don't open the database for static files

git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1764 57a73879-2fb5-44c3-a270-3262357dd7e2

diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
index 3c7e9f09aa69b6d5f7b0498b678675cbe3ed1cd8..397c2fe87147db7263ee9225bcf79d77a2ed27a2 100644 (file)
--- a/roundup/cgi/client.py
+++ b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.123 2003-06-24 04:16:35 richard Exp $
+# $Id: client.py,v 1.124 2003-06-24 05:00:43 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -232,10 +232,15 @@ class Client:
         self.ok_message = []
         self.error_message = []
         try:
-            # make sure we're identified (even anonymously)
-            self.determine_user()
             # figure out the context and desired content template
+            # do this first so we don't authenticate for static files
+            # Note: this method opens the database as "admin" in order to
+            # perform context checks
             self.determine_context()
+
+            # make sure we're identified (even anonymously)
+            self.determine_user()
+
             # possibly handle a form submit action (may change self.classname
             # and self.template, and may also append error/ok_messages)
             self.handle_action()
@@ -312,8 +317,6 @@ class Client:
     def determine_user(self):
         ''' Determine who the user is
         '''
-        # determine the uid to use
-        self.opendb('admin')
         # clean age sessions
         self.clean_sessions()
         # make sure we have the session Class
@@ -423,6 +426,9 @@ class Client:
                 # send the file identified by the designator in path[0]
                 raise SendFile, path[0]
 
+        # we need the db for further context stuff - open it as admin
+        self.opendb('admin')
+
         # see if we got a designator
         m = dre.match(self.classname)
         if m: