Roundup Tracker - Issues

Issue 2550528

classification
Handle Unauthorized exception from serve_file
Type: behavior Severity: normal
Components: Versions: devel
process
Status: closed accepted
:
: stefan : richard, stefan
Priority: : patch

Created on 2009-03-13 17:43 by stefan, last changed 2009-03-17 22:59 by richard.

Files
File name Uploaded Description Edit Remove
client.py.diff stefan, 2009-03-13 18:00
Messages
msg3643 Author: [hidden] (stefan) Date: 2009-03-13 17:43
In simplified form, Roundup's logic for processing an HTTP request
looks like this:

  try:
    self.renderContext()
  except SendFile, f:
    self.serve_file(f)
  except Unauthorised:
    self.generate_error_message()

The idea is that the main renderContext raises a "SendFile" exception
to indicate that instead of generating normal output a file should be
sent back.  And, renderContext may raise Unauthorised to indicate that
the user is not allowed to view the page.

The problem is that serve_file checks whether the file it's about to
serve is viewable -- and, if not, raises Unauthorised.  That exception
is then not caught, and the user just gets an error, instead of the
tracker homepage with a useful error message.

With some (slight) reorganization of the relevant code, this can be
fixed. I'm working on a patch now.
msg3644 Author: [hidden] (stefan) Date: 2009-03-13 18:00
Here is the patch. It looks big, but mostly only consists of indentation
(scope) changes. Can this still go in before the 1.4.7 release ?

Thanks,
msg3645 Author: [hidden] (richard) Date: 2009-03-13 22:35
The patch is a sensible reorganisation, and looks correct.

I'm not sure there's tests covering this though :(

I want to get 1.4.7 out ASAP so it'll have to do since it appears
nothing breaks.
msg3646 Author: [hidden] (stefan) Date: 2009-03-13 22:40
Richard Jones wrote:

> The patch is a sensible reorganisation, and looks correct.
> 
> I'm not sure there's tests covering this though :(

You are right. I will think about ways to test this (and keep this issue 
open for that).

> I want to get 1.4.7 out ASAP so it'll have to do since it appears
> nothing breaks.

OK, thanks. The patch is checked in as rev:4201.

Regards,
		Stefan
History
Date User Action Args
2009-03-17 22:59:41richardsetstatus: open -> closed
resolution: accepted
2009-03-13 22:40:08stefansetmessages: + msg3646
2009-03-13 22:35:42richardsetmessages: + msg3645
2009-03-13 18:00:48stefansetstatus: new -> open
keywords: + patch
messages: + msg3644
files: + client.py.diff
2009-03-13 17:43:03stefancreate