Re: [Zope-dev] SVN: Zope/branches/2.12/ Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.

2009-07-10 Thread Hanno Schlichting 
Hi.

I'm not sure how exactly to approach this.

The code in the ZPublisherExceptionHook reads:

def __call__(self, published, REQUEST, t, v, traceback):
try:
if isinstance(t, StringType):
if t.lower() in ('unauthorized', 'redirect'):
raise
else:
if (t is SystemExit or
issubclass(t, Redirect) or issubclass(t, Unauthorized)):
raise
[...]

I added the "issubclass(t, Unauthorized)" to the second condition,
which now seems to cause test failures.

Looking at the first if-statement, it looked like in the times of
string exceptions, both 'unauthorized' and 'redirect' would be checked
upon first and always raised. I tried to follow the same logic for
modern class based exceptions here for the second if-statement.
Especially since the check for "issubclass(t, Redirect)" was already
in place, this looked like an obvious omission.

Can someone shed some light on this and tell me what is supposed to happen here?

Thanks,
Hanno

On Sat, Jul 4, 2009 at 8:03 PM, Tres Seaver wrote:
> Hanno Schlichting wrote:
>> Log message for revision 101181:
>>   Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.
>>
>> Modified: Zope/branches/2.12/src/Zope2/App/startup.py
>> ===
>> --- Zope/branches/2.12/src/Zope2/App/startup.py       2009-06-20 19:53:08 
>> UTC (rev 101180)
>> +++ Zope/branches/2.12/src/Zope2/App/startup.py       2009-06-21 00:00:53 
>> UTC (rev 101181)
>> @@ -24,6 +24,7 @@
>>  from time import asctime
>>  from types import StringType, ListType
>>  from zExceptions import Redirect
>> +from zExceptions import Unauthorized
>>  from ZODB.POSException import ConflictError
>>  import transaction
>>  import AccessControl.User
>> @@ -170,7 +171,7 @@
>>                  if t.lower() in ('unauthorized', 'redirect'):
>>                      raise
>>              else:
>> -                if t is SystemExit or t is Redirect:
>> +                if t is SystemExit or t is Redirect or t is Unauthorized:
>>                      raise
>>
>>                  if issubclass(t, ConflictError):
>
> What is the motivation here?  Zope2 applications have hooked
> Unauthorized exceptions *forever*:
>
>  - You can see them in the error_log (if you take them out of the ignore
>   list).
>
> This change (the fixed version) breaks unit tests which assert that the
> exception can be hooked:
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] SVN: Zope/branches/2.12/ Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.

2009-07-04 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hanno Schlichting wrote:
> Log message for revision 101181:
>   Correctly handle unauthorized exceptions in the ZPublisherExceptionHook.
> 
> Modified: Zope/branches/2.12/src/Zope2/App/startup.py
> ===
> --- Zope/branches/2.12/src/Zope2/App/startup.py   2009-06-20 19:53:08 UTC 
> (rev 101180)
> +++ Zope/branches/2.12/src/Zope2/App/startup.py   2009-06-21 00:00:53 UTC 
> (rev 101181)
> @@ -24,6 +24,7 @@
>  from time import asctime
>  from types import StringType, ListType
>  from zExceptions import Redirect
> +from zExceptions import Unauthorized
>  from ZODB.POSException import ConflictError
>  import transaction
>  import AccessControl.User
> @@ -170,7 +171,7 @@
>  if t.lower() in ('unauthorized', 'redirect'):
>  raise
>  else:
> -if t is SystemExit or t is Redirect:
> +if t is SystemExit or t is Redirect or t is Unauthorized:
>  raise
>  
>  if issubclass(t, ConflictError):

What is the motivation here?  Zope2 applications have hooked
Unauthorized exceptions *forever*:

 - You can see them in the error_log (if you take them out of the ignore
   list).

This change (the fixed version) breaks unit tests which assert that the
exception can be hooked:

- --
$ bin/test -s Zope2.App
Running zope.testing.testrunner.layer.UnitTests tests:
  Set up zope.testing.testrunner.layer.UnitTests in 0.000 seconds.

Error in test testRenderUnauthorizedBrokenClient
(Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest)
Traceback (most recent call last):
  File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line
279, in run
testMethod()
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 284, in testRenderUnauthorizedBrokenClient
self.assertRaises(AttributeError, self.call, client, request, f)
  File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line
336, in failUnlessRaises
callableObj(*args, **kwargs)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 74, in call
sys.exc_info()[2],
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 69, in call
f(*args, **kw)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 281, in f
raise Unauthorized, 1
Unauthorized: You are not allowed to access '1' in this context

Error in test testRenderUnauthorizedOldClient
(Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest)
Traceback (most recent call last):
  File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line
279, in run
testMethod()
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 251, in testRenderUnauthorizedOldClient
self.call(client, request, f)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 74, in call
sys.exc_info()[2],
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 69, in call
f(*args, **kw)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 248, in f
raise Unauthorized, 1
Unauthorized: You are not allowed to access '1' in this context

Error in test testRenderUnauthorizedStandardClient
(Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest)
Traceback (most recent call last):
  File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line
279, in run
testMethod()
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 262, in testRenderUnauthorizedStandardClient
self.call(client, request, f)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 74, in call
sys.exc_info()[2],
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 69, in call
f(*args, **kw)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 259, in f
raise Unauthorized, 1
Unauthorized: You are not allowed to access '1' in this context

Error in test testRenderUnauthorizedStandardClientMethod
(Zope2.App.tests.testExceptionHook.ExceptionMessageRenderTest)
Traceback (most recent call last):
  File "/home/tseaver/projects/Zope-CVS/lib/python2.6/unittest.py", line
279, in run
testMethod()
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHook.py",
line 273, in testRenderUnauthorizedStandardClientMethod
self.call(client.dummyMethod, request, f)
  File
"/home/tseaver/projects/Zope-CVS/Zope-trunk/src/Zope2/App/tests/testExceptionHoo