On Mon, 2012-10-08 at 19:20 -0400, Chris McDonough wrote:
> On Mon, 2012-10-08 at 13:50 -0700, artee wrote:
> > Hi
> > 
> > In result access to all views with permission defined was denied.
> > After small investigation I've found that this exception was silently
> > handled on Pyramids side:
> > for location in lineage(context):
> > try:
> >     acl = location.__acl__
> > except AttributeError:
> >     continue
> > 
> > I think that it should be a good idea to change this behavior or add
> > proper trace here.
> > Any exception related to missing attribute here will cause hard to
> > find error and misleading trace:
> > <No ACL found on any object in resource lineage>
> > 
> > Any ideas to handle it in a proper way?
> 
> I agree it is a problem.  I'm not sure what the best way to handle it
> is.  Python is pretty bad at AttributeError introspection, so it might
> be necessary to do something horrible like this inside Pyramid:
> 
> diff --git a/pyramid/authorization.py b/pyramid/authorization.py
> index 943f8bd..33f03ac 100644
> --- a/pyramid/authorization.py
> +++ b/pyramid/authorization.py
> @@ -75,11 +75,21 @@ class ACLAuthorizationPolicy(object):
>          acl = '<No ACL found on any object in resource lineage>'
>          
>          for location in lineage(context):
> +
>              try:
>                  acl = location.__acl__
> -            except AttributeError:
> +            except AttributeError as e:
> +                # We are trying to catch only the AttributeError
> +                # raised as the result of the location w/o __acl__
> +                # attribute.  But often __acl__ is defined as a prop
> +                # which has logic that itself may raise an unrelated
> +                # AttributeError.  Below we make sure that we don't
> +                # catch those.  Only way to do that I know of.
> +                args = e.args
> +                if args and '__acl__' in str(args[0]):
> +                    raise
>                  continue
> -
> +                
>              for ace in acl:
>                  ace_action, ace_principal, ace_permissions = ace
>                  if ace_principal in principals:
> 


Er, that diff logic is bogus.  But you get the idea.

- C


-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.

Reply via email to