bac | thanks gmb. fwiw i had tried using person_logged_in and got other issues. i'll have a look at your branch. | 12:23 |
---|---|---|
bac | gmb: my problem was i tried using person_logged_in and then passing the principal to create_initialized_view -- you must do both | 12:26 |
gary_poster | bac, feature_flag issue is dealt with? danilos has OCR today, so if you are close to working on the client branch, we should maybe plan for a handoff on danilos' current task, at least if he is not finished by his EoD | 12:37 |
danilos | gary_poster, hi, I hope I'll get this done before our meeting even with OCR | 12:41 |
gary_poster | cool danilos, np then | 12:41 |
bac | gary_poster: yes, i understand now how to get the tests working. it is now a matter of replicating them across pillars | 12:43 |
gary_poster | bac, awesome | 12:43 |
bac | several hours work, at least | 12:43 |
gary_poster | bac, is there anything that we can share? | 12:43 |
bac | gary_poster: may be more trouble than worth | 12:43 |
gary_poster | ok bac. Please keep it in mind in case you discover something that might change your mind | 12:44 |
bac | will do | 12:44 |
gary_poster | cool | 12:44 |
gmb | bac: Glad I could help. | 12:59 |
gary_poster | benji, fwiw added another card to FW 2 that you can move to when done with your current bug | 13:16 |
gary_poster | probably should be fixed before merging | 13:16 |
benji | k | 13:16 |
gary_poster | I might take it myself if I get to it | 13:16 |
gary_poster | bac, benji, danilos, gmb, mumble/kanban in 2 | 13:28 |
bac | ok | 13:28 |
gmb | ack | 13:28 |
gary_poster | someone, what is the easy way to get a url to an object in a differnt pillar than the one you are in now? There must be an easy way, and I may even have known it at some point... | 13:29 |
gmb | gary_poster: You mean a different rootsite? (e.g. code, bugs, answers, etc.) | 13:30 |
bac | gary_poster: e.g. return urlappend(canonical_url(self.context, rootsite='feeds'), | 13:31 |
gary_poster | thanks, gmb, btw | 13:44 |
gary_poster | for answer :-) | 13:44 |
gmb | np | 13:44 |
danilos | "subscribe to bug mail" link on lp.dev/firefox has stopped working for me with latest accordionoverlay branch | 13:54 |
danilos | is this known or not? | 13:54 |
gary_poster | danilos: you need to turn on feature flag. one sec, will get detail... | 13:56 |
danilos | aah | 13:56 |
gary_poster | benji, I think that bug is just adding "escape" into a magic point within "render_filter_name" yeah? | 13:57 |
gary_poster | advanced-structural-subscriptions.enableddefault10on | 13:57 |
gary_poster | danilos ^ | 13:57 |
gary_poster | https://launchpad.dev/+feature-rules | 13:57 |
benji | gary_poster: yep; I bet http://developer.yahoo.com/yui/3/api/Escape.html will work | 13:57 |
gary_poster | foo.bar@canonical.com has privs | 13:58 |
danilos | gary_poster, cool, thanks | 13:58 |
gary_poster | danilos, np | 13:58 |
gary_poster | benji, cool. I wonder what the diff between that and javascript escape is | 13:58 |
gary_poster | but anyway | 13:58 |
gary_poster | run with the YUI version :-) | 13:58 |
benji | actually, Gavin just noted on a related bug (740096) that using Y.Node instead of strings of HTML would fix/avoid this class of problem, so I'm going to try that | 13:59 |
gary_poster | ah cool | 14:00 |
gary_poster | bug 740096 | 14:01 |
gary_poster | oh mup, you're never there when I want you | 14:01 |
benji | xss vulnerability in new bug subscription overlay; https://bugs.launchpad.net/launchpad/+bug/740640 | 14:01 |
benji | oops, wrong one | 14:01 |
benji | when updating a code build recipe json returned isn't escaped; https://bugs.launchpad.net/launchpad/+bug/740096 | 14:01 |
gary_poster | yeah, thank you. https://launchpad.net/bugs/BUG_NUMBER is almost but not quite as fast as mup. | 14:03 |
benji | I have a Firefox bookmarklet that lets me type "bug NUMBER" and it takes me to the bug. | 14:06 |
gary_poster | ah, nicer | 14:13 |
gary_poster | chrome really is noticeably faster for me though. :-/ FF 4 is better but still there's an appreciable difference. | 14:14 |
gary_poster | as an aside about FF :-) | 14:14 |
benji | gary_poster: the XSS bug is a bit bigger than just description; it could come from any of the values (if we allow HTML-like values in those fields); should I just do description now and file another bug to determine the scope of the problem/fix the others? | 14:30 |
gary_poster | benji, fix that bug, land a branch so I can adjust my code to deal with the change :-P , and add a new card for the other fields and start on that. | 14:31 |
gary_poster | no need for a bug IMO | 14:31 |
benji | cool | 14:31 |
gary_poster | lemme know when it is landed please | 14:31 |
benji | k | 14:32 |
bac | gary_poster: got a sec? | 14:38 |
gary_poster | sure bac | 14:38 |
bac | gary_poster: mumbe | 14:39 |
bac | l | 14:39 |
benji | gary_poster: the XSS problem is even deeper than that, I believe this is really a bug in lazr.restful; investigating now. I've tried to come up with a hacky solution but can't think of one. On the other hand, the only change we should have to make to the branch is to use a newer lazr.restful once I fix this. | 14:46 |
gary_poster | benji, sounds scary in terms of backwards compatibility | 14:49 |
benji | gary_poster: I take it back; the bug is definately in LP; I think I can have a fix shortly. | 14:49 |
gary_poster | cool | 14:49 |
gary_poster | bac, this is interesting from LEP: | 14:49 |
gary_poster | bdmurray: gary_poster: looking again I think bug supervisors can structurally subscribe to distro bugs if a bug supervisor is set | 14:49 |
gary_poster | bdmurray: gary_poster: at least that is the way it was when I wrote it | 14:49 |
gary_poster | gary_poster: bdmurray, oh? I'm afraid I'm not even sure how bug supervisors fit into it | 14:49 |
gary_poster | bdmurray: gary_poster: its only for distributions with bug supervisors set that structural subscriptions are restricted for and they are restricted to the members of the bug supervisor team | 14:49 |
gary_poster | bac, so it seems that distributions do not generically enable this functionality, but it is enabled selectively for certain users | 14:50 |
gary_poster | if you need more details we will probably have to turn to a bugs team expert | 14:51 |
bac | gary_poster: then we may be in good shape, sort of | 14:51 |
gary_poster | ok cool | 14:51 |
bac | that explains why i don't see it on the bug page | 14:51 |
bac | it'll take some finagling to get it to show up properly on the overview page under those conditions | 14:51 |
gary_poster | ok | 14:51 |
* gary_poster has landed two small branches to ~yellow. I'd like to make another small change, but that will wait for the XSS work. | 15:07 | |
gary_poster | bac, did you want me to help? | 15:30 |
bac | gary_poster: i do. sorry for the delay. | 15:30 |
gary_poster | np | 15:30 |
gary_poster | If you are doing a punchlist item that is supposed to go into the mongo branch and therefore not go through the usual review/landing process, please feel free to use the new "completed punchlist items" column | 15:34 |
gary_poster | I should have added that sooner; I forget how mutable the kanban board is | 15:34 |
benji | ok, I need a consult; I must be doing something wrong with 740640. What's happening is that the JSON representation of the bug filters is inserted into a script tag at the bottom of the page. If the description contains </script><script>DO BAD THINGS</script> then bad things are done... | 15:34 |
gary_poster | We'll remove those as soon as we land the mongo branches | 15:34 |
benji | ...I expected wrapping the JSON in a CDATA and/or HTML comment would fix that, but it doesn't. | 15:35 |
gary_poster | ok, first thought | 15:35 |
benji | An we can't just escape the whole string because that will lead to HTML-escaped data getting into the DB (not the right thing to do). | 15:35 |
gary_poster | we should disallow funky characters in the names | 15:36 |
gary_poster | we do that elsewhere AFAIK | 15:36 |
gary_poster | and should do it here for simplicity | 15:36 |
gary_poster | that seems to solve the problem quickly and reasonably | 15:36 |
benji | gary_poster: yeah, it's reasonable for the short term, but I feel bad leaving it this way in general; we're going to keep getting outselves into this situation and there seems to be a central place to fix it | 15:38 |
gary_poster | I wonder if the policy is the right way to fix it thoug | 15:38 |
gary_poster | h | 15:38 |
gary_poster | you bring up good concerns about escaping | 15:38 |
gary_poster | I suppose you could say lazr.restful escapes on the way out and unescapes coming back in | 15:39 |
gary_poster | but that's going to be pretty hairy to incorporate is my guess | 15:39 |
gary_poster | because nothing expexts the unescaping ATM | 15:39 |
gary_poster | expects | 15:39 |
gary_poster | even if this were isolated to just the JS bits | 15:39 |
benji | right; I have a strong gut feeling that there is a right way to do this that won't affect existing code, but I don't know what it is right now | 15:40 |
gary_poster | I don't see it either. Other problematic variations: | 15:41 |
benji | regarding disallowing funky characters: it seems to me that we need to do that at PATCH time, not in the JS (otherwise people can use the web service directly to inject their XSS attack) | 15:42 |
gary_poster | lazr.restful (or whatever machinery does this thing for the response cache) pukes if it gets a string that is not safe to put in the browser, unless there is some gesture to escape it. | 15:42 |
gary_poster | disallowing funky characters: this needs to be in the server | 15:42 |
gary_poster | and then needs validation on the clientside of a similar sort to the thing that we need for tags | 15:43 |
gary_poster | so I agree, the only thing in the JS is code to make the error friendly | 15:44 |
gary_poster | disallowing funky characters happens in the DB for tags, I've heard | 15:44 |
gary_poster | Going that deep is appropriate here too if there is precedence, in fact | 15:45 |
gary_poster | Also note that we only render to the page what the server gives us. When we do a patch, the server gives us back the new representation, and that's what we render | 15:45 |
benji | How much time pressure are we under for this fix? I don't think adding a "be sure strings are browser-safe" to lazr.restful is the right thing to do, but don't know how long it will take to figure out the right thing. | 15:46 |
benji | yeah, doing tag-like, DB-level string safety checks might be the best short term thing we can do | 15:46 |
gary_poster | benji, yes. This is what I'd like: | 15:47 |
gary_poster | 1) DB-level string safety checks | 15:47 |
gary_poster | 2) JS-level friendliness about it all | 15:47 |
bac | gary_poster: email sent | 15:48 |
bac | with tasks. let me know if it doesn't make sense | 15:48 |
gary_poster | 3) A bug about the larger problem, if you like. As I said, my current feeling is that the answer is to typically not allow XSS-type charecters in fields. I suppose lazr.restful could try to enforce that, but I don't love it | 15:48 |
gary_poster | benji, done. | 15:48 |
gary_poster | bac, thanks, will read. | 15:48 |
benji | gary_poster: sounds good; I'll work on 1 and 2 now (well, and after lunch) | 15:49 |
gary_poster | benji, cool | 15:49 |
danilos | bac, gary_poster: error handling being pushed right now | 15:58 |
danilos | bac, gary_poster: and now done, it should be in ~yellow/launchpad/accordionoverlay | 15:59 |
bac | danilos: great | 16:02 |
gary_poster | awesome danilos, thanks | 16:02 |
bac | gary_poster: ping me before you tackle any of those items | 16:11 |
gary_poster | bac, will do. Branch is built now, and I'm wrapping something else up. I might have questions for you in just a sec (though if you are going to lunch np) | 16:11 |
bac | eating in | 16:11 |
gary_poster | k | 16:12 |
gary_poster | (pushed another small branch) | 16:15 |
danilos | gary_poster, I am looking into lowercase tags stuff, should I switch to something else to help out instead? | 16:16 |
gary_poster | danilos, you have about 1:45 left, yeah? | 16:17 |
gary_poster | or just :45? | 16:17 |
danilos | gary_poster, something like 1h, yeah, but all of tomorrow morning as well :) | 16:17 |
gary_poster | danilos, heh, sure. weellll...benji, you around, by chance? | 16:18 |
danilos | gary_poster, there are also small bits like "Unsubscribe" not showing any progress UI and things like that | 16:18 |
gary_poster | danilos, please add cards for stuff you see like that | 16:19 |
danilos | gary_poster, right, I'll do that | 16:19 |
benji | gary_poster: kinda ;) | 16:19 |
gary_poster | benji :-) is there anything danilos can do for your task, or should he and I find something else? | 16:19 |
benji | gary_poster: well, now that we've identified a course of action, he could persue it; I haven't yet done much discovery on how the tag spellings are enforced | 16:20 |
gary_poster | ack benji. I'll give danilos some options and I'll include that as one of 'em. I'll let you know on the kanban board and here and stuff. Thanks | 16:22 |
benji | k | 16:22 |
* benji returns to making patty melts. | 16:22 | |
gary_poster | :-) | 16:22 |
gary_poster | So, danilos, here are good cards | 16:23 |
gary_poster | 740640, FW 2. Task is to enforce no-scary-XSS-characters in the DB, and figure out a pretty way to display that | 16:23 |
gary_poster | That fits in nicely with the tags one | 16:23 |
gary_poster | because they are pretty similar | 16:23 |
gary_poster | So you could take those two | 16:24 |
gary_poster | Or... | 16:24 |
gary_poster | You could take 739141 in Quick Jobs | 16:24 |
gary_poster | Or... | 16:24 |
gary_poster | you could take one of the two bottom cards in FW 1: | 16:25 |
gary_poster | Team subscriptions should support a personal opt-out feature, exposed on edit page and unsub-in-anger page | 16:25 |
gary_poster | or | 16:25 |
gmb | gary_poster: r=me with a couple of tweaks. | 16:25 |
gmb | \0\ | 16:25 |
gmb | Hah. | 16:25 |
gmb | It was so hard to review I broke my arm. | 16:25 |
gary_poster | I thought it was [gmb covers his ears in pain] | 16:25 |
gary_poster | :-) | 16:25 |
gmb | :) | 16:25 |
gary_poster | great thanks gmb! | 16:25 |
gmb | np | 16:25 |
gary_poster | danilos: last one: Structural subscription edit/delete page should also allow adds | 16:25 |
gmb | I'm going to go and get a very large cup of tea now. | 16:26 |
danilos | re 740640, "enforce no-scary-XSS-chars in the DB" means basically entire 740640? | 16:26 |
* gmb knows this was just a warm up for the client-side work. | 16:26 | |
gary_poster | gmb, :-) | 16:26 |
gary_poster | danilos, I don't understand question. 740640 means minimally the DB stuff, and I'd like to include JS-prettification too (of a similar sort to the tag approach, whatever that will be). | 16:27 |
danilos | gary_poster, right, so my question is: should I consider it a single task, or two separate tasks? | 16:29 |
gary_poster | danilos, ok. up to you. I won't consider it done (i.e., something we can forget about) until both aspects are done, but we can arrange that a variety of ways. | 16:30 |
danilos | gary_poster, right, sounds good | 16:31 |
danilos | benji, so it's ok to take the card away from you? :) | 16:31 |
gary_poster | cool, danilos. benji is mking patty melts, don't bother him, it's a dangerous operation. ;-) He volunteered the idea, so I think it's alright | 16:31 |
danilos | heh, ok | 16:32 |
* benji runs away from the melted cheese explosion. | 16:32 | |
gary_poster | :-) | 16:33 |
danilos | gary_poster, oh, on the topic of JS prettification, I don't really see what needs doing if we just want to escape stuff so it works | 16:45 |
danilos | (works == avoids XSS) | 16:45 |
gary_poster | danilos, here's the story. it's just like with tags. Let's say I want to make a name that has some unacceptable characters in it (e.g., "importance >= high") | 16:47 |
gary_poster | should we communicate that nicely? | 16:47 |
gary_poster | or will your new error handling be nice enough that everything will just work? I suspect that the error communication might need work, but maybe not | 16:48 |
danilos | gary_poster, so do we have a rule that some characters are unacceptable? in cases like this (XSS attack protection), that's best done with a white list, but white listing means we also stop people from using all alphabets of the world | 16:48 |
gary_poster | danilos, if I were doing it, I probably would have done it with a blacklist, excluding characters that are escaped for HTML. I agree that a whitelist would be safer. What do you think? | 16:50 |
danilos | gary_poster, well, I wouldn't "exclude" anything, I'd just escape it where appropriate so it never gets executed; I agree that's the least safe of the options (iow, it's easiest to break it), but it does have the benefit of allowing people to have subscriptions named "<important>" if they want to, which would make it much easier to filter on than say just "important" | 16:52 |
danilos | gary_poster, or, your example | 16:52 |
gary_poster | danilos, the problem is that the values are dumped into the page by lazr.restful with automation. Changing that behavior is not something that I want to commission right now. | 16:54 |
gary_poster | Moreover, we have multiple examples of precedence in LP for this exclusion pattern | 16:54 |
danilos | gary_poster, oh, that does sound sucky... | 16:55 |
danilos | gary_poster, and did you mean a precedent? | 16:56 |
gary_poster | yeah danilos. ...I actually don't know for sure if I can use precedence in that way :-P | 16:56 |
gary_poster | I could have said "multiple precidents" I guess :-) | 16:57 |
danilos | heh, yeah | 16:57 |
gary_poster | precedents | 16:57 |
gary_poster | presidents! | 16:57 |
danilos | oh, we've got Putin in Belgrade today, it was a mess getting around the city, half of the streets closed | 16:57 |
gary_poster | oh, I bet | 16:57 |
danilos | just like it was 6 months ago when we had Hilary Clinton | 16:58 |
danilos | it's especially nice since my office is right across the street from the national parliament | 16:58 |
danilos | anywaaay | 16:58 |
gary_poster | I guess it makes sense that she would get similar treatment | 16:58 |
gary_poster | secretary of state is pretty high up | 16:59 |
gary_poster | but not as much as pres, of course | 16:59 |
danilos | Putin is a prime minister now, I think | 16:59 |
danilos | though, not really sure what to do with the XSS stuff; so, basically, your suggestion is to *disallow* all HTML code and alert user of the fact? | 17:00 |
gary_poster | yeah | 17:00 |
gary_poster | just like with tags | 17:00 |
bac | gary_poster: https://bugs.launchpad.net/launchpad/+bug/412178 | 17:03 |
_mup_ | Bug #412178: Link to subscribe to a project group's bugmail should be on the bugs facet <confusing-ui> <lp-bugs> <ui> <Launchpad itself:Triaged> < https://launchpad.net/bugs/412178 > | 17:03 |
gary_poster | bac, so yay? | 17:04 |
bac | gary_poster: there is discussion in the bug about where to put the link | 17:05 |
gary_poster | ah, k | 17:05 |
bac | it is confusing b/c someone put it there anyway: https://bugs.launchpad.net/bazaar | 17:05 |
bac | it is in an odd place | 17:05 |
bac | if i can make it work, i'll just keep it in the same odd place for now | 17:05 |
* benji looks at the board for another task. | 17:06 | |
benji | Oh, I was supposed to talk to Leonard again, I'll do that first. | 17:07 |
gary_poster | benji, ok, then see the list of things I offered to danilos | 17:07 |
benji | k | 17:07 |
gary_poster | Team subscriptions should support a personal opt-out feature, exposed on edit page and unsub-in-anger page is a good one, and... | 17:08 |
gary_poster | Structural subscription edit/delete page should also allow adds | 17:08 |
gary_poster | bac, putting it in a non-weird place is harder? I.e., like the main page? | 17:09 |
gary_poster | Or just needs more thinking? | 17:09 |
bac | gary_poster: more thinking. probably should just create an actions portlet like other pages | 17:09 |
bac | but, that's the kind of thing that would possibly give curtis fits -- hard to tell | 17:10 |
gary_poster | bac, actions portlet seemed like a reasonable/"obvious" solution to me. Maybe give Curtis the option, then? | 17:10 |
gary_poster | we are on team lead call right now | 17:10 |
gary_poster | and he is leader | 17:11 |
bac | ok | 17:11 |
bac | gary_poster: if i can make it work in the current place i'd like to defer any redesign until all other pillars work | 17:11 |
gary_poster | bac, ok, will defer to you. | 17:11 |
gary_poster | bac, I tried to look at the tests; I didn't quite understand how to do them yet, but I only stared at them briefly. I've had a lot of interruptions, and now I want to get the small changes to the server branch done and sent to ec2 (where I suspect there will be problems) after the team lead call before I restart trying to share the task with you. | 17:14 |
benji | gary_poster: unless you have another preference, I'll pick 739141 back up | 17:35 |
gary_poster | benji, cool | 17:35 |
gary_poster | gmb, I don't understand your last comment, actually. You want a newline somewhere around | 18:03 |
gary_poster | 601+ required=False)) | 18:03 |
gary_poster | 602+ @call_with(subscribed_by=REQUEST_USER) | 18:03 |
gary_poster | but that kind of export annotation is all over the file without newlines | 18:03 |
gary_poster | and they all are pertinent to the method that eventually shows up | 18:03 |
gary_poster | so I'm not even quite sure which newline is pertinent. | 18:04 |
gary_poster | (i.e., before the @call_with line or after) | 18:05 |
gary_poster | I'm guessing before | 18:05 |
gary_poster | I'm taking a late lunch. Back in a abit | 18:09 |
bac | gary_poster: here are the changes required to support project groups: http://pastebin.ubuntu.com/584427/ | 18:31 |
bac | i've pushed them to lp:~bac/launchpad/yellow-accordionoverlay | 18:31 |
gmb | gary_poster: Ah, I've made the mistake of thinking that the @call_with is the start of a new decorator stack for a new method. So ignore that. | 18:44 |
=== Ursinha is now known as Ursinha-lunch | ||
gary_poster | cool gmb thanks | 19:00 |
gary_poster | how much of that is boilerplate, bac? | 19:02 |
bac | gary_poster: 68% | 19:03 |
gary_poster | :-) | 19:03 |
gary_poster | ok | 19:03 |
bac | project group is oh so special | 19:03 |
bac | just like everything else | 19:03 |
gary_poster | heh | 19:03 |
bac | gary_poster: we have a problem with some of the "hand constructed" links | 19:03 |
bac | they are wrapped as a <tr>. i had to mark the <tr> as the menu link so that both the text and icon are clickable | 19:04 |
gary_poster | Ah I think I understand. | 19:04 |
bac | but in doing so, the js-action class is not being properly displayed as green | 19:04 |
gary_poster | :-/ | 19:04 |
gary_poster | can we change in CSS safely, or not so much? | 19:04 |
bac | i haven't looked yet. | 19:05 |
gary_poster | k | 19:05 |
bac | gary_poster: i am going to work on productseries | 19:06 |
gary_poster | ok | 19:08 |
gary_poster | benji, I'd like to delegate to you :-P . On the team lead call, in the context of anoter XSS problem, I mentioned the issues you unearthed about lazr.restful and XSS. Francis asked me to write an email about the issues to start a conversation about the lazr.restful aspects of this. (Other people may be bringing up XSS but with a different focus.) | 19:32 |
gary_poster | I think you'd be a better person to write that email, to be sent to launchpad-dev. Ideally it would be done before next Wednesday. You up for that? If so, I'll add a "quick job" card. | 19:32 |
benji | gary_poster: yep, sounds good | 19:33 |
gary_poster | cool thank you | 19:33 |
benji | with any luck my pending_notifications will have figured it out by then | 19:33 |
benji | heh; pending_notifications was supposed to be my subconscious; maybe that means something | 19:37 |
gary_poster | lol | 19:49 |
gary_poster | bac, I am going to try distributionsourcepackage for lack of any better ideas | 19:50 |
bac | ok | 19:51 |
=== Ursinha-lunch is now known as Ursinha | ||
gary_poster | bac, is there a reason why you did """def xsubscribe(self):" instead of deleting the subscribe method? | 20:18 |
gary_poster | Or, when should I do that? | 20:18 |
bac | gary_poster: debug issue. merge again | 20:18 |
gary_poster | bac, ack thanks | 20:18 |
bac | gary_poster: i've hit a snag testing product series | 20:22 |
bac | it was done very similarly to the others. but in the page template the feature flag is never set. vexing. | 20:23 |
gary_poster | :-/ | 20:23 |
gary_poster | bac, I'd help if I could. If I get to the end of mine and you are still stuck I'll stare at it with you. | 20:27 |
bac | deal | 20:28 |
gary_poster | bac, I have three menus that I changed in the code to conditionally show the new add form, but I can only find two of them throught the UI. Do you have any strategies to know what is being added where? | 20:40 |
bac | gary_poster: three? what are they? | 20:40 |
bac | usually there is just an overview menu and a bugs menu | 20:40 |
gary_poster | DistributionSourcePackageOverviewMenu | 20:41 |
gary_poster | DistributionSourcePackageBugsMenu | 20:41 |
gary_poster | DistributionSourcePackageActionMenu | 20:41 |
gary_poster | all three of them had "subscribe" | 20:41 |
gary_poster | I guess I grep for the associated interfaces... | 20:41 |
gary_poster | ok maybe not | 20:42 |
bac | gary_poster: congratulations. it looks like you found a non-standard one too! | 20:43 |
gary_poster | :-) | 20:43 |
bac | gary_poster: a quick glance makes me think DistributionSourcePackageActionMenu and Bugs are the two you want | 20:45 |
bac | the OverviewMenu one is a NavigationMenu not an ApplicationMenu | 20:46 |
gary_poster | bac, I have no clue about this stuff, but OverviewMenu had "subscribe" in it too... | 20:46 |
bac | not that it means anything | 20:46 |
bac | gary_poster: yeah, i see it | 20:47 |
gary_poster | I don't know what the practical diff is between Nav menu and App menu | 20:47 |
bac | gary_poster: but looking at https://launchpad.net/ubuntu/+source/live-boot i don't see anything to do with that menu | 20:47 |
gary_poster | This may be my first exposure to the menu system, in fact | 20:47 |
gary_poster | other than believing that I've heard Curtis did it | 20:47 |
bac | gary_poster: the one you aren't using is used for the links following "This package has" | 20:50 |
bac | it should not have a subscribe link in it, i'll bet | 20:50 |
bac | gary_poster: does tal:condition="python:" do shortcutting? | 20:51 |
bac | can i do tal:condition="python: False and something_that_doesnot_exist" | 20:51 |
gary_poster | yes, I am pretty sure so, bac | 20:51 |
bac | hmm | 20:51 |
bac | i would've thought so too | 20:51 |
gary_poster | course you should also be able to do | 20:51 |
gary_poster | tal:condition="something_that_doesnot_exist|nothing" | 20:52 |
bac | sure | 20:52 |
gary_poster | shortcutting is not working? | 20:52 |
bac | i actually have another condition that i replaced with False for the example | 20:52 |
gary_poster | gotcha | 20:52 |
gary_poster | bac, you said, "the one you aren't using is used for the links following "This package has"". Teaching me to fish, how did you determine that? | 20:53 |
bac | by looking at the links it defined and then scouring the page template | 20:53 |
gary_poster | heh | 20:54 |
gary_poster | the template or the rendered version? | 20:54 |
bac | it is the one called view/overview. the other's use is hidden behind the @@/global-actions | 20:54 |
bac | it is WAY more confusing than is sane | 20:54 |
bac | menuing is so complicate that i can't ferret out the essential bits from the stuff there only to drive you crazy | 20:55 |
bac | i looked at the actual page template | 20:56 |
gary_poster | gotcha | 20:56 |
gary_poster | so I should try removing subscribe entirely and see what happens, maybe from DistributionSourcePackageActionMenu? No, that's the one that's used on the right of the main page. Ah, no it isn't, I see, it is registered against the view, and that's the view/menu you were talking about in the template! | 21:03 |
gary_poster | ok...trying to understand where the overview is used now... | 21:03 |
gary_poster | (So, yes, I think I should remove it from the ActionMenu, as you suggested initially) | 21:03 |
gary_poster | argh! | 21:04 |
gary_poster | except that doesn't make any sense! | 21:04 |
gary_poster | the template is using open_questions and new_bugs for view:menu | 21:05 |
gary_poster | oh, which are available off of DistributionSourcePackageLinksMixin, which is in fact mixed in... | 21:05 |
gary_poster | so maybe the entire links collection on DistributionSourcePackageActionMenu is a red herring? | 21:06 |
gary_poster | :-( | 21:06 |
gary_poster | maybe used by ../templates/distributionsourcepackage-portlet-pub-details.pt ? | 21:08 |
gary_poster | trying | 21:08 |
gary_poster | no | 21:09 |
gary_poster | I'm starting to think that all of the code on that menu class is a red herring | 21:09 |
gary_poster | and the only thing it needs is the mixin and the interface declarations. Going to try it | 21:10 |
gary_poster | nope, that removes it from the right hand side :-/ | 21:12 |
bac | gary_poster: :( | 21:21 |
bac | sorry, i wasn't following along at home. looks entertaining, though | 21:21 |
bac | so in my tests, if i get a view and render it to html and then print the html, i always see: | 21:21 |
bac | Features: {'malone.advanced-structural-subscriptions.enabled': None} | 21:22 |
bac | regardless of the state of the feature flag i've set. | 21:22 |
bac | i find this highly disconcerting | 21:22 |
gary_poster | np. experimentation has proved that (1) DistributionSourcePackageActionMenu's subscribe menu option is the one that is rendered for the overview page; (2) deleting DistributionSourcePackageOverviewMenu's subscribe menu option does not break anything I can see; | 21:23 |
gary_poster | (3) deleting *all* links from DistributionSourcePackageOverviewMenu's does break things; and (4) I don't know what's going on. | 21:23 |
gary_poster | I'm going to try remove the other links that don't appear to be used in DistributionSourcePackageOverviewMenu. | 21:23 |
gary_poster | well, on the bright side, for yours, you at least know that the feature flag is the problem, bac. I'd suspect a rogue request replacing the one you think you are using...or Something Else. Possibly alien in origin. | 21:24 |
bac | EXCEPT, the tests behave as expected but for two | 21:24 |
gary_poster | :-/ | 21:25 |
bac | so even though the state is printed as None in the summary, the value appears to be correct when evaluated | 21:25 |
bac | figure that one out | 21:25 |
* gary_poster whimpers | 21:26 | |
bac | i wonder if that message is using the db feature flag value and not the one from the fixture? | 21:26 |
bac | how could that be? | 21:26 |
bac | it can't | 21:26 |
* bac tests anyway | 21:26 | |
gary_poster | k, 'caue I dunno | 21:26 |
gary_poster | s | 21:26 |
gary_poster | for my mystery, I am changing DistributionSourcePackageOverviewMenu's links = ['subscribe', 'publishinghistory', 'edit', 'new_bugs', 'open_questions'] to links = ['new_bugs', 'open_questions']. That doesn't appear to change a darn thing. Then I only change two menus, as I'd expect. | 21:31 |
gary_poster | and now for the tests... | 21:32 |
bac | gary, could you fix distributionsourcepackage-index.pt | 21:33 |
bac | it has malone.advanced-structural-subscriptions.enabled | 21:34 |
bac | no | 21:34 |
gary_poster | ? | 21:34 |
bac | it has <div class="package-details" | 21:34 |
bac | tal:attributes="id string:pub${pubid}-container" /> | 21:34 |
bac | which is invalid html markup | 21:34 |
bac | div cannot be self-closing | 21:34 |
bac | safari just yelled at me | 21:34 |
gary_poster | l | 21:35 |
gary_poster | k | 21:35 |
gary_poster | done | 21:35 |
gary_poster | bac, if you have a second to glance over a diff, I will feel comfortable merging this. | 21:46 |
gary_poster | http://pastebin.ubuntu.com/584506/ | 21:46 |
gary_poster | I disabled two of the tests | 21:46 |
gary_poster | Because distribution source packages do not have owners AFAICT | 21:46 |
bac | looks great gary | 21:47 |
bac | er, gary_poster | 21:47 |
gary_poster | cool thanks bac | 21:47 |
gary_poster | I am pinged by gary too | 21:47 |
bac | ok | 21:47 |
gary_poster | thanks, will merge | 21:48 |
bac | gary_poster: are you merging to the yellow branch? | 21:48 |
gary_poster | oh, right | 21:48 |
gary_poster | there's that | 21:48 |
gary_poster | what do you want to do? | 21:48 |
bac | gary_poster: why don't you push it and i'll merge into mine | 21:48 |
gary_poster | ok | 21:49 |
bac | or we could make a new branch on ~yellow | 21:49 |
bac | just let me know | 21:49 |
gary_poster | I suspect there will be a small conflict with your most recent changes; I'll merge that first | 21:49 |
bac | ok | 21:49 |
gary_poster | I'm happy either way | 21:49 |
gary_poster | ah, no, I was up-to-date | 21:50 |
bac | gary_poster: you should check this out from david siegel. it's a pretty nice reminder to get up and walk around | 21:51 |
bac | http://iamfutureproof.com/ | 21:51 |
bac | it shows i haven't taken a break in 2h29m | 21:51 |
bac | so, time for a lap around the yard | 21:51 |
gary_poster | cool, bac, thanks! downloading | 21:51 |
gary_poster | I pushed to lp:~yellow/launchpad/accordionoverlay-links bac | 21:53 |
gary_poster | Then I did bzr pull --remember lp:~yellow/launchpad/accordionoverlay-links | 21:54 |
gary_poster | so I'll pull from there from now on | 21:54 |
gary_poster | bac, I'm sorry but I'm going to call it a day | 21:54 |
gary_poster | I'll be ready to help out more tomorry morning | 21:55 |
gary_poster | bye all | 21:55 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!