisetti
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Low
|
Ian Booth |
Bug Description
It turns out that you can request a review from a person who doesn't have permissions to view the (private) branch, so we end up in a situation where I need to review something I can't see :)
In my case, see: https:/
Related branches
lp:~wallyworld/launchpad/confirm-reviewer-subscription-330290
- j.c.sackett (community): Approve
- Richard Harding (community): Approve (code*)
-
Diff: 670 lines (+470/-65)10 files modifiedlib/lp/app/javascript/picker/picker_patcher.js (+69/-1)
lib/lp/app/javascript/picker/tests/test_picker_patcher.js (+1/-1)
lib/lp/app/widgets/templates/form-picker-macros.pt (+2/-28)
lib/lp/app/widgets/tests/test_popup.py (+1/-1)
lib/lp/bugs/javascript/bugtask_index.js (+5/-6)
lib/lp/bugs/javascript/tests/test_bugtask_delete.js (+11/-5)
lib/lp/code/javascript/branchmergeproposal.nominate.js (+133/-0)
lib/lp/code/javascript/tests/test_branchmergeproposal.nominate.html (+51/-0)
lib/lp/code/javascript/tests/test_branchmergeproposal.nominate.js (+191/-0)
lib/lp/code/templates/branch-register-merge.pt (+6/-23)
summary: |
- Can request a review from someone without permission + Can request a review from someone who can't see the merge proposal |
tags: | added: disclosure |
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Ian Booth (wallyworld) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Related to bug 319405. We might want to do it in conjunction with other privacy work for 2.2.3.