Fixed a bug where attempting to load a notebook preview without access

would give a "list index out of range" error instead of an access error.
2008-05-05 23:10:26 +00:00 · 2008-05-05 23:10:26 +00:00 · 1d17ea4eff
parent c6ab3b5da0
commit 1d17ea4eff
3 changed files with 64 additions and 0 deletions
--- a/2
+++ b/2
@ -3,6 +3,8 @@
   character) titles from saving correctly.
 * Changed the literal quotation character in the starting wiki note to the
   "&quot;" character entity so it doesn't show up as a change in the diff.
+ * Fixed a bug where attempting to load a notebook preview without access
+   would give a "list index out of range" error instead of an access error.

 1.3.13: May 5, 2008
 * Instructions for enabling JavaScript, linked from various forms that
--- a/controller/Notebooks.py
+++ b/controller/Notebooks.py
@ -105,6 +105,8 @@ class Notebooks( object ):
      result[ u"notebooks" ] = [
        notebook for notebook in result[ "notebooks" ] if notebook.object_id == notebook_id
      ]
+      if len( result[ u"notebooks" ] ) == 0:
+        raise Access_error()
      result[ u"notebooks" ][ 0 ].owner = False
    elif preview == u"viewer":
      read_write = False
@ -112,6 +114,8 @@ class Notebooks( object ):
      result[ u"notebooks" ] = [
        notebook for notebook in result[ "notebooks" ] if notebook.object_id == notebook_id
      ]
+      if len( result[ u"notebooks" ] ) == 0:
+        raise Access_error()
      result[ u"notebooks" ][ 0 ].read_write = False
      result[ u"notebooks" ][ 0 ].owner = False
    elif preview in ( u"owner", u"default", None ):
--- a/controller/test/Test_notebooks.py
+++ b/controller/test/Test_notebooks.py
@ -345,6 +345,64 @@ class Test_notebooks( Test_controller ):
    user = self.database.load( User, self.user.object_id )
    assert user.storage_bytes == 0

+  def test_default_as_preview_viewer_without_login( self ):
+    path = "/notebooks/%s?preview=viewer" % self.notebook.object_id
+    result = self.http_get( path )
+    
+    headers = result.get( "headers" )
+    assert headers
+    assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
+
+  def test_default_as_preview_collaborator_without_login( self ):
+    path = "/notebooks/%s?preview=collaborator" % self.notebook.object_id
+    result = self.http_get( path )
+    
+    headers = result.get( "headers" )
+    assert headers
+    assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
+
+  def test_default_as_preview_owner_without_login( self ):
+    path = "/notebooks/%s?preview=owner" % self.notebook.object_id
+    result = self.http_get( path )
+    
+    print result
+    headers = result.get( "headers" )
+    assert headers
+    assert headers.get( "Location" ) == u"http:///login?after_login=%s" % urllib.quote( path )
+
+  def test_default_as_preview_viewer_without_access( self ):
+    self.make_extra_notebooks()
+    self.login2()
+
+    result = self.http_get(
+      "/notebooks/%s?preview=viewer" % self.notebook2.object_id,
+      session_id = self.session_id,
+    )
+    
+    assert u"access" in result.get( u"error" )
+
+  def test_default_as_preview_collaborator_without_access( self ):
+    self.make_extra_notebooks()
+    self.login2()
+
+    result = self.http_get(
+      "/notebooks/%s?preview=collaborator" % self.notebook2.object_id,
+      session_id = self.session_id,
+    )
+    
+    assert u"access" in result.get( u"error" )
+
+  def test_default_as_preview_owner_without_access( self ):
+    self.make_extra_notebooks()
+    self.login2()
+
+    result = self.http_get(
+      "/notebooks/%s?preview=owner" % self.notebook2.object_id,
+      session_id = self.session_id,
+    )
+    
+    assert u"access" in result.get( u"error" )
+
  def test_default_with_note( self ):
    self.login()