[xml/rdf views] handle case where the user hasn't read access to a relation (closes #1984598)
The view shouldn't crash in such case.
Also refactor xmlrelateditem view and its call on the way.
--- a/entity.py Tue Oct 04 13:59:12 2011 +0200
+++ b/entity.py Thu Oct 06 10:09:42 2011 +0200
@@ -722,12 +722,21 @@
self.cw_attr_cache[name] = value = None
return value
- def related(self, rtype, role='subject', limit=None, entities=False): # XXX .cw_related
+ def related(self, rtype, role='subject', limit=None, entities=False, # XXX .cw_related
+ safe=False):
"""returns a resultset of related entities
- :param role: is the role played by 'self' in the relation ('subject' or 'object')
- :param limit: resultset's maximum size
- :param entities: if True, the entites are returned; if False, a result set is returned
+ :param rtype:
+ the name of the relation, aka relation type
+ :param role:
+ the role played by 'self' in the relation ('subject' or 'object')
+ :param limit:
+ resultset's maximum size
+ :param entities:
+ if True, the entites are returned; if False, a result set is returned
+ :param safe:
+ if True, an empty rset/list of entities will be returned in case of
+ :exc:`Unauthorized`, else (the default), the exception is propagated
"""
try:
return self._cw_relation_cache(rtype, role, entities, limit)
@@ -738,7 +747,12 @@
return []
return self._cw.empty_rset()
rql = self.cw_related_rql(rtype, role)
- rset = self._cw.execute(rql, {'x': self.eid})
+ try:
+ rset = self._cw.execute(rql, {'x': self.eid})
+ except Unauthorized:
+ if not safe:
+ raise
+ rset = self._cw.empty_rset()
self.cw_set_relation_cache(rtype, role, rset)
return self.related(rtype, role, limit, entities)
--- a/web/views/rdf.py Tue Oct 04 13:59:12 2011 +0200
+++ b/web/views/rdf.py Thu Oct 06 10:09:42 2011 +0200
@@ -89,15 +89,17 @@
except xy.UnsupportedVocabulary:
pass
else:
- for related in entity.related(rtype, role, entities=True):
- if role == 'subject':
- add( (cwuri, CW[rtype], URIRef(related.cwuri)) )
- try:
- for item in xy.xeq('%s %s' % (entity.e_schema.type, rtype)):
- add( (cwuri, urijoin(item), URIRef(related.cwuri)) )
- except xy.UnsupportedVocabulary:
- pass
- else:
- add( (URIRef(related.cwuri), CW[rtype], cwuri) )
+ try:
+ for related in entity.related(rtype, role, entities=True, safe=True):
+ if role == 'subject':
+ add( (cwuri, CW[rtype], URIRef(related.cwuri)) )
+ try:
+ for item in xy.xeq('%s %s' % (entity.e_schema.type, rtype)):
+ add( (cwuri, urijoin(item), URIRef(related.cwuri)) )
+ except xy.UnsupportedVocabulary:
+ pass
+ else:
+ add( (URIRef(related.cwuri), CW[rtype], cwuri) )
+ except Unauthorized:
+ pass
-
--- a/web/views/xmlrss.py Tue Oct 04 13:59:12 2011 +0200
+++ b/web/views/xmlrss.py Thu Oct 06 10:09:42 2011 +0200
@@ -115,14 +115,14 @@
self.error('unexisting relation %r', relstr)
continue
self.w(u' <%s role="%s">\n' % (rtype, role))
- for related in entity.related(rtype, role, entities=True):
- related.view('xmlrelateditem', w=self.w)
+ self.wview('xmlrelateditem', entity.related(rtype, role, safe=True), 'null')
self.w(u' </%s>\n' % rtype)
self.w(u'</%s>\n' % (entity.e_schema))
class XMLRelatedItemView(EntityView):
__regid__ = 'xmlrelateditem'
+ add_div_section = False
def entity_call(self, entity):
# XXX put unique attributes as xml attribute, they are much probably