witten
/
luminotes
Archived
1
0
Fork 0
Code Releases Activity

Bug fix. Repro: Try making a link to a note that doesn't exist yet, then click 

on the link. Delete the new note. Then go back to the first message, and click
after the link, so the link's pulldown shows. You'll get this error message:
"Sorry, you don't have access to do that."

The fix was to look for the cases when the deleted note is either in the trash
or deleted "forever", and then return None for the note value (instead of just
raising an Access_error).
This commit is contained in:
Dan Helfman 2007-10-17 01:47:46 +00:00
parent baf38c9e63
commit 218fe3995c
2 changed files with 49 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
controller/Notebooks.py
View File

@ -115,7 +115,10 @@ class Notebooks( object ):
if note_id:
note = self.__database.load( Note, note_id, revision )
if note and note.notebook_id != notebook_id:
raise Access_error()
if note.notebook_id == notebook.trash_id:
note = None
else:
raise Access_error()
else:
note = None
@ -158,7 +161,19 @@ class Notebooks( object ):
note = self.__database.load( Note, note_id, revision )
# if the note has no notebook, it has been deleted "forever"
if note and note.notebook_id is None:
return dict(
note = None,
)
if note and note.notebook_id != notebook_id:
notebook = self.__database.load( Notebook, notebook_id )
if notebook and note.notebook_id == notebook.trash_id:
return dict(
note = None,
)
raise Access_error()
return dict(
@ -268,8 +283,20 @@ class Notebooks( object ):
note = self.__database.load( Note, note_id )
if note:
if note and note.notebook_id is None:
return dict(
revisions = None,
)
if note.notebook_id != notebook_id:
notebook = self.__database.load( Notebook, notebook_id )
if notebook and note.notebook_id == notebook.trash_id:
return dict(
revisions = None,
)
raise Access_error()
revisions = self.__database.select_many( unicode, note.sql_load_revisions() )
else:
revisions = None

26
controller/test/Test_notebooks.py
View File

@ -336,6 +336,22 @@ class Test_notebooks( Test_controller ):
user = self.database.load( User, self.user.object_id )
assert user.storage_bytes == 0
def test_load_note_without_notebook( self ):
self.login()
self.note.notebook_id = None
self.database.save( self.note )
result = self.http_post( "/notebooks/load_note/", dict(
notebook_id = self.notebook.object_id,
note_id = self.note.object_id,
), session_id = self.session_id )
note = result[ "note" ]
assert note == None
user = self.database.load( User, self.user.object_id )
assert user.storage_bytes == 0
def test_load_note_by_title( self ):
self.login()
@ -1010,7 +1026,7 @@ class Test_notebooks( Test_controller ):
note_id = self.note.object_id,
), session_id = self.session_id )
assert "access" in result.get( "error" )
assert result[ "note" ] is None
def test_delete_note_from_trash( self ):
self.login()
@ -1041,7 +1057,7 @@ class Test_notebooks( Test_controller ):
note_id = self.note.object_id,
), session_id = self.session_id )
assert "access" in result.get( "error" )
assert result.get( "note" ) is None
def test_delete_note_without_login( self ):
result = self.http_post( "/notebooks/delete_note/", dict(
@ -1260,14 +1276,14 @@ class Test_notebooks( Test_controller ):
note_id = self.note.object_id,
), session_id = self.session_id )
assert "access" in result.get( "error" )
assert result[ "note" ] is None
result = self.http_post( "/notebooks/load_note/", dict(
notebook_id = self.notebook.object_id,
note_id = self.note2.object_id,
), session_id = self.session_id )
assert "access" in result.get( "error" )
assert result[ "note" ] is None
def test_delete_all_notes_from_trash( self ):
self.login()
@ -1292,7 +1308,7 @@ class Test_notebooks( Test_controller ):
note_id = self.note.object_id,
), session_id = self.session_id )
assert "access" in result.get( "error" )
assert result.get( "note" ) is None
def test_delete_all_notes_without_login( self ):
result = self.http_post( "/notebooks/delete_all_notes/", dict(