- Download Diff

Summary:

HUE-701 [jb] Job browser should not show the jobs from other users

Review Request #2042 — Created April 23, 2012 and submitted April 26, 2012, 9:13 a.m.

Information
Owner:	romain
Repository:	old-hue-rw
Branch:
Bugs:	HUE-701
Depends On:
Reviewers
Groups:	hue
People:	bcwalrus

Description

commit 2544f91e2f2141ce4bf215c04206ba6f1411d2bd
Author: Romain Rigaux <romain@cloudera.com>
Date:   Mon Apr 23 17:48:54 2012 -0700

    HUE-701 [jb] Job browser should not show the jobs from other users

:000000 100644 0000000... 66409c5... A	apps/jobbrowser/src/jobbrowser/conf.py
:100644 100644 0995185... 9d9ad12... M	apps/jobbrowser/src/jobbrowser/tests.py
:100644 100644 e6b2aa6... 44879b1... M	apps/jobbrowser/src/jobbrowser/views.py
:100644 100644 ce6edd7... f275c96... M	desktop/conf/pseudo-distributed.ini.tmpl

Testing Done

hadoop tests are also disabled
manual testing

Issues

2
0
4
0
All Issues: 6

Description	From	Last Updated
The name is not entirely correct. It's owner or admin. Also, it's not required if the sharing is enabled. Perhaps ...	bcwalrus	April 23, 2012, 4:39 p.m.
"""Ensure that the user has access to the job. Assumes that the wrapped function takes a `jobid' param."""	bcwalrus	April 23, 2012, 4:42 p.m.
You can "and" them together.	bcwalrus	April 23, 2012, 4:33 p.m.
Would make get_matching_jobs() understand and check job visibility, rather than fixing the caller here. Probably don't need `user_exact'.	bcwalrus	April 23, 2012, 5:10 p.m.
if not check_permission or request.user.is_superuser or j.profile.user == request.user)	bcwalrus	April 26, 2012, 9:04 a.m.
Great catch	romain	April 26, 2012, 9:06 a.m.

Testing Done:

~		no tests yet
~		this is a first pass
	~	hadoop test are also disabled already
	~	manual test was fine for me

Diff:

Revision 2 (+73 -3)

Show changes

	apps/jobbrowser/src/jobbrowser/conf.py
	apps/jobbrowser/src/jobbrowser/views.py
	desktop/conf/pseudo-distributed.ini.tmpl

Testing Done:

~		hadoop test are also disabled already
	~	hadoop tests are also disabled already
		manual test was fine for me

Fix it!

```
Looks good. Minor comments below.
```
apps/jobbrowser/src/jobbrowser/conf.py (Diff revision 1)
```
"Share submitted job info ..."
```
1. romain April 23, 2012, 5:10 p.m.
  Changed

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 1)

Show all issues

The name is not entirely correct. It's owner or admin. Also, it's not required if the sharing is enabled.

Perhaps call this "check_job_permission"?

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 1)

Show all issues

"""Ensure that the user has access to the job. Assumes that the wrapped function takes a `jobid' param."""

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 1)

Show all issues

You can "and" them together.

romain April 23, 2012, 5:10 p.m.

Yes but it won't fit and the first line tests for the config/super user permission. The second tests for the real condition (does this job belongs to the user). So cutting the tests in two seems simpler?

romain April 23, 2012, 5:31 p.m.

changed to

    if not conf.SHARE_JOBS.get() and not request.user.is_superuser \
      and job.user != request.user.username:

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 1)
```
Nit: " the job: %s" -> " job %s."

(You don't need the `the' here.)
```
1. romain April 23, 2012, 5:10 p.m.
  Fixed

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 2)

Show all issues

Would make get_matching_jobs() understand and check job visibility, rather than fixing the caller here. Probably don't need `user_exact'.

romain April 23, 2012, 5:10 p.m.
```
Indeed, it should be cleaner now.
```

Description:

		commit 2544f91e2f2141ce4bf215c04206ba6f1411d2bd
		Author: Romain Rigaux romain@cloudera.com
		Date: Mon Apr 23 17:48:54 2012 -0700

		HUE-701 [jb] Job browser should not show the jobs from other users

		:000000 100644 0000000... 66409c5... A apps/jobbrowser/src/jobbrowser/conf.py
		:100644 100644 0995185... 9d9ad12... M apps/jobbrowser/src/jobbrowser/tests.py
		:100644 100644 e6b2aa6... 44879b1... M apps/jobbrowser/src/jobbrowser/views.py
-		:100644 100644 64fce5f... 0810b52... M desktop/conf.dist/hue.ini
		:100644 100644 ce6edd7... f275c96... M desktop/conf/pseudo-distributed.ini.tmpl

Diff:

Revision 3 (+74 -3)

Show changes

	apps/jobbrowser/src/jobbrowser/conf.py
	apps/jobbrowser/src/jobbrowser/views.py
	desktop/conf/pseudo-distributed.ini.tmpl

Diff:

Revision 4 (+74 -3)

Show changes

	apps/jobbrowser/src/jobbrowser/conf.py
	apps/jobbrowser/src/jobbrowser/views.py
	desktop/conf/pseudo-distributed.ini.tmpl

Ship it!

```
Looks good. Thanks!
```

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 4)

Show all issues

if not check_permission or request.user.is_superuser or j.profile.user == request.user)

Fix it!

apps/jobbrowser/src/jobbrowser/views.py (Diff revision 4)
Show all issues
```
Great catch
```

Testing Done:

~		hadoop tests are also disabled already
~		manual test was fine for me
	~	hadoop tests are also disabled
	~	manual testing

Diff:

Revision 5 (+74 -3)

Show changes

	apps/jobbrowser/src/jobbrowser/conf.py
	apps/jobbrowser/src/jobbrowser/views.py
	desktop/conf/pseudo-distributed.ini.tmpl

Diff:

Revision 6 (+74 -3)

Show changes

	apps/jobbrowser/src/jobbrowser/conf.py
	apps/jobbrowser/src/jobbrowser/views.py
	desktop/conf/pseudo-distributed.ini.tmpl

You have a pending review.

Review Board 3.0.18

HUE-701 [jb] Job browser should not show the jobs from other users

Testing Done:

Diff:

Testing Done:

Description:

Diff:

Diff:

Testing Done:

Diff:

Diff:

Status: Closed (submitted)