Re: [Zope-dev] SVN: Zope/branches/2.12/ Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hanno Schlichting wrote:
Log message for revision 101181: Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.
Modified: Zope/branches/2.12/src/Zope2/App/startup.py =================================================================== --- Zope/branches/2.12/src/Zope2/App/startup.py 2009-06-20 19:53:08 UTC (rev 101180) +++ Zope/branches/2.12/src/Zope2/App/startup.py 2009-06-21 00:00:53 UTC (rev 101181) @@ -24,6 +24,7 @@ from time import asctime from types import StringType, ListType from zExceptions import Redirect +from zExceptions import Unauthorized from ZODB.POSException import ConflictError import transaction import AccessControl.User @@ -170,7 +171,7 @@ if t.lower() in ('unauthorized', 'redirect'): raise else: - if t is SystemExit or t is Redirect: + if t is SystemExit or t is Redirect or t is Unauthorized: raise
if issubclass(t, ConflictError):
What is the motivation here? Zope2 applications have hooked Unauthorized exceptions *forever*: - You can see them in the error_log (if you take them out of the ignore list). This change (the fixed version) breaks unit tests which assert that the exception can be hooked: - -------------------------------------------------------------------------- $ bin/test -s Zope2.App Running zope.testing.testrunner.layer.UnitTests tests: Set up zope.testing.testrunner.layer.UnitTests in 0.000 seconds. Error in test testRenderUnauthorizedBrokenClient (Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest) Traceback (most recent call last): File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 279, in run testMethod() File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 284, in testRenderUnauthorizedBrokenClient self.assertRaises(AttributeError, self.call, client, request, f) File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 336, in failUnlessRaises callableObj(*args, **kwargs) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 74, in call sys.exc_info()[2], File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 69, in call f(*args, **kw) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 281, in f raise Unauthorized, 1 Unauthorized: You are not allowed to access '1' in this context Error in test testRenderUnauthorizedOldClient (Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest) Traceback (most recent call last): File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 279, in run testMethod() File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 251, in testRenderUnauthorizedOldClient self.call(client, request, f) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 74, in call sys.exc_info()[2], File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 69, in call f(*args, **kw) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 248, in f raise Unauthorized, 1 Unauthorized: You are not allowed to access '1' in this context Error in test testRenderUnauthorizedStandardClient (Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest) Traceback (most recent call last): File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 279, in run testMethod() File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 262, in testRenderUnauthorizedStandardClient self.call(client, request, f) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 74, in call sys.exc_info()[2], File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 69, in call f(*args, **kw) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 259, in f raise Unauthorized, 1 Unauthorized: You are not allowed to access '1' in this context Error in test testRenderUnauthorizedStandardClientMethod (Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest) Traceback (most recent call last): File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 279, in run testMethod() File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 273, in testRenderUnauthorizedStandardClientMethod self.call(client.dummyMethod, request, f) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 74, in call sys.exc_info()[2], File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 69, in call f(*args, **kw) File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 270, in f raise Unauthorized, 1 Unauthorized: You are not allowed to access '1' in this context Failure in test testCustomExceptionViewUnauthorized (Zope2.App.tests.testExceptionHook.ExceptionViewsTest) Traceback (most recent call last): File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 279, in run testMethod() File "/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py", line 353, in testCustomExceptionViewUnauthorized self.failUnless(isinstance(v, HTTPResponse), v) File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line 325, in failUnless if not expr: raise self.failureException, msg AssertionError: You are not allowed to access '1' in this context Ran 23 tests with 1 failures and 4 errors in 0.512 seconds. Tearing down left over layers: Tear down zope.testing.testrunner.layer.UnitTests in 0.000 seconds. - -------------------------------------------------------------------------- Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKT5lk+gerLs4ltQ4RAuXKAJ4x+m289pMfGeYprwdJgAJ/6RkIBACdG8FO VYiQVeOKXbGSQ/g65GkP0sw= =RH3T -----END PGP SIGNATURE-----
Hi. I'm not sure how exactly to approach this. The code in the ZPublisherExceptionHook reads: def __call__(self, published, REQUEST, t, v, traceback): try: if isinstance(t, StringType): if t.lower() in ('unauthorized', 'redirect'): raise else: if (t is SystemExit or issubclass(t, Redirect) or issubclass(t, Unauthorized)): raise [...] I added the "issubclass(t, Unauthorized)" to the second condition, which now seems to cause test failures. Looking at the first if-statement, it looked like in the times of string exceptions, both 'unauthorized' and 'redirect' would be checked upon first and always raised. I tried to follow the same logic for modern class based exceptions here for the second if-statement. Especially since the check for "issubclass(t, Redirect)" was already in place, this looked like an obvious omission. Can someone shed some light on this and tell me what is supposed to happen here? Thanks, Hanno On Sat, Jul 4, 2009 at 8:03 PM, Tres Seaver<tseaver@palladion.com> wrote:
Hanno Schlichting wrote:
Log message for revision 101181: Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.
Modified: Zope/branches/2.12/src/Zope2/App/startup.py =================================================================== --- Zope/branches/2.12/src/Zope2/App/startup.py 2009-06-20 19:53:08 UTC (rev 101180) +++ Zope/branches/2.12/src/Zope2/App/startup.py 2009-06-21 00:00:53 UTC (rev 101181) @@ -24,6 +24,7 @@ from time import asctime from types import StringType, ListType from zExceptions import Redirect +from zExceptions import Unauthorized from ZODB.POSException import ConflictError import transaction import AccessControl.User @@ -170,7 +171,7 @@ if t.lower() in ('unauthorized', 'redirect'): raise else: - if t is SystemExit or t is Redirect: + if t is SystemExit or t is Redirect or t is Unauthorized: raise
if issubclass(t, ConflictError):
What is the motivation here? Zope2 applications have hooked Unauthorized exceptions *forever*:
- You can see them in the error_log (if you take them out of the ignore list).
This change (the fixed version) breaks unit tests which assert that the exception can be hooked:
participants (2)
-
Hanno Schlichting -
Tres Seaver