Bullet-proof the private field filtering in the user resource.

Review Request #7425 — Created June 15, 2015 and discarded

Information

Review Board
release-2.0.x

Reviewers

The user API resource does some filtering on the payload data to remove
any fields that the caller shouldn't see. If the payload data already
has some information removed, it's possible that this could fail. We now
bullet-proof this, removing only fields found in the payload.

Unit tests pass.

reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        reviewboard/webapi/resources/user.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        reviewboard/webapi/resources/user.py
    
    
  2. 
      
SM
  1. This should be fine for the most part.

  2. reviewboard/webapi/resources/user.py (Diff revision 1)
     
     
     

    I'm pretty sure this case ever happening is going to be a subtle bug with the serialization and caching code. I'm wondering if we should maybe log something here as a warning about possible subtle bugs surfacing?

    1. Actually, wasn't remembering the cache is only per request and we're always checking the requesting user's permission, so no logging needed.

  3. 
      
chipx86
Review request changed
Status:
Discarded
Change Summary:

Discarded in favor of the fix at /r/7428/