#3836 ticket API raises 500 instead of 404 (NoneType' object has no attribute 'acl')

v1.0.0
closed
Jenny Steele
sf-2 (994)
General
Cory Johns
2015-08-20
2012-03-02
Dave Brondsema
No

URL: /rest/p/allura/tickets/3881/?oauth_body_hash......

This ticket doesn't exist, but raises a 500 instead of 404

Module allura.lib.security:307 in require_access
<<  def require_access(obj, permission, **kwargs):
           predicate = has_access(obj, permission, **kwargs)
           return require(predicate, message='%s access required' % permission.capitalize())

       def require_authenticated():
>>  return require(predicate, message='%s access required' % permission.capitalize())
Module allura.lib.security:294 in require
<<      from allura import model as M
           if predicate(): return
           if not message:
               message = """You don't have permission to do that.
>>  if predicate(): return
Module allura.lib.utils:338 in __call__
<<          self.callable = callable
           def __call__(self, *args, **kw):
               return self.callable(*args, **kw)
           def __nonzero__(self):
               return self.callable()
>>  return self.callable(*args, **kw)
Module allura.lib.security:258 in predicate
<<          chainable_roles = []
               for rid in roles:
                   for ace in obj.acl:
                       if M.ACE.match(ace, rid, permission):
                           if ace.access == M.ACE.ALLOW:
>>  for ace in obj.acl:
AttributeError: 'NoneType' object has no attribute 'acl'

Another url with (what Dave says) is a related error: https://sourceforge.net/u/rick446/profile/

Discussion

  • Dave Brondsema

    Dave Brondsema - 2012-03-02
    • summary: ticket API broken (NoneType' object has no attribute 'acl') --> ticket API raises 500 instead of 404 (NoneType' object has no attribute 'acl')
    • Description has changed:

    Diff:

    --- old 
+++ new 
@@ -1,5 +1,7 @@
 URL: /rest/p/allura/tickets/3881/?oauth_body_hash......

+This ticket doesn't exist, but raises a 500 instead of 404
+
 ~~~~
 Module allura.lib.security:307 in require_access
 <<  def require_access(obj, permission, **kwargs):
     

  • Rick Copeland - 2012-03-05
    • Description has changed:

    Diff:

    --- old 
+++ new 
@@ -32,3 +32,5 @@
 >>  for ace in obj.acl:
 AttributeError: 'NoneType' object has no attribute 'acl'
 ~~~~
+
+Another url with (what Dave says) is a related error: https://sourceforge.net/u/rick446/profile/
     

  • Jenny Steele - 2012-03-05
    • status: open --> in-progress
    • assigned_to: Jenny Steele
     

  • Jenny Steele - 2012-03-06
    • status: in-progress --> code-review
    • qa: Cory Johns
    • size: --> 2
     

  • Jenny Steele - 2012-03-06

    On allura js/3836. To test, go to a url like /rest/p/test/tickets/3000 and make sure you get a 404. 3000 should be an invalid ticket number in a valid ticket tool.

     

  • Cory Johns - 2012-03-07
    • status: code-review --> closed
     

  • Cory Johns - 2012-03-07

    Merged to dev.

     

Log in to post a comment.