I sent massimo the source as requested. note that my code does not display your source code in the ticket when running on GAE, and perhaps when running elsewhere, and except when the problem is in my view it's good enough for me.
thanks, cfh On Jan 21, 3:47 pm, Jeff Bauer <[email protected]> wrote: > Thanks, howesc. I think having a mechanism similar to this > and supported by Massimo would not be too much of a security > risk, assuming it's not turned on by default. There's a > big difference between allowing a user to view your source > code and granting full admin access. > > I've added a new issue to google code and linked it > to this thread. > > http://code.google.com/p/web2py/issues/detail?id=69 > > Jeff Bauer > Rubicon, Inc. > > On 01/21/2010 04:07 PM, howesc wrote: > > > I'm using web2py on GAE, and wanted to be able to click on a link and > > view tickets in that world, so i basically did a copy of the code from > > the admin interface into my default.py so that my app can display the > > tickets. I'll paste it in here, hope it copies fine in email (i don't > > think i can add an attachment to the group) > > > note that because this is a copy of code from the admin interface it's > > not best practice, but i was in a hurry. Also keep in mind that this > > breaks the security of the ticket system, which is why it is set up > > the way it is in the first place, so use with care. > > > in default.py in my application i added: > > > from applications.rockriver.modules.parse_xml import * > > from gluon.restricted import RestrictedError > > import os > > > #################### > > # ticket stuff > > #################### > > def make_link(path): > > """ Create a link from a path """ > > tryFile = path.replace('\\', '/') > > > if os.path.isabs(tryFile) and os.path.isfile(tryFile): > > (folder, filename) = os.path.split(tryFile) > > (base, ext) = os.path.splitext(filename) > > app = request.args[0] > > > editable = {'controllers': '.py', 'models': '.py', 'views': > > '.html'} > > for key in editable.keys(): > > check_extension = folder.endswith("%s/%s" % (app,key)) > > if ext.lower() == editable[key] and check_extension: > > return A('"' + tryFile + '"', > > _href=URL(r=request, > > f='edit/%s/%s/%s' % (app, key, filename))).xml > > () > > return '' > > > def make_links(traceback): > > """ Make links using the given traceback """ > > > lwords = traceback.split('"') > > > # Making the short circuit compatible with<= python2.4 > > result = (len(lwords) != 0) and lwords[0] or '' > > > i = 1 > > > while i< len(lwords): > > link = make_link(lwords[i]) > > > if link == '': > > result += '"' + lwords[i] > > else: > > result += link > > > if i + 1< len(lwords): > > result += lwords[i + 1] > > i = i + 1 > > > i = i + 1 > > > return result > > > class TRACEBACK(object): > > """ Generate the traceback """ > > > def __init__(self, text): > > """ TRACEBACK constructor """ > > > self.s = make_links(CODE(text).xml()) > > > def xml(self): > > """ Returns the xml """ > > > return self.s > > > @auth.requires_login() > > def ticket(): > > """ Ticket handler """ > > > if len(request.args) != 2: > > session.flash = T('invalid ticket') > > redirect(URL(r=request, f='site')) > > > app = request.args[0] > > ticket = request.args[1] > > e = RestrictedError() > > e.load(request, app, ticket) > > > return dict(app=app, > > ticket=ticket, > > traceback=TRACEBACK(e.traceback), > > code=e.code, > > layer=e.layer) > > > ############# > > in routes.py i added an error message to make the link point back to > > my app (note that i already have a route that removes the app name > > from the URL): > > > error_message = '<html><body><h1>Invalid request</h1></body></html>' > > error_message_ticket = '<html><body><h1>Internal error</h1>Ticket > > issued:<a href="/default/ticket/%(ticket)s" target="_blank">%(ticket) > > s</a></body></html>' > > > On Jan 21, 9:41 am, mdipierro<[email protected]> wrote: > >> also look into scripts/tickets2db.py > > >> On Jan 21, 10:34 am, Jeff Bauer<[email protected]> wrote: > > >>> That shouldn't be too hard to do. In the meantime, I > >>> realized that I could just grab the tickets from: > > >>> web2py/applications/myapp/errors > > >>> Jeff Bauer > >>> Rubicon, Inc. > > >>> On 01/21/2010 08:12 AM, mdipierro wrote: > > >>>> It should be trivial to make a view_tickets app by taking the > >>>> appropriate action from admin and add auth. > > >>>> I encourage people to build one and I will be happy to post it. > > >>>> Massimo > > >>>> On Jan 21, 7:51 am, Jeff Bauer<[email protected]> wrote: > >>>>> I'm using web2app for a small one-off application in a > >>>>> corporate setting, quickly making changes to code to > >>>>> get a project done. Two users behind a corporate > >>>>> firewall. It's become a real hassle when application > >>>>> errors occur because the tickets aren't visible. > > >>>>> I can understand not making the admin interface > >>>>> accessible over an insecure connection, but because > >>>>> the ticket notification is tied to the admin system, > >>>>> here's what I have to do: > > >>>>> - user reports an error, sends me the ticket > >>>>> - I fire up another copy of web2py on a different port > >>>>> - run a proxy: ssh -L 8001:127.0.0.1:8001 [email protected] > >>>>> - get the ticket info > >>>>> - shut everything down > > >>>>> That's a lot of work just to get a traceback when attempting > >>>>> rapid development. There are settings where read-only access > >>>>> to the ticket info is justified, even if you don't want to > >>>>> grant users full admin access. > > >>>>> -- > >>>>> Jeff Bauer > >>>>> Rubicon, Inc. > > -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
