Summary

Bullet-proof the private field filtering in the user resource.

Review Request #7425 — Created June 15, 2015 and discarded June 15, 2015, 2:31 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-2.0.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

The user API resource does some filtering on the payload data to remove
any fields that the caller shouldn't see. If the payload data already
has some information removed, it's possible that this could fail. We now
bullet-proof this, removing only fields found in the payload.

Testing Done

Unit tests pass.

Tool: PEP8 Style Checker
Processed Files:
    reviewboard/webapi/resources/user.py



Tool: Pyflakes
Processed Files:
    reviewboard/webapi/resources/user.py

Ship it!

```
This should be fine for the most part.
```

reviewboard/webapi/resources/user.py (Diff revision 1)

I'm pretty sure this case ever happening is going to be a subtle bug with the serialization and caching code. I'm wondering if we should maybe log something here as a warning about possible subtle bugs surfacing?

smacleod June 15, 2015, 12:51 p.m.

Actually, wasn't remembering the cache is only per request and we're always checking the requesting user's permission, so no logging needed.

Status: Discarded

Change Summary:

Discarded in favor of the fix at /r/7428/