Launchpad itself

magic InformationType numbers in access grant related DB procedures

Bug #1043902 reported by Abel Deuring
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Invalid
Low
Unassigned

Bug Description

Running 'grep "3, 4, 5" *' in database/schema returns these hits:

patch-2209-11-4.sql: IF bug_row.information_type NOT IN (3, 4, 5) THEN
patch-2209-12-3.sql: IF (bug_row(OLD.bug)).information_type IN (3, 4, 5) THEN
patch-2209-12-3.sql: IF OLD.bug <> NEW.bug AND (bug_row(NEW.bug)).information_type IN (3, 4, 5) THEN
patch-2209-12-3.sql: IF (bug_row(OLD.bug)).information_type IN (3, 4, 5) THEN
patch-2209-12-3.sql: IF OLD.bug <> NEW.bug AND (bug_row(NEW.bug)).information_type IN (3, 4, 5) THEN
patch-2209-12-3.sql: AND $1.information_type IN (3, 4, 5);
patch-2209-16-0.sql: IF information_type IN (3, 4, 5) THEN
patch-2209-16-6.sql: IF information_type IN (3, 4, 5) THEN
patch-2209-19-0.sql: WHERE $1.information_type IN (3, 4, 5);
patch-2209-19-3.sql: WHERE $1.information_type IN (3, 4, 5)
patch-2209-19-3.sql: WHERE $1.information_type IN (3, 4, 5);

ISTM that this is already outdated: The enum InformationType defines
another non-public type EMBARGOED, represented as the number 6.

We should
- define a DB procedure which returns the numbers for private values in
  InformationType,
- use this procedure in the other DB procedures instead of simply
  specifying the numbers themselves
- add a unit test which checks that this procedure returns the same
  numbers as those appearing in lp.registry.enums.PRIVATE_INFORMATION_TYPES

I also think that the procdures should be more thoroughly checked for
the usage of these numbers -- grepping for "3, 4, 5" may of course miss
some places where information_type values are checked.

And it might make sense to replace "information_type IN <all-private-values>"
with "NOT information_type IN <all-public-values>"

See original description
Abel Deuring (adeuring)
description: updated
Curtis Hovey (sinzui)
tags: added: disclosure information-type
Changed in launchpad:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Curtis Hovey (sinzui) wrote :

These patch migrate production data. They are used in production once, so they are correct for the day they were run. These files will be removed from the tree when the db is incremented from the next major revision. I do not think this issue is any different from membership types, bug statues, and archive types, all of which have changed over the years.

tags: added: tech-debt
removed: disclosure
Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 1043902] [NEW] magic InformationType numbers in access grant related DB procedures

I think doing this would be overkill and just add tech debt to be
maintained: as curtis says, the patches were complete at the time of
creation-and-execution.

Revision history for this message
j.c.sackett (jcsackett) wrote :

Given the comments here and some discussion, we'll drop this.

Changed in launchpad:
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.