1. Thomas Waldmann
  2. moin-2.0
  3. Issues
Issue #218 resolved

AccessDenied traceback instead of nothing

Reimar Bauer
created an issue

I guess that is also in main a problem

set acls on an item that anonymous can't read and transclude it somewhere where he can and log out. {{{

Traceback (most recent call last): File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1701, in call return self.wsgi_app(environ, start_response) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1689, in wsgi_app response = self.make_response(self.handle_exception(e)) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1687, in wsgi_app response = self.full_dispatch_request() File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1360, in full_dispatch_request rv = self.handle_user_exception(e) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1358, in full_dispatch_request rv = self.dispatch_request() File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/env/lib/python2.7/site-packages/flask/app.py", line 1344, in dispatch_request return self.view_functionsrule.endpoint File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/apps/frontend/views.py", line 324, in show_item data_rendered=Markup(item._render_data()), File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/items/init.py", line 284, in _render_data doc = self._expand_document(doc) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/items/init.py", line 270, in _expand_document doc = include_conv(doc) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/converter/include.py", line 344, in call self.recurse(tree, None) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/converter/include.py", line 282, in recurse ret = self.recurse(child, page_href) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/converter/include.py", line 282, in recurse ret = self.recurse(child, page_href) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/converter/include.py", line 282, in recurse ret = self.recurse(child, page_href) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/converter/include.py", line 206, in recurse page = Item.create(unicode(path)) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/items/init.py", line 190, in create rev = item.get_revision(rev_id) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/storage/middleware/protecting.py", line 215, in get_revision return self[revid] File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/storage/middleware/protecting.py", line 210, in getitem self.require(READ) File "/home/reimar/workspace/tmp/moin-2.0-Jaiditya/MoinMoin/storage/middleware/protecting.py", line 201, in require raise AccessDenied("item does not allow user '{0!r}' to '{1!r}'".format(self.protector.user.name, capability)) AccessDenied: item does not allow user 'u'anonymous'' to ''read''

}}}

Comments (7)

  1. Thomas Waldmann repo owner

    Yes, it is in main repo also. The code in include converter needs to be refactored, so that Item.create() is called at only one place (and not separate for single item and multiple items). AccessDenied has to be catched there. We could either show some special element there (indicating "access denied") or just show nothing at this place.

  2. Log in to comment