From 79c75def1a340232d4e0dcf1dae651be6fa0739f Mon Sep 17 00:00:00 2001 From: richard Date: Tue, 30 Jul 2002 05:27:30 +0000 Subject: [PATCH] nicer error messages, and a bugfix git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@931 57a73879-2fb5-44c3-a270-3262357dd7e2 --- roundup/cgi_client.py | 60 +++++++++++++++++++++++++++++------------ roundup/htmltemplate.py | 28 +++++++++++++++---- 2 files changed, 66 insertions(+), 22 deletions(-) diff --git a/roundup/cgi_client.py b/roundup/cgi_client.py index 99a65f1..f9fcd40 100644 --- a/roundup/cgi_client.py +++ b/roundup/cgi_client.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: cgi_client.py,v 1.145 2002-07-26 08:26:59 richard Exp $ +# $Id: cgi_client.py,v 1.146 2002-07-30 05:27:30 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -232,7 +232,6 @@ function help_window(helpurl, width, height) { My Details | Logout ''')%locals() - # figure the "add class" links if hasattr(self.instance, 'HEADER_ADD_LINKS'): classes = self.instance.HEADER_ADD_LINKS @@ -572,7 +571,8 @@ function help_window(helpurl, width, height) { ''' userid = self.db.user.lookup(self.user) if not self.db.security.hasPermission('Edit', userid): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': self.classname} w = self.write cn = self.classname cl = self.db.classes[cn] @@ -951,7 +951,8 @@ function help_window(helpurl, width, height) { cn = self.classname userid = self.db.user.lookup(self.user) if not self.db.security.hasPermission('View', userid, cn): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': self.classname} cl = self.db.classes[cn] if self.form.has_key(':multilink'): link = self.form[':multilink'].value @@ -965,7 +966,8 @@ function help_window(helpurl, width, height) { if [i for i in keys if i[0] != ':']: # no dice if you can't edit! if not self.db.security.hasPermission('Edit', userid, cn): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'new'+self.classname} props = {} try: nid = self._createnode() @@ -1008,7 +1010,8 @@ function help_window(helpurl, width, height) { ''' userid = self.db.user.lookup(self.user) if not self.db.security.hasPermission('Edit', userid, 'user'): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'newuser'} cn = self.classname cl = self.db.classes[cn] @@ -1046,7 +1049,8 @@ function help_window(helpurl, width, height) { ''' userid = self.db.user.lookup(self.user) if not self.db.security.hasPermission('Edit', userid, 'file'): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'newfile'} cn = self.classname cl = self.db.classes[cn] props = parsePropsFromForm(self.db, cl, self.form) @@ -1095,14 +1099,19 @@ function help_window(helpurl, width, height) { user = self.db.user # get the username of the node being edited - node_user = user.get(self.nodeid, 'username') + try: + node_user = user.get(self.nodeid, 'username') + except IndexError: + raise NotFound, 'user%s'%self.nodeid # ok, so we need to be able to edit everything, or be this node's # user userid = self.db.user.lookup(self.user) if (not self.db.security.hasPermission('Edit', userid) and self.user != node_user): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': self.classname + + str(self.nodeid)} # # perform any editing @@ -1152,7 +1161,10 @@ function help_window(helpurl, width, height) { ''' nodeid = self.nodeid cl = self.db.classes[self.classname] - mime_type = cl.get(nodeid, 'type') + try: + mime_type = cl.get(nodeid, 'type') + except IndexError: + raise NotFound, 'file%s'%nodeid if mime_type == 'message/rfc822': mime_type = 'text/plain' self.header(headers={'Content-Type': mime_type}) @@ -1166,8 +1178,8 @@ function help_window(helpurl, width, height) { ''' display a list of all the classes in the database ''' userid = self.db.user.lookup(self.user) - if not self.db.security.hasPermission('Edit', userid): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'all classes'} self.pagehead(_('Table of classes'), message) classnames = self.db.classes.keys() @@ -1188,7 +1200,9 @@ function help_window(helpurl, width, height) { def login(self, message=None, newuser_form=None, action='index'): '''Display a login page. ''' - self.pagehead(_('Login to roundup'), message) + self.pagehead(_('Login to roundup')) + if message: + self.write('

%s

'%message) self.write(_(''' @@ -1289,7 +1303,8 @@ function help_window(helpurl, width, height) { # make sure we're allowed to register userid = self.db.user.lookup(self.user) if not self.db.security.hasPermission('Web Registration', userid): - raise Unauthorised + raise Unauthorised, _("You do not have permission to access"\ + " %(action)s.")%{'action': 'registration'} # re-open the database as "admin" self.opendb('admin') @@ -1387,12 +1402,18 @@ function help_window(helpurl, width, height) { self.desired_action = None try: self.main_action() - except Unauthorised: + except Unauthorised, message: self.header(response=403) if self.desired_action is None or self.desired_action == 'login': - self.login() # go to the index after login + if not message: + message=_("You do not have permission.") + # go to the index after login + self.login(message=message) else: - self.login(action=self.desired_action) + if not message: + message=_("You do not have permission to access"\ + " %(action)s.")%{'action': self.desired_action} + self.login(action=self.desired_action, message=message) def main_action(self): '''Wrap the database accesses so we can close the database cleanly @@ -1668,6 +1689,11 @@ def parsePropsFromForm(db, cl, form, nodeid=0, num_re=re.compile('^\d+$')): # # $Log: not supported by cvs2svn $ +# Revision 1.145 2002/07/26 08:26:59 richard +# Very close now. The cgi and mailgw now use the new security API. The two +# templates have been migrated to that setup. Lots of unit tests. Still some +# issue in the web form for editing Roles assigned to users. +# # Revision 1.144 2002/07/25 07:14:05 richard # Bugger it. Here's the current shape of the new security implementation. # Still to do: diff --git a/roundup/htmltemplate.py b/roundup/htmltemplate.py index 2c85c7e..6ad188b 100644 --- a/roundup/htmltemplate.py +++ b/roundup/htmltemplate.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: htmltemplate.py,v 1.106 2002-07-30 02:41:04 richard Exp $ +# $Id: htmltemplate.py,v 1.107 2002-07-30 05:27:30 richard Exp $ __doc__ = """ Template engine. @@ -38,7 +38,7 @@ a template function, add a test for all data types or the angry pink bunny will hunt you down. """ -import os, re, StringIO, urllib, cgi, errno, types, urllib +import sys, os, re, StringIO, urllib, cgi, errno, types, urllib import hyperdb, date from i18n import _ @@ -895,10 +895,16 @@ class TemplateFunctions: else: if l: # there were tests, and we didn't fail any of them so we're OK - return self.execute_template(ok) + if ok: + return self.execute_template(ok) + else: + return '' # nope, fail - return self.execute_template(fail) + if fail: + return self.execute_template(fail) + else: + return '' # # INDEX TEMPLATES @@ -1353,7 +1359,15 @@ class ItemTemplate(TemplateFunctions): w(''%( self.classname, nodeid)) s = open(os.path.join(self.templates, self.classname+'.item')).read() - w(self.execute_template(s)) + try: + w(self.execute_template(s)) + except: + etype = sys.exc_type + if type(etype) is types.ClassType: + etype = etype.__name__ + w('

%s: %s

'%(etype, sys.exc_value)) + # make sure we don't commit any changes + self.db.rollback() w('') self.clear() @@ -1419,6 +1433,10 @@ class NewItemTemplate(ItemTemplate): # # $Log: not supported by cvs2svn $ +# Revision 1.106 2002/07/30 02:41:04 richard +# Removed the confusing, ugly two-column sorting stuff. Column heading clicks +# now only sort on one column. Nice and simple and obvious. +# # Revision 1.105 2002/07/26 08:26:59 richard # Very close now. The cgi and mailgw now use the new security API. The two # templates have been migrated to that setup. Lots of unit tests. Still some -- 2.30.2
Existing User Login