On Mon, 2012-10-08 at 20:25 -0300, John Anderson wrote:
> On 10/08, Chris McDonough wrote:
> > On Mon, 2012-10-08 at 13:50 -0700, artee wrote:
> > > Hi
> > > 
> > > In result access to all views with permission defined was denied.
> > > After small investigation I've found that this exception was silently
> > > handled on Pyramids side:
> > > for location in lineage(context):
> > > try:
> > >     acl = location.__acl__
> > > except AttributeError:
> > >     continue
> > > 
> > > I think that it should be a good idea to change this behavior or add
> > > proper trace here.
> > > Any exception related to missing attribute here will cause hard to
> > > find error and misleading trace:
> > > <No ACL found on any object in resource lineage>
> > > 
> > > Any ideas to handle it in a proper way?
> > 
> > I agree it is a problem.  I'm not sure what the best way to handle it
> > is.  Python is pretty bad at AttributeError introspection, so it might
> > be necessary to do something horrible like this inside Pyramid:
> > 
> > diff --git a/pyramid/authorization.py b/pyramid/authorization.py
> > index 943f8bd..33f03ac 100644
> > --- a/pyramid/authorization.py
> > +++ b/pyramid/authorization.py
> > @@ -75,11 +75,21 @@ class ACLAuthorizationPolicy(object):
> >          acl = '<No ACL found on any object in resource lineage>'
> >          
> >          for location in lineage(context):
> > +
> >              try:
> >                  acl = location.__acl__
> > -            except AttributeError:
> > +            except AttributeError as e:
> > +                # We are trying to catch only the AttributeError
> > +                # raised as the result of the location w/o __acl__
> > +                # attribute.  But often __acl__ is defined as a prop
> > +                # which has logic that itself may raise an unrelated
> > +                # AttributeError.  Below we make sure that we don't
> > +                # catch those.  Only way to do that I know of.
> > +                args = e.args
> > +                if args and '__acl__' in str(args[0]):
> > +                    raise
> >                  continue
> > -
> > +                
> >              for ace in acl:
> >                  ace_action, ace_principal, ace_permissions = ace
> >                  if ace_principal in principals:
> > 
> > 
> 
> Couldn't we just replace the logic with a hasattr and then if it does
> run through the __acl__ like normal without exception handling?

No.  Both hasattr and getattr hide AttributeError.

- C



-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.

Reply via email to