On 6/20/13, Apache Bloodhound <[email protected]> wrote:
> #561: Display more user-friendly error page when navigating to a
> non-existing
> product
> ---------------------------+-----------------------
> Reporter: rjollos | Owner: rjollos
> Type: enhancement | Status: closed
> Priority: major | Milestone: Release 6
> Component: multiproduct | Version:
> Resolution: fixed | Keywords: hooks
> ---------------------------+-----------------------
> Changes (by rjollos):
>
> * status: review => closed
> * resolution: => fixed
>
>
> Comment:
>
> (In [1495037])
>
> Fixes #561: Display a warning and the products list when accessing a non-
> existent product. Patch from Olemis, with minor modifications.
>
> ----
>
[...]
>
> I'll just conclude by saying, more testing is needed,
see #567
> but from what I can
> see:
>
> * The permissions check:
> {{{#!python
> if pid:
> req.perm('product', pid).require('PRODUCT_VIEW')
> }}}
> doesn't seem to have any effect after
Authz permissions , though more testing is needed , yes ...
> `req.perm.require('PRODUCT_VIEW')`, as far as I could see (but I left it
> in place for now).
;)
> * My previous statement seems to hold about
> `/products/prod1/products/prod2` displaying an empty dashboard when the
> user has permission to access `prod1` and regardless of whether they have
> permission to access `prod2`, and may be something we want to avoid.
yes that's true . The fact is that DB translators silently limit the
scope scope of SQL queries to product='active_prefix' . IMO we should
provide the means to display dashboards for prod2 in prod1 context (<=
i.e. fix it rather than remove it ... especially thinking of global
scope ;)
> * Really what we need are some functional tests here, so the code can be
> properly refactored!
>
see #567 .
--
Regards,
Olemis.
