[Mpuls-commits] r2942 - in base/trunk: . mpulsweb/lib

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Jun 9 13:40:47 CEST 2010 

Author: bh
Date: 2010-06-09 13:40:46 +0200 (Wed, 09 Jun 2010)
New Revision: 2942

Modified:
   base/trunk/ChangeLog
   base/trunk/mpulsweb/lib/security.py
Log:
* mpulsweb/lib/security.py (checkRole.validate): Log the original
exception if an OperationalError is raised by the wrapped function
before raising the HTTPUnauthorized exception.  The original
exception may contain important information about the actual
database problem and discarding it would make debugging much
harder.


Modified: base/trunk/ChangeLog
===================================================================
--- base/trunk/ChangeLog	2010-06-09 11:32:03 UTC (rev 2941)
+++ base/trunk/ChangeLog	2010-06-09 11:40:46 UTC (rev 2942)
@@ -1,5 +1,14 @@
 2010-06-09  Bernhard Herzog  <bh at intevation.de>
 
+	* mpulsweb/lib/security.py (checkRole.validate): Log the original
+	exception if an OperationalError is raised by the wrapped function
+	before raising the HTTPUnauthorized exception.  The original
+	exception may contain important information about the actual
+	database problem and discarding it would make debugging much
+	harder.
+
+2010-06-09  Bernhard Herzog  <bh at intevation.de>
+
 	* mpulsweb/controllers/navigation.py, mpulsweb/lib/base.py,
 	mpulsweb/lib/dialogs.py, mpulsweb/lib/security.py: Import HTTP
 	Exceptions from webob.exc instead of paste.httpexceptions.  The

Modified: base/trunk/mpulsweb/lib/security.py
===================================================================
--- base/trunk/mpulsweb/lib/security.py	2010-06-09 11:32:03 UTC (rev 2941)
+++ base/trunk/mpulsweb/lib/security.py	2010-06-09 11:40:46 UTC (rev 2942)
@@ -362,6 +362,17 @@
         try:
             return func(self, *args, **kwargs)
         except dbapi.OperationalError, err:
+            # FIXME: An OperationalError at this point does not
+            # necessarily indicate a permission problem, so converting
+            # into it into a HTTPUnauthorized exception is not
+            # necessarily the right thing, even though a permission
+            # problem is a likely cause.  At the very least, log the
+            # original exception because it's also likely to indicate a
+            # problem with the database setup and discarding the
+            # information of the original exception would make debugging
+            # much harder.
+            log.exception("Converting DB-API OperationalError into"
+                          " an HTTP Unauthorized response")
             raise HTTPUnauthorized(detail=UNAUTHORIZED_DETAIL)
 
     return decorator(validate)

More information about the Mpuls-commits mailing list