kallithea Changeset - 1fc8d7e9f3ab

Changeset - 1fc8d7e9f3ab

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Søren Løvborg - 10 years ago 2015-09-07 15:07:35
sorenl@unity3d.com

cleanup: replace abort with WebOb exceptions

All abort does is to look up the matching WebOb exception and raising
that; so just raise it directly. WebOb exception names are also more
readable than HTTP error codes. (And finally, don't "return abort",
since abort never returns.)

3 files changed with 12 insertions and 13 deletions:

kallithea/controllers/admin/notifications.py

kallithea/controllers/admin/repo_groups.py

kallithea/lib/auth.py

0 comments (0 inline, 0 general)

kallithea/controllers/admin/notifications.py

➞

Show inline comments

@@ @@ -27,14 +27,13 @@ Original author and date, and relevant c @@
 import logging
 import traceback
 from pylons import request
 from pylons import tmpl_context as c
 from pylons.controllers.util import abort
 from webob.exc import HTTPBadRequest
 from webob.exc import HTTPBadRequest, HTTPForbidden
 from kallithea.model.db import Notification
 from kallithea.model.notification import NotificationModel
 from kallithea.model.meta import Session
 from kallithea.lib.auth import LoginRequired, NotAnonymous
 from kallithea.lib.base import BaseController, render
@@ @@ -165,11 +164,11 @@ class NotificationsController(BaseContro @@
                     unotification.mark_as_read()
                     Session().commit()
                 c.notification = no
                 return render('admin/notifications/show_notification.html')
-        return abort(403)
+        raise HTTPForbidden()
     def edit(self, notification_id, format='html'):
         """GET /_admin/notifications/id/edit: Form to edit an existing item"""
         # url('edit_notification', notification_id=ID)

kallithea/controllers/admin/repo_groups.py

➞

Show inline comments

@@ @@ -30,14 +30,15 @@ import traceback @@
 import formencode
 import itertools
 from formencode import htmlfill
 from pylons import request, tmpl_context as c, url
-from pylons.controllers.util import abort, redirect
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _, ungettext
 from webob.exc import HTTPForbidden, HTTPNotFound, HTTPInternalServerError
 import kallithea
 from kallithea.lib import helpers as h
 from kallithea.lib.compat import json
 from kallithea.lib.auth import LoginRequired, \
     HasRepoGroupPermissionAnyDecorator, HasRepoGroupPermissionAll, \
@@ @@ -46,13 +47,12 @@ from kallithea.lib.base import BaseContr @@
 from kallithea.model.db import RepoGroup, Repository
 from kallithea.model.scm import RepoGroupList, AvailableRepoGroupChoices
 from kallithea.model.repo_group import RepoGroupModel
 from kallithea.model.forms import RepoGroupForm, RepoGroupPermsForm
 from kallithea.model.meta import Session
 from kallithea.model.repo import RepoModel
 from webob.exc import HTTPInternalServerError, HTTPNotFound
 from kallithea.lib.utils2 import safe_int
 from sqlalchemy.sql.expression import func
 log = logging.getLogger(__name__)
@@ @@ -206,13 +206,13 @@ class RepoGroupsController(BaseControlle @@
             group_id = safe_int(request.GET.get('parent_group'))
             group = RepoGroup.get(group_id) if group_id else None
             group_name = group.group_name if group else None
             if HasRepoGroupPermissionAll('group.admin')(group_name, 'group create'):
                 pass
             else:
-                return abort(403)
+                raise HTTPForbidden()
         self.__load_defaults()
         return render('admin/repo_groups/repo_group_add.html')
     @HasRepoGroupPermissionAnyDecorator('group.admin')
     def update(self, group_name):

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -32,18 +32,19 @@ import hashlib @@
 import itertools
 import collections
 from decorator import decorator
 from pylons import url, request, session
-from pylons.controllers.util import abort, redirect
 from pylons.controllers.util import redirect
 from pylons.i18n.translation import _
 from webhelpers.pylonslib import secure_form
 from sqlalchemy import or_
 from sqlalchemy.orm.exc import ObjectDeletedError
 from sqlalchemy.orm import joinedload
 from webob.exc import HTTPBadRequest, HTTPForbidden, HTTPMethodNotAllowed
 from kallithea import __platform__, is_windows, is_unix
 from kallithea.lib.vcs.utils.lazy import LazyProperty
 from kallithea.model import meta
 from kallithea.model.meta import Session
 from kallithea.model.user import UserModel
@@ @@ -755,19 +756,19 @@ class LoginRequired(object): @@
                 else:
                     log.warning('API key ****%s is NOT valid', api_key[-4:])
                     return redirect_to_login(_('Invalid API key'))
             else:
                 # controller does not allow API access
                 log.warning('API access to %s is not allowed', loc)
-                return abort(403)
+                raise HTTPForbidden()
         # Only allow the following HTTP request methods. (We sometimes use POST
         # requests with a '_method' set to 'PUT' or 'DELETE'; but that is only
         # used for the route lookup, and does not affect request.method.)
         if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:
-            return abort(405)
+            raise HTTPMethodNotAllowed()
         # Make sure CSRF token never appears in the URL. If so, invalidate it.
         if secure_form.token_key in request.GET:
             log.error('CSRF key leak detected')
             session.pop(secure_form.token_key, None)
             session.save()
@@ @@ -782,20 +783,20 @@ class LoginRequired(object): @@
         # where we allow side effects without ambient authority is when the
         # authority comes from an API key; and that is handled above.
         if request.method not in ['GET', 'HEAD']:
             token = request.POST.get(secure_form.token_key)
             if not token or token != secure_form.authentication_token():
                 log.error('CSRF check failed')
-                return abort(403)
+                raise HTTPForbidden()
         # WebOb already ignores request payload parameters for anything other
         # than POST/PUT, but double-check since other Kallithea code relies on
         # this assumption.
         if request.method not in ['POST', 'PUT'] and request.POST:
             log.error('%r request with payload parameters; WebOb should have stopped this', request.method)
-            return abort(400)
+            raise HTTPBadRequest()
         # regular user authentication
         if user.is_authenticated:
             log.info('user %s authenticated with regular auth @ %s', user, loc)
             return func(*fargs, **fkwargs)
         else:
@@ @@ -850,14 +851,13 @@ class PermsDecorator(object): @@
             log.debug('Permission denied for %s %s', cls, self.user)
             anonymous = self.user.username == User.DEFAULT_USER
             if anonymous:
                 return redirect_to_login(_('You need to be signed in to view this page'))
             else:
                 # redirect with forbidden ret code
                 return abort(403)
                 raise HTTPForbidden()
     def check_permissions(self):
         """Dummy function for overriding"""
         raise Exception('You have to write this function in child class')

0 comments (0 inline, 0 general)