[IMP] ir_http: don't handle exception in dev mode but use the werkzeug debugger excep...

[odoo/odoo.git] / openerp / addons / base / ir / ir_http.py

diff --git a/openerp/addons/base/ir/ir_http.py b/openerp/addons/base/ir/ir_http.py
index 62ecd60..c70be2c 100644 (file)
--- a/openerp/addons/base/ir/ir_http.py
+++ b/openerp/addons/base/ir/ir_http.py
@@ -7,8 +7,12 @@ import sys
 
 import werkzeug.exceptions
 import werkzeug.routing
+import werkzeug.urls
+import werkzeug.utils
 
 import openerp
+import openerp.exceptions
+import openerp.models
 from openerp import http
 from openerp.http import request
 from openerp.osv import osv, orm
@@ -71,22 +75,35 @@ class ir_http(osv.AbstractModel):
             request.uid = request.session.uid
 
     def _authenticate(self, auth_method='user'):
-        if request.session.uid:
-            try:
-                request.session.check_security()
-                # what if error in security.check()
-                #   -> res_users.check()
-                #   -> res_users.check_credentials()
-            except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
-                # All other exceptions mean undetermined status (e.g. connection pool full),
-                # let them bubble up
-                request.session.logout()
-        getattr(self, "_auth_method_%s" % auth_method)()
+        try:
+            if request.session.uid:
+                try:
+                    request.session.check_security()
+                    # what if error in security.check()
+                    #   -> res_users.check()
+                    #   -> res_users.check_credentials()
+                except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+                    # All other exceptions mean undetermined status (e.g. connection pool full),
+                    # let them bubble up
+                    request.session.logout(keep_db=True)
+            getattr(self, "_auth_method_%s" % auth_method)()
+        except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+            raise
+        except Exception:
+            _logger.exception("Exception during request Authentication.")
+            raise openerp.exceptions.AccessDenied()
         return auth_method
 
     def _handle_exception(self, exception):
-        # If handle exception return something different than None, it will be used as a response
-        raise
+        # If handle_exception returns something different than None, it will be used as a response
+
+        # Don't handle exception but use werkeug debugger if server in --dev mode
+        if openerp.tools.config['dev_mode']:
+            raise
+        try:
+            return request._handle_exception(exception)
+        except openerp.exceptions.AccessDenied:
+            return werkzeug.exceptions.Forbidden()
 
     def _dispatch(self):
         # locate the controller method
@@ -99,17 +116,13 @@ class ir_http(osv.AbstractModel):
         # check authentication level
         try:
             auth_method = self._authenticate(func.routing["auth"])
-        except Exception:
-            # force a Forbidden exception with the original traceback
-            return self._handle_exception(
-                convert_exception_to(
-                    werkzeug.exceptions.Forbidden))
+        except Exception as e:
+            return self._handle_exception(e)
 
         processing = self._postprocess_args(arguments, rule)
         if processing:
             return processing
 
-
         # set and execute handler
         try:
             request.set_handler(func, arguments, auth_method)
@@ -123,12 +136,12 @@ class ir_http(osv.AbstractModel):
 
     def _postprocess_args(self, arguments, rule):
         """ post process arg to set uid on browse records """
-        for arg in arguments.itervalues():
+        for name, arg in arguments.items():
             if isinstance(arg, orm.browse_record) and arg._uid is UID_PLACEHOLDER:
-                arg._uid = request.uid
+                arguments[name] = arg.sudo(request.uid)
                 try:
-                    arg[arg._rec_name]
-                except KeyError:
+                    arg.exists()
+                except openerp.models.MissingError:
                     return self._handle_exception(werkzeug.exceptions.NotFound())
 
     def routing_map(self):