232
232
>>> bug_product_changed = ObjectModifiedEvent(
233
233
... bug_in_evolution, old_state, ["product"])
235
First, let's publish the change event with the bug still marked private,
236
and notice that the subscription list doesn't change:
235
First, let's set the bug to non security related with the bug still marked,
236
private and notice that the subscription list doesn't change:
241
>>> notify(bug_product_changed)
241
>>> bug.setSecurityRelated(False, getUtility(ILaunchBag).user)
243
244
>>> subscriber_names(bug)
244
245
[u'name12', u'name16']
246
Also verify the same event again, when marked public does cause
247
Now the bug is marked as security related, when also marked public does cause
247
248
stub to get subscribed:
249
250
>>> bug.setPrivate(False, getUtility(ILaunchBag).user)
253
>>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user)
252
256
>>> bug.security_related
255
>>> notify(bug_product_changed)
257
259
>>> subscriber_names(bug)
258
260
[u'name12', u'name16', u'stub']
280
282
When a bug becomes security-related, the security contacts for the pillars it
281
affects are subscribed to it.
283
affects are subscribed to it. This happens regardless of whether the feature
286
We current use a feature flag to control who is subscribed when a bug is made
289
>>> from lp.services.features.testing import FeatureFixture
290
>>> feature_flag = {'disclosure.enhanced_private_bug_subscriptions.enabled': 'on'}
291
>>> flags = FeatureFixture(feature_flag)
283
294
>>> from zope.event import notify
284
295
>>> from lazr.lifecycle.event import ObjectModifiedEvent
296
307
>>> bug.addTask(owner=reporter, target=distribution)
298
309
>>> old_state = Snapshot(bug, providing=IBug)
299
>>> bug.setSecurityRelated(True)
310
>>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user)
312
>>> notify(ObjectModifiedEvent(bug, old_state, ['security_related']))
313
>>> for subscriber_name in sorted(
314
... s.displayname for s in bug.getDirectSubscribers()):
315
... print subscriber_name
317
Distribution Security Contact
318
Product Security Contact
320
Clean up the feature flag.
324
And once more without the feature flag.
326
>>> product = factory.makeProduct()
327
>>> product.security_contact = factory.makePerson(
328
... displayname='Product Security Contact')
329
>>> distribution = factory.makeDistribution()
330
>>> distribution.security_contact = factory.makePerson(
331
... displayname='Distribution Security Contact')
332
>>> reporter = factory.makePerson(displayname=u'Bug Reporter')
333
>>> bug = factory.makeBug(product=product, owner=reporter)
334
>>> bug.addTask(owner=reporter, target=distribution)
336
>>> old_state = Snapshot(bug, providing=IBug)
337
>>> bug.setSecurityRelated(True, getUtility(ILaunchBag).user)
301
339
>>> notify(ObjectModifiedEvent(bug, old_state, ['security_related']))
302
340
>>> for subscriber_name in sorted(
added
removed
lib/lp/bugs/doc/security-teams.txt
