Mercurial > kallithea
changeset 5542:1fc8d7e9f3ab
cleanup: replace abort with WebOb exceptions
All abort does is to look up the matching WebOb exception and raising
that; so just raise it directly. WebOb exception names are also more
readable than HTTP error codes. (And finally, don't "return abort",
since abort never returns.)
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Mon, 07 Sep 2015 15:07:35 +0200 |
parents | e553602fd5be |
children | d9b78d8f1db3 |
files | kallithea/controllers/admin/notifications.py kallithea/controllers/admin/repo_groups.py kallithea/lib/auth.py |
diffstat | 3 files changed, 12 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/notifications.py Mon Aug 31 17:42:55 2015 +0200 +++ b/kallithea/controllers/admin/notifications.py Mon Sep 07 15:07:35 2015 +0200 @@ -30,8 +30,7 @@ from pylons import request from pylons import tmpl_context as c -from pylons.controllers.util import abort -from webob.exc import HTTPBadRequest +from webob.exc import HTTPBadRequest, HTTPForbidden from kallithea.model.db import Notification from kallithea.model.notification import NotificationModel @@ -168,7 +167,7 @@ return render('admin/notifications/show_notification.html') - return abort(403) + raise HTTPForbidden() def edit(self, notification_id, format='html'): """GET /_admin/notifications/id/edit: Form to edit an existing item"""
--- a/kallithea/controllers/admin/repo_groups.py Mon Aug 31 17:42:55 2015 +0200 +++ b/kallithea/controllers/admin/repo_groups.py Mon Sep 07 15:07:35 2015 +0200 @@ -33,8 +33,9 @@ from formencode import htmlfill from pylons import request, tmpl_context as c, url -from pylons.controllers.util import abort, redirect +from pylons.controllers.util import redirect from pylons.i18n.translation import _, ungettext +from webob.exc import HTTPForbidden, HTTPNotFound, HTTPInternalServerError import kallithea from kallithea.lib import helpers as h @@ -49,7 +50,6 @@ from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm from kallithea.model.meta import Session from kallithea.model.repo import RepoModel -from webob.exc import HTTPInternalServerError, HTTPNotFound from kallithea.lib.utils2 import safe_int from sqlalchemy.sql.expression import func @@ -209,7 +209,7 @@ if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'): pass else: - return abort(403) + raise HTTPForbidden() self.__load_defaults() return render('admin/repo_groups/repo_group_add.html')
--- a/kallithea/lib/auth.py Mon Aug 31 17:42:55 2015 +0200 +++ b/kallithea/lib/auth.py Mon Sep 07 15:07:35 2015 +0200 @@ -35,12 +35,13 @@ from decorator import decorator from pylons import url, request, session -from pylons.controllers.util import abort, redirect +from pylons.controllers.util import redirect from pylons.i18n.translation import _ from webhelpers.pylonslib import secure_form from sqlalchemy import or_ from sqlalchemy.orm.exc import ObjectDeletedError from sqlalchemy.orm import joinedload +from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed from kallithea import __platform__, is_windows, is_unix from kallithea.lib.vcs.utils.lazy import LazyProperty @@ -758,13 +759,13 @@ else: # controller does not allow API access log.warning('API access to %s is not allowed', loc) - return abort(403) + raise HTTPForbidden() # Only allow the following HTTP request methods. (We sometimes use POST # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only # used for the route lookup, and does not affect request.method.) if request.method not in ['GET', 'HEAD', 'POST', 'PUT']: - return abort(405) + raise HTTPMethodNotAllowed() # Make sure CSRF token never appears in the URL. If so, invalidate it. if secure_form.token_key in request.GET: @@ -785,14 +786,14 @@ token = request.POST.get(secure_form.token_key) if not token or token != secure_form.authentication_token(): log.error('CSRF check failed') - return abort(403) + raise HTTPForbidden() # WebOb already ignores request payload parameters for anything other # than POST/PUT, but double-check since other Kallithea code relies on # this assumption. if request.method not in ['POST', 'PUT'] and request.POST: log.error('%r request with payload parameters; WebOb should have stopped this', request.method) - return abort(400) + raise HTTPBadRequest() # regular user authentication if user.is_authenticated: @@ -853,8 +854,7 @@ if anonymous: return redirect_to_login(_('You need to be signed in to view this page')) else: - # redirect with forbidden ret code - return abort(403) + raise HTTPForbidden() def check_permissions(self): """Dummy function for overriding"""