diff --git a/controller/Notebooks.py b/controller/Notebooks.py index 435318f..4fd219a 100644 --- a/controller/Notebooks.py +++ b/controller/Notebooks.py @@ -115,7 +115,10 @@ class Notebooks( object ): if note_id: note = self.__database.load( Note, note_id, revision ) if note and note.notebook_id != notebook_id: - raise Access_error() + if note.notebook_id == notebook.trash_id: + note = None + else: + raise Access_error() else: note = None @@ -158,7 +161,19 @@ class Notebooks( object ): note = self.__database.load( Note, note_id, revision ) + # if the note has no notebook, it has been deleted "forever" + if note and note.notebook_id is None: + return dict( + note = None, + ) + if note and note.notebook_id != notebook_id: + notebook = self.__database.load( Notebook, notebook_id ) + if notebook and note.notebook_id == notebook.trash_id: + return dict( + note = None, + ) + raise Access_error() return dict( @@ -268,8 +283,20 @@ class Notebooks( object ): note = self.__database.load( Note, note_id ) if note: + if note and note.notebook_id is None: + return dict( + revisions = None, + ) + if note.notebook_id != notebook_id: + notebook = self.__database.load( Notebook, notebook_id ) + if notebook and note.notebook_id == notebook.trash_id: + return dict( + revisions = None, + ) + raise Access_error() + revisions = self.__database.select_many( unicode, note.sql_load_revisions() ) else: revisions = None diff --git a/controller/test/Test_notebooks.py b/controller/test/Test_notebooks.py index b99f0d4..f6b68cd 100644 --- a/controller/test/Test_notebooks.py +++ b/controller/test/Test_notebooks.py @@ -336,6 +336,22 @@ class Test_notebooks( Test_controller ): user = self.database.load( User, self.user.object_id ) assert user.storage_bytes == 0 + def test_load_note_without_notebook( self ): + self.login() + + self.note.notebook_id = None + self.database.save( self.note ) + + result = self.http_post( "/notebooks/load_note/", dict( + notebook_id = self.notebook.object_id, + note_id = self.note.object_id, + ), session_id = self.session_id ) + + note = result[ "note" ] + assert note == None + user = self.database.load( User, self.user.object_id ) + assert user.storage_bytes == 0 + def test_load_note_by_title( self ): self.login() @@ -1010,7 +1026,7 @@ class Test_notebooks( Test_controller ): note_id = self.note.object_id, ), session_id = self.session_id ) - assert "access" in result.get( "error" ) + assert result[ "note" ] is None def test_delete_note_from_trash( self ): self.login() @@ -1041,7 +1057,7 @@ class Test_notebooks( Test_controller ): note_id = self.note.object_id, ), session_id = self.session_id ) - assert "access" in result.get( "error" ) + assert result.get( "note" ) is None def test_delete_note_without_login( self ): result = self.http_post( "/notebooks/delete_note/", dict( @@ -1260,14 +1276,14 @@ class Test_notebooks( Test_controller ): note_id = self.note.object_id, ), session_id = self.session_id ) - assert "access" in result.get( "error" ) + assert result[ "note" ] is None result = self.http_post( "/notebooks/load_note/", dict( notebook_id = self.notebook.object_id, note_id = self.note2.object_id, ), session_id = self.session_id ) - assert "access" in result.get( "error" ) + assert result[ "note" ] is None def test_delete_all_notes_from_trash( self ): self.login() @@ -1292,7 +1308,7 @@ class Test_notebooks( Test_controller ): note_id = self.note.object_id, ), session_id = self.session_id ) - assert "access" in result.get( "error" ) + assert result.get( "note" ) is None def test_delete_all_notes_without_login( self ): result = self.http_post( "/notebooks/delete_all_notes/", dict(