projects / odoo / odoo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[IMP] ir_http: don't handle exception in dev mode but use the werkzeug debugger excep...
[odoo/odoo.git] / openerp / addons / base / ir / ir_http.py
diff --git a/openerp/addons/base/ir/ir_http.py b/openerp/addons/base/ir/ir_http.py
index 9fd485d..c70be2c 100644 (file)
--- a/openerp/addons/base/ir/ir_http.py
+++ b/openerp/addons/base/ir/ir_http.py
@@ -2,33 +2,36 @@
 # ir_http modular http routing
 #----------------------------------------------------------
 import logging
+import re
+import sys
 
 import werkzeug.exceptions
 import werkzeug.routing
+import werkzeug.urls
+import werkzeug.utils
 
 import openerp
+import openerp.exceptions
+import openerp.models
 from openerp import http
 from openerp.http import request
-from openerp.osv import osv
+from openerp.osv import osv, orm
 
 _logger = logging.getLogger(__name__)
 
-class RequestUID(object):
-    pass
+UID_PLACEHOLDER = object()
 
 class ModelConverter(werkzeug.routing.BaseConverter):
 
     def __init__(self, url_map, model=False):
         super(ModelConverter, self).__init__(url_map)
         self.model = model
-        # TODO add support for slug in the form [A-Za-z0-9-] bla-bla-89 -> id 89
         self.regex = '([0-9]+)'
 
     def to_python(self, value):
-        # TODO:
-        # - raise routing.ValidationError() if no browse record can be createdm
-        # - support slug 
-        return request.registry[self.model].browse(request.cr, RequestUID(), int(value), context=request.context)
+        m = re.match(self.regex, value)
+        return request.registry[self.model].browse(
+            request.cr, UID_PLACEHOLDER, int(m.group(1)), context=request.context)
 
     def to_url(self, value):
         return value.id
@@ -42,99 +45,142 @@ class ModelsConverter(werkzeug.routing.BaseConverter):
         self.regex = '([0-9,]+)'
 
     def to_python(self, value):
-        # TODO:
-        # - raise routing.ValidationError() if no browse record can be createdm
-        # - support slug
-        return request.registry[self.model].browse(request.cr, RequestUID(), [int(i) for i in value.split(',')], context=request.context)
+        return request.registry[self.model].browse(request.cr, UID_PLACEHOLDER, [int(i) for i in value.split(',')], context=request.context)
 
     def to_url(self, value):
-        return ",".join([i.id for i in value])
+        return ",".join(i.id for i in value)
 
 class ir_http(osv.AbstractModel):
     _name = 'ir.http'
-    
     _description = "HTTP routing"
 
-    def _find_handler(self):
-        # TODO move to __init__(self, registry, cr)
-        if not hasattr(self, 'routing_map'):
-            _logger.info("Generating routing map")
-            cr = request.cr
-            m = request.registry.get('ir.module.module')
-            ids = m.search(cr, openerp.SUPERUSER_ID, [('state', '=', 'installed'), ('name', '!=', 'web')])
-            installed = set(x['name'] for x in m.read(cr, 1, ids, ['name']))
-            mods = ['', "web"] + sorted(installed)
-            self.routing_map = http.routing_map(mods, False, converters={'model': ModelConverter, 'models': ModelsConverter})
-
-        # fallback to non-db handlers
-        path = request.httprequest.path
-        urls = self.routing_map.bind_to_environ(request.httprequest.environ)
+    def _get_converters(self):
+        return {'model': ModelConverter, 'models': ModelsConverter}
 
-        return urls.match(path)
+    def _find_handler(self, return_rule=False):
+        return self.routing_map().bind_to_environ(request.httprequest.environ).match(return_rule=return_rule)
 
     def _auth_method_user(self):
         request.uid = request.session.uid
         if not request.uid:
-            raise SessionExpiredException("Session expired")
-
-    def _auth_method_admin(self):
-        if not request.db:
-            raise SessionExpiredException("No valid database for request %s" % request.httprequest)
-        request.uid = openerp.SUPERUSER_ID
+            raise http.SessionExpiredException("Session expired")
 
     def _auth_method_none(self):
-        request.disable_db = True
         request.uid = None
 
-    def _authenticate(self, func, arguments):
-        auth_method = getattr(func, "auth", "user")
-        if request.session.uid:
-            try:
-                request.session.check_security()
-            except SessionExpiredException, e:
-                request.session.logout()
-                raise SessionExpiredException("Session expired for request %s" % request.httprequest)
-        getattr(self, "_auth_method_%s" % auth_method)()
-        return auth_method
+    def _auth_method_public(self):
+        if not request.session.uid:
+            dummy, request.uid = self.pool['ir.model.data'].get_object_reference(request.cr, openerp.SUPERUSER_ID, 'base', 'public_user')
+        else:
+            request.uid = request.session.uid
 
-    def _handle_404(self, exception):
-        raise exception
+    def _authenticate(self, auth_method='user'):
+        try:
+            if request.session.uid:
+                try:
+                    request.session.check_security()
+                    # what if error in security.check()
+                    #   -> res_users.check()
+                    #   -> res_users.check_credentials()
+                except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+                    # All other exceptions mean undetermined status (e.g. connection pool full),
+                    # let them bubble up
+                    request.session.logout(keep_db=True)
+            getattr(self, "_auth_method_%s" % auth_method)()
+        except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
+            raise
+        except Exception:
+            _logger.exception("Exception during request Authentication.")
+            raise openerp.exceptions.AccessDenied()
+        return auth_method
 
-    def _handle_403(self, exception):
-        raise exception
+    def _handle_exception(self, exception):
+        # If handle_exception returns something different than None, it will be used as a response
 
-    def _handle_500(self, exception):
-        raise exception
+        # Don't handle exception but use werkeug debugger if server in --dev mode
+        if openerp.tools.config['dev_mode']:
+            raise
+        try:
+            return request._handle_exception(exception)
+        except openerp.exceptions.AccessDenied:
+            return werkzeug.exceptions.Forbidden()
 
     def _dispatch(self):
         # locate the controller method
         try:
-            func, arguments = self._find_handler()
+            rule, arguments = self._find_handler(return_rule=True)
+            func = rule.endpoint
         except werkzeug.exceptions.NotFound, e:
-            return self._handle_404(e)
+            return self._handle_exception(e)
 
         # check authentication level
         try:
-            auth_method = self._authenticate(func, arguments)
-        except werkzeug.exceptions.NotFound, e:
-            return self._handle_403(e)
+            auth_method = self._authenticate(func.routing["auth"])
+        except Exception as e:
+            return self._handle_exception(e)
 
-        # post process arg to set uid on browse records
-        for arg in arguments:
-            if isinstance(arg, openerp.osv.orm.browse_record) and isinstance(arg._uid, RequestUID):
-                arg._uid = request.uid
+        processing = self._postprocess_args(arguments, rule)
+        if processing:
+            return processing
 
         # set and execute handler
         try:
             request.set_handler(func, arguments, auth_method)
             result = request.dispatch()
-        except werkzeug.exceptions.HTTPException, e:
-            fn = getattr(self, '_handle_%s' % (e.code,), None)
-            if fn:
-                return fn(e)
-            return self._handle_500(e)
+            if isinstance(result, Exception):
+                raise result
         except Exception, e:
-            return self._handle_500(e)
+            return self._handle_exception(e)
+
         return result
 
+    def _postprocess_args(self, arguments, rule):
+        """ post process arg to set uid on browse records """
+        for name, arg in arguments.items():
+            if isinstance(arg, orm.browse_record) and arg._uid is UID_PLACEHOLDER:
+                arguments[name] = arg.sudo(request.uid)
+                try:
+                    arg.exists()
+                except openerp.models.MissingError:
+                    return self._handle_exception(werkzeug.exceptions.NotFound())
+
+    def routing_map(self):
+        if not hasattr(self, '_routing_map'):
+            _logger.info("Generating routing map")
+            cr = request.cr
+            m = request.registry.get('ir.module.module')
+            ids = m.search(cr, openerp.SUPERUSER_ID, [('state', '=', 'installed'), ('name', '!=', 'web')], context=request.context)
+            installed = set(x['name'] for x in m.read(cr, 1, ids, ['name'], context=request.context))
+            if openerp.tools.config['test_enable']:
+                installed.add(openerp.modules.module.current_test)
+            mods = [''] + openerp.conf.server_wide_modules + sorted(installed)
+            self._routing_map = http.routing_map(mods, False, converters=self._get_converters())
+
+        return self._routing_map
+
+def convert_exception_to(to_type, with_message=False):
+    """ Should only be called from an exception handler. Fetches the current
+    exception data from sys.exc_info() and creates a new exception of type
+    ``to_type`` with the original traceback.
+
+    If ``with_message`` is ``True``, sets the new exception's message to be
+    the stringification of the original exception. If ``False``, does not
+    set the new exception's message. Otherwise, uses ``with_message`` as the
+    new exception's message.
+
+    :type with_message: str|bool
+    """
+    etype, original, tb = sys.exc_info()
+    try:
+        if with_message is False:
+            message = None
+        elif with_message is True:
+            message = str(original)
+        else:
+            message = str(with_message)
+
+        raise to_type, message, tb
+    except to_type, e:
+        return e
+
 # vim:et:
Unnamed repository; edit this file 'description' to name the repository.