[Checkins] SVN: z3c.dav/trunk/src/z3c/dav/ When trying to render properties which we don't have access to as part of

Michael Kerrin michael.kerrin at openapp.ie
Sun May 6 11:32:00 EDT 2007 

Log message for revision 75573:
  When trying to render properties which we don't have access to as part of
  a 'allprop' propfind request we can hide these properties from the user. When
  we do this log the unauthorized exception.
  

Changed:
  U   z3c.dav/trunk/src/z3c/dav/propfind.py
  U   z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py

-=-
Modified: z3c.dav/trunk/src/z3c/dav/propfind.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/propfind.py	2007-05-06 15:31:11 UTC (rev 75572)
+++ z3c.dav/trunk/src/z3c/dav/propfind.py	2007-05-06 15:31:59 UTC (rev 75573)
@@ -217,12 +217,18 @@
             except Unauthorized:
                 # Users don't have the permission to view this property and
                 # if they didn't explicitly ask for the named property
-                # we will silently ignore this property.
+                # we can silently ignore this property, pretending that it
+                # is a restricted property.g
                 if isIncluded:
                     self.handleException(
                         "{%s}%s" %(davprop.namespace, davprop.__name__),
-                        sys.exc_info(), req,
-                        response)
+                        sys.exc_info(), req, response)
+                else:
+                    # Considering that we just silently ignored this property
+                    # - log this exception with the error reporting utility
+                    # just in case this is a problem that needs sorting out.
+                    errUtility = component.getUtility(IErrorReportingUtility)
+                    errUtility.raising(sys.exc_info(), req)
             except Exception:
                 self.handleException(
                     "{%s}%s" %(davprop.namespace, davprop.__name__),

Modified: z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py	2007-05-06 15:31:11 UTC (rev 75572)
+++ z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py	2007-05-06 15:31:59 UTC (rev 75573)
@@ -671,6 +671,12 @@
 </propstat>
 </response>""", response)
 
+        # Since we silenty ignored returning a property. We now log the
+        # Unauthorized exception so debuging and logging purposes.
+        self.assertEqual(len(self.errUtility.errors), 1)
+        exc_info = self.errUtility.errors[0]
+        self.assertEqual(isinstance(exc_info[0][1], Unauthorized), True)
+
     def test_renderAllProperties_unauthorized_included(self):
         # If we request to render all properties, and request to render a
         # property we ain't authorized via the 'include' element then we

More information about the Checkins mailing list