altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

fix: 404 instead of 300 for ambiguous email_or_person (#8004)

Browse source 
* fix: 404 on CommunityList name collision

* fix: 404 on ambiuous person for photo() view

* test: update tests

---------

Co-authored-by: Robert Sparks <rjsparks@nostrum.com>
This commit is contained in:
Jennifer Richards 2024-10-16 13:36:54 -03:00 committed by GitHub
parent db4ff66fbd
commit a338df16f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 19 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ietf/community/tests.py
View file

@ -95,9 +95,7 @@ class CommunityListTests(TestCase):
url = urlreverse(ietf.community.views.view_list, kwargs={ "email_or_name": person.plain_name()}) url = urlreverse(ietf.community.views.view_list, kwargs={ "email_or_name": person.plain_name()})
r = self.client.get(url) r = self.client.get(url)
self.assertEqual(r.status_code, 300) self.assertEqual(r.status_code, 404)
self.assertIn("bazquux@example.com", r.content.decode())
self.assertIn("foobar@example.com", r.content.decode())
def complex_person(self, *args, **kwargs): def complex_person(self, *args, **kwargs):
person = PersonFactory(*args, **kwargs) person = PersonFactory(*args, **kwargs)

50
ietf/community/views.py
View file

@ -28,11 +28,14 @@ from ietf.utils.decorators import ignore_view_kwargs
from ietf.utils.http import is_ajax from ietf.utils.http import is_ajax
from ietf.utils.response import permission_denied from ietf.utils.response import permission_denied
class MultiplePersonError(Exception):
"""More than one Person record matches the given email or name"""
pass
def lookup_community_list(request, email_or_name=None, acronym=None): def lookup_community_list(request, email_or_name=None, acronym=None):
"""Finds a CommunityList for a person or group
Instantiates an unsaved CommunityList if one is not found.
If the person or group cannot be found and uniquely identified, raises an Http404 exception
"""
assert email_or_name or acronym assert email_or_name or acronym
if acronym: if acronym:
@ -44,19 +47,14 @@ def lookup_community_list(request, email_or_name=None, acronym=None):
if hasattr(request.user, 'person') and request.user.person in persons: if hasattr(request.user, 'person') and request.user.person in persons:
person = request.user.person person = request.user.person
else: else:
raise MultiplePersonError("\r\n".join([p.user.username for p in persons])) raise Http404(f"Unable to identify the CommunityList for {email_or_name}")
else: else:
person = persons[0] person = persons[0]
clist = CommunityList.objects.filter(person=person).first() or CommunityList(person=person) clist = CommunityList.objects.filter(person=person).first() or CommunityList(person=person)
return clist return clist
def view_list(request, email_or_name=None): def view_list(request, email_or_name=None):
try: clist = lookup_community_list(request, email_or_name) # may raise Http404
clist = lookup_community_list(request, email_or_name)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
docs = docs_tracked_by_community_list(clist) docs = docs_tracked_by_community_list(clist)
docs, meta = prepare_document_table(request, docs, request.GET) docs, meta = prepare_document_table(request, docs, request.GET)
@ -76,10 +74,7 @@ def view_list(request, email_or_name=None):
def manage_list(request, email_or_name=None, acronym=None): def manage_list(request, email_or_name=None, acronym=None):
# we need to be a bit careful because clist may not exist in the # we need to be a bit careful because clist may not exist in the
# database so we can't call related stuff on it yet # database so we can't call related stuff on it yet
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
if not can_manage_community_list(request.user, clist): if not can_manage_community_list(request.user, clist):
permission_denied(request, "You do not have permission to access this view") permission_denied(request, "You do not have permission to access this view")
@ -166,10 +161,7 @@ def track_document(request, name, email_or_name=None, acronym=None):
doc = get_object_or_404(Document, name=name) doc = get_object_or_404(Document, name=name)
if request.method == "POST": if request.method == "POST":
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
if not can_manage_community_list(request.user, clist): if not can_manage_community_list(request.user, clist):
permission_denied(request, "You do not have permission to access this view") permission_denied(request, "You do not have permission to access this view")
@ -191,10 +183,7 @@ def track_document(request, name, email_or_name=None, acronym=None):
@login_required @login_required
def untrack_document(request, name, email_or_name=None, acronym=None): def untrack_document(request, name, email_or_name=None, acronym=None):
doc = get_object_or_404(Document, name=name) doc = get_object_or_404(Document, name=name)
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
if not can_manage_community_list(request.user, clist): if not can_manage_community_list(request.user, clist):
permission_denied(request, "You do not have permission to access this view") permission_denied(request, "You do not have permission to access this view")
@ -214,11 +203,7 @@ def untrack_document(request, name, email_or_name=None, acronym=None):
@ignore_view_kwargs("group_type") @ignore_view_kwargs("group_type")
def export_to_csv(request, email_or_name=None, acronym=None): def export_to_csv(request, email_or_name=None, acronym=None):
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
response = HttpResponse(content_type='text/csv') response = HttpResponse(content_type='text/csv')
if clist.group: if clist.group:
@ -259,11 +244,7 @@ def export_to_csv(request, email_or_name=None, acronym=None):
@ignore_view_kwargs("group_type") @ignore_view_kwargs("group_type")
def feed(request, email_or_name=None, acronym=None): def feed(request, email_or_name=None, acronym=None):
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
significant = request.GET.get('significant', '') == '1' significant = request.GET.get('significant', '') == '1'
documents = docs_tracked_by_community_list(clist).values_list('pk', flat=True) documents = docs_tracked_by_community_list(clist).values_list('pk', flat=True)
@ -299,12 +280,9 @@ def feed(request, email_or_name=None, acronym=None):
@login_required @login_required
@ignore_view_kwargs("group_type") @ignore_view_kwargs("group_type")
def subscription(request, email_or_name=None, acronym=None): def subscription(request, email_or_name=None, acronym=None):
try: clist = lookup_community_list(request, email_or_name, acronym) # may raise Http404
clist = lookup_community_list(request, email_or_name, acronym)
if clist.pk is None: if clist.pk is None:
raise Http404 raise Http404
except MultiplePersonError as err:
return HttpResponse(str(err), status=300)
person = request.user.person person = request.user.person

4
ietf/person/tests.py
View file

@ -173,9 +173,7 @@ class PersonTests(TestCase):
url = urlreverse("ietf.person.views.photo", kwargs={ "email_or_name": person.plain_name()}) url = urlreverse("ietf.person.views.photo", kwargs={ "email_or_name": person.plain_name()})
r = self.client.get(url) r = self.client.get(url)
self.assertEqual(r.status_code, 300) self.assertEqual(r.status_code, 404)
self.assertIn("bazquux@example.com", r.content.decode())
self.assertIn("foobar@example.com", r.content.decode())
def test_name_methods(self): def test_name_methods(self):
person = PersonFactory(name="Dr. Jens F. Möller", ) person = PersonFactory(name="Dr. Jens F. Möller", )

2
ietf/person/views.py
View file

@ -76,7 +76,7 @@ def profile(request, email_or_name):
def photo(request, email_or_name): def photo(request, email_or_name):
persons = lookup_persons(email_or_name) persons = lookup_persons(email_or_name)
if len(persons) > 1: if len(persons) > 1:
return HttpResponse(r"\r\n".join([p.user.username for p in persons]), status=300) raise Http404("No photo found")
person = persons[0] person = persons[0]
if not person.photo: if not person.photo:
raise Http404("No photo found") raise Http404("No photo found")