Albertas Agejevas wrote:

I discovered a problem with Zope 3 while developing ReSTive interfaces
for schoolbell, which utilize the HTTPPublication and the

When the user sends a request for a method that is not supported by
the object, the HTTP spec (RFC 2616) mandates response code 405,
Method Not Supported.  This response must include an 'Allow' header
listing all the methods allowed for this object.

Currently, in the generic case, Zope 3 raises a ComponentLookupError
in line 74, and a 500 response is served.

I can't find that particular line of code. Are you talking about HTTPPublication.callObject where it looks up the view (zapi.getMultiAdapter) which might result in a ComponentLookupError in case the adapter can't be looked up?

The obvious fix is to raise a special exception if a corresponding
view is not found, which would have a view to return a 405 response:

  class MethodNotAllowed(Exception):

      def __init__(self, object, request):
          self.allow = [name for name, adapter
                        in zapi.getAdapters((object, request), Interface)
                        if hasattr(adapter, name)]

      def __str__(self):
          return 'Allow: %s' % self.allow

class MethodNotAllowedView:

      def __init__(self, error, request):
          self.error = error
          self.request = request

      def __call__(self):
          self.request.response.setHeader('Allow', ', '.join(self.error.allow))
          return 'Method Not Allowed'

This looks good. I'm +1 on this.

The problem with this approach is that there are DELETE and PUT views
defined for "*", which try to adapt the container to IWriteDirectory,
IFileFactory, or adapt an existing object to IWriteFile.  So, such
error view would advertise that PUT and DELETE are available on all

If these methods are called on objects that do not have appropriate
adapters, a TypeError is raised, with the 500 response.

Well, maybe that should change then. These views could easily raise MethodNotAllowed, couldn't they? If they can't find the necessary adapters, the their functionality is obviously not available and they should raise an appropriate error.

I believe correct 405 handling is the business of the HTTP publication
machinery, the client apps should not worry about that.

Any ideas on how to proceed?

Your proposed solution sounds good to me.

Zope3-dev mailing list

Reply via email to