def _auth_method_user(self):
request.uid = request.session.uid
if not request.uid:
- if not request.params.get('noredirect'):
- query = werkzeug.urls.url_encode({
- 'redirect': request.httprequest.url,
- })
- response = werkzeug.utils.redirect('/web/login?%s' % query)
- werkzeug.exceptions.abort(response)
raise http.SessionExpiredException("Session expired")
def _auth_method_none(self):
except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
# All other exceptions mean undetermined status (e.g. connection pool full),
# let them bubble up
- request.session.logout()
+ request.session.logout(keep_db=True)
getattr(self, "_auth_method_%s" % auth_method)()
except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException):
raise
def _handle_exception(self, exception):
# If handle_exception returns something different than None, it will be used as a response
- return request._handle_exception(exception)
+
+ # Don't handle exception but use werkeug debugger if server in --dev mode
+ if openerp.tools.config['dev_mode']:
+ raise
+ try:
+ return request._handle_exception(exception)
+ except openerp.exceptions.AccessDenied:
+ return werkzeug.exceptions.Forbidden()
def _dispatch(self):
# locate the controller method
# check authentication level
try:
auth_method = self._authenticate(func.routing["auth"])
- except Exception:
- # force a Forbidden exception with the original traceback
- return self._handle_exception(
- convert_exception_to(
- werkzeug.exceptions.Forbidden))
+ except Exception as e:
+ return self._handle_exception(e)
processing = self._postprocess_args(arguments, rule)
if processing:
return processing
-
# set and execute handler
try:
request.set_handler(func, arguments, auth_method)