[Checkins] SVN: z3c.dav/trunk/src/z3c/dav/ When trying to render
properties which we don't have access to as part of
Michael Kerrin
michael.kerrin at openapp.ie
Sun May 6 11:32:00 EDT 2007
Log message for revision 75573:
When trying to render properties which we don't have access to as part of
a 'allprop' propfind request we can hide these properties from the user. When
we do this log the unauthorized exception.
Changed:
U z3c.dav/trunk/src/z3c/dav/propfind.py
U z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py
-=-
Modified: z3c.dav/trunk/src/z3c/dav/propfind.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/propfind.py 2007-05-06 15:31:11 UTC (rev 75572)
+++ z3c.dav/trunk/src/z3c/dav/propfind.py 2007-05-06 15:31:59 UTC (rev 75573)
@@ -217,12 +217,18 @@
except Unauthorized:
# Users don't have the permission to view this property and
# if they didn't explicitly ask for the named property
- # we will silently ignore this property.
+ # we can silently ignore this property, pretending that it
+ # is a restricted property.g
if isIncluded:
self.handleException(
"{%s}%s" %(davprop.namespace, davprop.__name__),
- sys.exc_info(), req,
- response)
+ sys.exc_info(), req, response)
+ else:
+ # Considering that we just silently ignored this property
+ # - log this exception with the error reporting utility
+ # just in case this is a problem that needs sorting out.
+ errUtility = component.getUtility(IErrorReportingUtility)
+ errUtility.raising(sys.exc_info(), req)
except Exception:
self.handleException(
"{%s}%s" %(davprop.namespace, davprop.__name__),
Modified: z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py
===================================================================
--- z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py 2007-05-06 15:31:11 UTC (rev 75572)
+++ z3c.dav/trunk/src/z3c/dav/tests/test_propfind.py 2007-05-06 15:31:59 UTC (rev 75573)
@@ -671,6 +671,12 @@
</propstat>
</response>""", response)
+ # Since we silenty ignored returning a property. We now log the
+ # Unauthorized exception so debuging and logging purposes.
+ self.assertEqual(len(self.errUtility.errors), 1)
+ exc_info = self.errUtility.errors[0]
+ self.assertEqual(isinstance(exc_info[0][1], Unauthorized), True)
+
def test_renderAllProperties_unauthorized_included(self):
# If we request to render all properties, and request to render a
# property we ain't authorized via the 'include' element then we
More information about the Checkins
mailing list