changeset 2667:ccb13ba1308e

Solved traceback as per #445 In get_content_diff() function in Moinmoin.util.notifications module the self.revs contained the revisions of the item being queried. The revisions were being provided by the function get_item_last_revisions() in the same module, but it returned and empty list in case the user did not have permissions to read the item, which in turn caused the error. Hence removed the error by adding a check for it and calling abort(403) in such situations.
author Ajitesh Gupta <ajgupta93@gmail.com>
date Sat, 19 Jul 2014 14:24:28 +0530
parents c04690fb2305
children f649d7a3b3cd
files MoinMoin/util/notifications.py
diffstat 1 files changed, 15 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/util/notifications.py	Mon Jul 07 19:33:52 2014 +0530
+++ b/MoinMoin/util/notifications.py	Sat Jul 19 14:24:28 2014 +0530
@@ -12,6 +12,7 @@
 from whoosh.query import Term, And
 
 from flask import url_for, g as flaskg
+from flask import abort
 
 from MoinMoin.constants.keys import (ACTION_COPY, ACTION_RENAME, ACTION_REVERT,
                                      ACTION_SAVE, ACTION_TRASH, ALL_REVS, CONTENTTYPE,
@@ -97,14 +98,19 @@
             contenttype = self.meta[CONTENTTYPE]
             oldfile, newfile = self.revs[0].data, BytesIO("")
         else:
-            newfile = self.revs[0].data
-            if len(self.revs) == 1:
-                contenttype = self.revs[0].meta[CONTENTTYPE]
-                oldfile = BytesIO("")
+            # if user does not have permission to read object,
+            # get_item_last_revisions() returns an empty list to self.revs
+            if len(self.revs) > 0:
+                newfile = self.revs[0].data
+                if len(self.revs) == 1:
+                    contenttype = self.revs[0].meta[CONTENTTYPE]
+                    oldfile = BytesIO("")
+                else:
+                    from MoinMoin.apps.frontend.views import _common_type
+                    contenttype = _common_type(self.revs[0].meta[CONTENTTYPE], self.revs[1].meta[CONTENTTYPE])
+                    oldfile = self.revs[1].data
             else:
-                from MoinMoin.apps.frontend.views import _common_type
-                contenttype = _common_type(self.revs[0].meta[CONTENTTYPE], self.revs[1].meta[CONTENTTYPE])
-                oldfile = self.revs[1].data
+                abort(403)
         content = Content.create(contenttype)
         return content._get_data_diff_text(oldfile, newfile)
 
@@ -185,6 +191,8 @@
     :param fqname: the fqname of the item
     :return: a list of revisions
     """
+    # TODO: Implement AccessDenied or similar error in case the user does not have access to item
+    # and to also to handle the case where the item has no revisions
     terms = [Term(WIKINAME, app.cfg.interwikiname), Term(fqname.field, fqname.value), ]
     query = And(terms)
     return list(