Roundup Tracker - Issues

Message3643

Author stefan
Recipients richard, stefan
Date 2009-03-13.17:43:02
Message-id <1236966183.83.0.282287140807.issue2550528@psf.upfronthosting.co.za>
In-reply-to 
In simplified form, Roundup's logic for processing an HTTP request
looks like this:

  try:
    self.renderContext()
  except SendFile, f:
    self.serve_file(f)
  except Unauthorised:
    self.generate_error_message()

The idea is that the main renderContext raises a "SendFile" exception
to indicate that instead of generating normal output a file should be
sent back.  And, renderContext may raise Unauthorised to indicate that
the user is not allowed to view the page.

The problem is that serve_file checks whether the file it's about to
serve is viewable -- and, if not, raises Unauthorised.  That exception
is then not caught, and the user just gets an error, instead of the
tracker homepage with a useful error message.

With some (slight) reorganization of the relevant code, this can be
fixed. I'm working on a patch now.
History
Date User Action Args
2009-03-13 17:43:03stefansetmessageid: <1236966183.83.0.282287140807.issue2550528@psf.upfronthosting.co.za>
2009-03-13 17:43:03stefansetrecipients: + stefan, richard
2009-03-13 17:43:03stefanlinkissue2550528 messages
2009-03-13 17:43:02stefancreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020