Mercurial > p > roundup > code
comparison roundup/rest.py @ 5691:dbf422a8cff7
Add error handling. @apiver was being processed as a search
field. Change code to ignore since I can't delete the key from
FieldStorage. Trap KeyError and report error to client if a filter
field name is invalid. Make error more descriptive in another place
where field is invalid.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 05 Apr 2019 19:35:32 -0400 |
| parents | 4aae822e2cb4 |
| children | fabb12ba9466 |
comparison
equal
deleted
inserted
replaced
| 5690:4aae822e2cb4 | 5691:dbf422a8cff7 |
|---|---|
| 599 try: | 599 try: |
| 600 display_props[i] = class_obj.properties[i] | 600 display_props[i] = class_obj.properties[i] |
| 601 except KeyError as err: | 601 except KeyError as err: |
| 602 raise UsageError("Failed to find property '%s' " | 602 raise UsageError("Failed to find property '%s' " |
| 603 "for class %s."%(i, class_name)) | 603 "for class %s."%(i, class_name)) |
| 604 | 604 elif key.startswith("@"): |
| 605 | 605 # ignore any unsupported/previously handled control key |
| 606 # like @apiver | |
| 607 pass | |
| 606 else: # serve the filter purpose | 608 else: # serve the filter purpose |
| 607 prop = class_obj.getprops()[key] | 609 try: |
| 610 prop = class_obj.getprops()[key] | |
| 611 except KeyError: | |
| 612 raise UsageError("Field %s is not valid for %s class."%( | |
| 613 key, class_name)) | |
| 608 # We drop properties without search permission silently | 614 # We drop properties without search permission silently |
| 609 # This reflects the current behavior of other roundup | 615 # This reflects the current behavior of other roundup |
| 610 # interfaces | 616 # interfaces |
| 611 if not self.db.security.hasSearchPermission( | 617 if not self.db.security.hasSearchPermission( |
| 612 uid, class_name, key | 618 uid, class_name, key |
| 718 else: | 724 else: |
| 719 keyprop = class_obj.getkey() | 725 keyprop = class_obj.getkey() |
| 720 try: | 726 try: |
| 721 k, v = item_id.split('=', 1) | 727 k, v = item_id.split('=', 1) |
| 722 if k != keyprop: | 728 if k != keyprop: |
| 723 raise UsageError ("Not key property") | 729 raise UsageError ("Field %s is not key property"%k) |
| 724 except ValueError: | 730 except ValueError: |
| 725 v = item_id | 731 v = item_id |
| 726 pass | 732 pass |
| 727 if not self.db.security.hasPermission( | 733 if not self.db.security.hasPermission( |
| 728 'View', uid, class_name, itemid=item_id, property=keyprop | 734 'View', uid, class_name, itemid=item_id, property=keyprop |
| 1544 msg=( "Unrecognized version: %s. " | 1550 msg=( "Unrecognized version: %s. " |
| 1545 "See /rest without specifying version " | 1551 "See /rest without specifying version " |
| 1546 "for supported versions."%( | 1552 "for supported versions."%( |
| 1547 input['@apiver'].value)) | 1553 input['@apiver'].value)) |
| 1548 output = self.error_obj(400, msg) | 1554 output = self.error_obj(400, msg) |
| 1555 # sadly del doesn't work on FieldStorage which can be the type of | |
| 1556 # input. So I have to ignore keys starting with @ at other | |
| 1557 # places in the code. | |
| 1558 # else: | |
| 1559 # del(input['@apiver']) | |
| 1549 | 1560 |
| 1550 # FIXME: do we need to raise an error if client did not specify | 1561 # FIXME: do we need to raise an error if client did not specify |
| 1551 # version? This may be a good thing to require. Note that: | 1562 # version? This may be a good thing to require. Note that: |
| 1552 # Accept: application/json; version=1 may not be legal but.... | 1563 # Accept: application/json; version=1 may not be legal but.... |
| 1553 | 1564 |