Bug fix. Repro: Try making a link to a note that doesn't exist yet, then click
on the link. Delete the new note. Then go back to the first message, and click after the link, so the link's pulldown shows. You'll get this error message: "Sorry, you don't have access to do that." The fix was to look for the cases when the deleted note is either in the trash or deleted "forever", and then return None for the note value (instead of just raising an Access_error).
This commit is contained in:
parent
baf38c9e63
commit
218fe3995c
|
@ -115,7 +115,10 @@ class Notebooks( object ):
|
|||
if note_id:
|
||||
note = self.__database.load( Note, note_id, revision )
|
||||
if note and note.notebook_id != notebook_id:
|
||||
raise Access_error()
|
||||
if note.notebook_id == notebook.trash_id:
|
||||
note = None
|
||||
else:
|
||||
raise Access_error()
|
||||
else:
|
||||
note = None
|
||||
|
||||
|
@ -158,7 +161,19 @@ class Notebooks( object ):
|
|||
|
||||
note = self.__database.load( Note, note_id, revision )
|
||||
|
||||
# if the note has no notebook, it has been deleted "forever"
|
||||
if note and note.notebook_id is None:
|
||||
return dict(
|
||||
note = None,
|
||||
)
|
||||
|
||||
if note and note.notebook_id != notebook_id:
|
||||
notebook = self.__database.load( Notebook, notebook_id )
|
||||
if notebook and note.notebook_id == notebook.trash_id:
|
||||
return dict(
|
||||
note = None,
|
||||
)
|
||||
|
||||
raise Access_error()
|
||||
|
||||
return dict(
|
||||
|
@ -268,8 +283,20 @@ class Notebooks( object ):
|
|||
note = self.__database.load( Note, note_id )
|
||||
|
||||
if note:
|
||||
if note and note.notebook_id is None:
|
||||
return dict(
|
||||
revisions = None,
|
||||
)
|
||||
|
||||
if note.notebook_id != notebook_id:
|
||||
notebook = self.__database.load( Notebook, notebook_id )
|
||||
if notebook and note.notebook_id == notebook.trash_id:
|
||||
return dict(
|
||||
revisions = None,
|
||||
)
|
||||
|
||||
raise Access_error()
|
||||
|
||||
revisions = self.__database.select_many( unicode, note.sql_load_revisions() )
|
||||
else:
|
||||
revisions = None
|
||||
|
|
|
@ -336,6 +336,22 @@ class Test_notebooks( Test_controller ):
|
|||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.storage_bytes == 0
|
||||
|
||||
def test_load_note_without_notebook( self ):
|
||||
self.login()
|
||||
|
||||
self.note.notebook_id = None
|
||||
self.database.save( self.note )
|
||||
|
||||
result = self.http_post( "/notebooks/load_note/", dict(
|
||||
notebook_id = self.notebook.object_id,
|
||||
note_id = self.note.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
note = result[ "note" ]
|
||||
assert note == None
|
||||
user = self.database.load( User, self.user.object_id )
|
||||
assert user.storage_bytes == 0
|
||||
|
||||
def test_load_note_by_title( self ):
|
||||
self.login()
|
||||
|
||||
|
@ -1010,7 +1026,7 @@ class Test_notebooks( Test_controller ):
|
|||
note_id = self.note.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
assert "access" in result.get( "error" )
|
||||
assert result[ "note" ] is None
|
||||
|
||||
def test_delete_note_from_trash( self ):
|
||||
self.login()
|
||||
|
@ -1041,7 +1057,7 @@ class Test_notebooks( Test_controller ):
|
|||
note_id = self.note.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
assert "access" in result.get( "error" )
|
||||
assert result.get( "note" ) is None
|
||||
|
||||
def test_delete_note_without_login( self ):
|
||||
result = self.http_post( "/notebooks/delete_note/", dict(
|
||||
|
@ -1260,14 +1276,14 @@ class Test_notebooks( Test_controller ):
|
|||
note_id = self.note.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
assert "access" in result.get( "error" )
|
||||
assert result[ "note" ] is None
|
||||
|
||||
result = self.http_post( "/notebooks/load_note/", dict(
|
||||
notebook_id = self.notebook.object_id,
|
||||
note_id = self.note2.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
assert "access" in result.get( "error" )
|
||||
assert result[ "note" ] is None
|
||||
|
||||
def test_delete_all_notes_from_trash( self ):
|
||||
self.login()
|
||||
|
@ -1292,7 +1308,7 @@ class Test_notebooks( Test_controller ):
|
|||
note_id = self.note.object_id,
|
||||
), session_id = self.session_id )
|
||||
|
||||
assert "access" in result.get( "error" )
|
||||
assert result.get( "note" ) is None
|
||||
|
||||
def test_delete_all_notes_without_login( self ):
|
||||
result = self.http_post( "/notebooks/delete_all_notes/", dict(
|
||||
|
|
Reference in New Issue
Block a user