Issue 2550528
Created on 2009-03-13 17:43 by stefan, last changed 2009-03-17 22:59 by richard.
File name |
Uploaded |
Description |
Edit |
Remove |
client.py.diff
|
stefan,
2009-03-13 18:00
|
|
|
|
msg3643 |
Author: [hidden] (stefan) |
Date: 2009-03-13 17:43 |
|
In simplified form, Roundup's logic for processing an HTTP request
looks like this:
try:
self.renderContext()
except SendFile, f:
self.serve_file(f)
except Unauthorised:
self.generate_error_message()
The idea is that the main renderContext raises a "SendFile" exception
to indicate that instead of generating normal output a file should be
sent back. And, renderContext may raise Unauthorised to indicate that
the user is not allowed to view the page.
The problem is that serve_file checks whether the file it's about to
serve is viewable -- and, if not, raises Unauthorised. That exception
is then not caught, and the user just gets an error, instead of the
tracker homepage with a useful error message.
With some (slight) reorganization of the relevant code, this can be
fixed. I'm working on a patch now.
|
msg3644 |
Author: [hidden] (stefan) |
Date: 2009-03-13 18:00 |
|
Here is the patch. It looks big, but mostly only consists of indentation
(scope) changes. Can this still go in before the 1.4.7 release ?
Thanks,
|
msg3645 |
Author: [hidden] (richard) |
Date: 2009-03-13 22:35 |
|
The patch is a sensible reorganisation, and looks correct.
I'm not sure there's tests covering this though :(
I want to get 1.4.7 out ASAP so it'll have to do since it appears
nothing breaks.
|
msg3646 |
Author: [hidden] (stefan) |
Date: 2009-03-13 22:40 |
|
Richard Jones wrote:
> The patch is a sensible reorganisation, and looks correct.
>
> I'm not sure there's tests covering this though :(
You are right. I will think about ways to test this (and keep this issue
open for that).
> I want to get 1.4.7 out ASAP so it'll have to do since it appears
> nothing breaks.
OK, thanks. The patch is checked in as rev:4201.
Regards,
Stefan
|
|
Date |
User |
Action |
Args |
2009-03-17 22:59:41 | richard | set | status: open -> closed resolution: accepted |
2009-03-13 22:40:08 | stefan | set | messages:
+ msg3646 |
2009-03-13 22:35:42 | richard | set | messages:
+ msg3645 |
2009-03-13 18:00:48 | stefan | set | status: new -> open keywords:
+ patch messages:
+ msg3644 files:
+ client.py.diff |
2009-03-13 17:43:03 | stefan | create | |
|