Mercurial > kallithea

changeset 5542:1fc8d7e9f3ab

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cleanup: replace abort with WebOb exceptions All abort does is to look up the matching WebOb exception and raising that; so just raise it directly. WebOb exception names are also more readable than HTTP error codes. (And finally, don't "return abort", since abort never returns.)
author Søren Løvborg <sorenl@unity3d.com>
date Mon, 07 Sep 2015 15:07:35 +0200
parents e553602fd5be
children d9b78d8f1db3
files kallithea/controllers/admin/notifications.py kallithea/controllers/admin/repo_groups.py kallithea/lib/auth.py
diffstat 3 files changed, 12 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/controllers/admin/notifications.py	Mon Aug 31 17:42:55 2015 +0200
+++ b/kallithea/controllers/admin/notifications.py	Mon Sep 07 15:07:35 2015 +0200
@@ -30,8 +30,7 @@
 
 from pylons import request
 from pylons import tmpl_context as c
-from pylons.controllers.util import abort
-from webob.exc import HTTPBadRequest
+from webob.exc import HTTPBadRequest, HTTPForbidden
 
 from kallithea.model.db import Notification
 from kallithea.model.notification import NotificationModel
@@ -168,7 +167,7 @@
 
                 return render('admin/notifications/show_notification.html')
 
-        return abort(403)
+        raise HTTPForbidden()
 
     def edit(self, notification_id, format='html'):
         """GET /_admin/notifications/id/edit: Form to edit an existing item"""
--- a/kallithea/controllers/admin/repo_groups.py	Mon Aug 31 17:42:55 2015 +0200
+++ b/kallithea/controllers/admin/repo_groups.py	Mon Sep 07 15:07:35 2015 +0200
@@ -33,8 +33,9 @@
 from formencode import htmlfill
 
 from pylons import request, tmpl_context as c, url
-from pylons.controllers.util import abort, redirect
+from pylons.controllers.util import redirect
 from pylons.i18n.translation import _, ungettext
+from webob.exc import HTTPForbidden, HTTPNotFound, HTTPInternalServerError
 
 import kallithea
 from kallithea.lib import helpers as h
@@ -49,7 +50,6 @@
 from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm
 from kallithea.model.meta import Session
 from kallithea.model.repo import RepoModel
-from webob.exc import HTTPInternalServerError, HTTPNotFound
 from kallithea.lib.utils2 import safe_int
 from sqlalchemy.sql.expression import func
 
@@ -209,7 +209,7 @@
             if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
                 pass
             else:
-                return abort(403)
+                raise HTTPForbidden()
 
         self.__load_defaults()
         return render('admin/repo_groups/repo_group_add.html')
--- a/kallithea/lib/auth.py	Mon Aug 31 17:42:55 2015 +0200
+++ b/kallithea/lib/auth.py	Mon Sep 07 15:07:35 2015 +0200
@@ -35,12 +35,13 @@
 from decorator import decorator
 
 from pylons import url, request, session
-from pylons.controllers.util import abort, redirect
+from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from webhelpers.pylonslib import secure_form
 from sqlalchemy import or_
 from sqlalchemy.orm.exc import ObjectDeletedError
 from sqlalchemy.orm import joinedload
+from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed
 
 from kallithea import __platform__, is_windows, is_unix
 from kallithea.lib.vcs.utils.lazy import LazyProperty
@@ -758,13 +759,13 @@
             else:
                 # controller does not allow API access
                 log.warning('API access to %s is not allowed', loc)
-                return abort(403)
+                raise HTTPForbidden()
 
         # Only allow the following HTTP request methods. (We sometimes use POST
         # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only
         # used for the route lookup, and does not affect request.method.)
         if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:
-            return abort(405)
+            raise HTTPMethodNotAllowed()
 
         # Make sure CSRF token never appears in the URL. If so, invalidate it.
         if secure_form.token_key in request.GET:
@@ -785,14 +786,14 @@
             token = request.POST.get(secure_form.token_key)
             if not token or token != secure_form.authentication_token():
                 log.error('CSRF check failed')
-                return abort(403)
+                raise HTTPForbidden()
 
         # WebOb already ignores request payload parameters for anything other
         # than POST/PUT, but double-check since other Kallithea code relies on
         # this assumption.
         if request.method not in ['POST', 'PUT'] and request.POST:
             log.error('%r request with payload parameters; WebOb should have stopped this', request.method)
-            return abort(400)
+            raise HTTPBadRequest()
 
         # regular user authentication
         if user.is_authenticated:
@@ -853,8 +854,7 @@
             if anonymous:
                 return redirect_to_login(_('You need to be signed in to view this page'))
             else:
-                # redirect with forbidden ret code
-                return abort(403)
+                raise HTTPForbidden()
 
     def check_permissions(self):
         """Dummy function for overriding"""