Skip to content

Commit

Permalink
bug 1541581: Loading /rules while logged out causes a 500 (#891)
Browse files Browse the repository at this point in the history 
* Don't send requests where username is 'null'

* Fix handling of AuthError so it doesn't result in an unhandled exception.

* Disable all modification buttons when a user is not logged in; show Rules, Releases, and Change Logs nav links again.
  • Loading branch information
@bhearsum
bhearsum authored Apr 10, 2019
1 parent 26b944d commit 6bd63d1
Show file tree
Hide file tree
Showing 17 changed files with 152 additions and 120 deletions.
4 changes: 2 additions & 2 deletions auslib/web/admin/views/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
from auslib.db import OutdatedDataError, PermissionDeniedError, UpdateMergeError, ChangeScheduledError, \
SignoffRequiredError
import logging
from auslib.util.auth import verified_userinfo
from auslib.util.auth import AuthError, verified_userinfo


log = logging.getLogger(__name__)
Expand Down Expand Up @@ -64,7 +64,7 @@ def decorated(*args, **kwargs):
log.warning(msg)
log.warning(e)
return problem(400, "Bad Request", "SignoffRequiredError", ext={"exception": msg})
except PermissionDeniedError as e:
except (PermissionDeniedError, AuthError) as e:
msg = "Permission denied to perform the request. {}".format(e)
log.warning(msg)
return problem(403, "Forbidden", "PermissionDeniedError", ext={"exception": msg})
Expand Down
6 changes: 3 additions & 3 deletions auslib/web/admin/views/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ class SpecificUserView(AdminView):
"""/users/:username
Returns all of the details about the named user."""

@requirelogin
@handleGeneralExceptions("GET")
@requirelogin
def get(self, username, changed_by):
permissions = dbo.permissions.getUserPermissions(username, changed_by)

Expand All @@ -41,8 +41,8 @@ def get(self, username, changed_by):
class PermissionsView(AdminView):
"""/users/:username/permissions"""

@requirelogin
@handleGeneralExceptions("GET")
@requirelogin
def get(self, username, changed_by):
permissions = dbo.permissions.getUserPermissions(username, changed_by)
return jsonify(permissions)
Expand All @@ -51,8 +51,8 @@ def get(self, username, changed_by):
class SpecificPermissionView(AdminView):
"""/users/:username/permissions/:permission"""

@requirelogin
@handleGeneralExceptions("GET")
@requirelogin
def get(self, username, permission, changed_by):
try:
perm = dbo.permissions.getUserPermissions(username, changed_by)[permission]
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/permission_scheduled_changes_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
angular.module("app").controller("PermissionScheduledChangesController",
function($scope, $routeParams, $location, $timeout, Permissions, Rules, Search, $modal, $route, Releases, Page,
PermissionsRequiredSignoffs) {
PermissionsRequiredSignoffs, Auth0) {

Page.setTitle('Scheduled Permission Changes');

$scope.loading = true;
$scope.failed = false;

$scope.current_user = localStorage.getItem("username");
$scope.auth0 = Auth0;
$scope.user_roles = [];

Permissions.getUserInfo($scope.current_user)
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/permissions_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
angular.module("app").controller('PermissionsController',
function($scope, $routeParams, $location, $timeout, Permissions, Search, $modal, Page, PermissionsRequiredSignoffs, Helpers) {
function($scope, $routeParams, $location, $timeout, Permissions, Search, $modal, Page, PermissionsRequiredSignoffs, Helpers, Auth0) {

Page.setTitle('Permissions');

Expand All @@ -8,6 +8,7 @@ function($scope, $routeParams, $location, $timeout, Permissions, Search, $modal,
$scope.username = $routeParams.username;
$scope.users = [];
$scope.tab = 1;
$scope.auth0 = Auth0;


if ($scope.username) {
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/releases_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
angular.module("app").controller('ReleasesController',
function($scope, $routeParams, $location, $timeout, Releases, Search, $modal, Page, Helpers) {
function($scope, $routeParams, $location, $timeout, Releases, Search, $modal, Page, Helpers, Auth0) {

Page.setTitle('Releases');

Expand All @@ -11,6 +11,7 @@ function($scope, $routeParams, $location, $timeout, Releases, Search, $modal, Pa
$scope.page_size = {id: $scope.pageSize, name: $scope.storedPageSize? $scope.storedPageSize.name : $scope.pageSize};
$scope.currentPage = 1;
$scope.maxSize = 10;
$scope.auth0 = Auth0;

function loadPage(newPage) {
Releases.getHistory($scope.release_name, $scope.pageSize, newPage)
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/required_signoffs_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
angular.module("app").controller('RequiredSignoffsController',
function($scope, $modal, $q, CSRF, ProductRequiredSignoffs, PermissionsRequiredSignoffs, Permissions, Page) {
function($scope, $modal, $q, CSRF, ProductRequiredSignoffs, PermissionsRequiredSignoffs, Permissions, Page, Auth0) {

Page.setTitle('Signoffs');

Expand All @@ -14,6 +14,7 @@ function($scope, $modal, $q, CSRF, ProductRequiredSignoffs, PermissionsRequiredS
$scope.selected_product = null;
$scope.state = "current";
$scope.current_user = localStorage.getItem("username");
$scope.auth0 = Auth0;
$scope.user_roles = [];

// All of the initial loads happen asynchronously. We keep track of these so we can
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/rule_scheduled_changes_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
angular.module("app").controller("RuleScheduledChangesController",
function($scope, $routeParams, $location, $timeout, Rules, Search, $modal, $route, Releases, Permissions, Page, ProductRequiredSignoffs) {
function($scope, $routeParams, $location, $timeout, Rules, Search, $modal, $route, Releases, Permissions, Page, ProductRequiredSignoffs, Auth0) {

Page.setTitle('Scheduled Rule Changes');

$scope.loading = true;
$scope.failed = false;
$scope.current_user = localStorage.getItem("username");
$scope.auth0 = Auth0;
$scope.user_roles = [];

$scope.sc_id = parseInt($routeParams.sc_id, 10);
Expand Down
3 changes: 2 additions & 1 deletion ui/app/js/controllers/rules_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
angular.module("app").controller('RulesController',
function($scope, $routeParams, $location, $timeout, Rules, Search, $modal, $route, Releases, Page, Permissions, ProductRequiredSignoffs, Helpers, EmergencyShutoffs, CSRF) {
function($scope, $routeParams, $location, $timeout, Rules, Search, $modal, $route, Releases, Page, Permissions, ProductRequiredSignoffs, Helpers, EmergencyShutoffs, CSRF, Auth0) {

Page.setTitle('Rules');

Expand All @@ -19,6 +19,7 @@ function($scope, $routeParams, $location, $timeout, Rules, Search, $modal, $rout
$scope.emergency_shutoffs = [];
$scope.current_emergency_shutoff = null;
$scope.current_user = localStorage.getItem("username");
$scope.auth0 = Auth0;

function changeLocationWithFilterParams(filterParamsString) {
localStorage.setItem("pr_ch_filter", filterParamsString);
Expand Down
4 changes: 4 additions & 0 deletions ui/app/js/services/permissions_service.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ angular.module("app").factory('Permissions', function($http, $q, ScheduledChange
},
getUserInfo: function(username) {
var deferred = $q.defer();
if (username === null) {
deferred.resolve({"permissions": {}, "roles": {}});
return deferred.promise;
}
var url = '/api/users/' + encodeURIComponent(username);
// TODO: can probably remove this header setting because we use headers.common.blah now
$http.get(url, config={"headers": {"Authorization": "Bearer " + localStorage.getItem("accessToken")}})
Expand Down
6 changes: 3 additions & 3 deletions ui/app/pages/index.us
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@
<div class="collapse navbar-collapse" ng-class="{'in':!navCollapsed}">
<ul class="nav navbar-nav navbar-right" ng-controller="NavController">
<li ng-class="{active: isOn('/')}"><a href="/">Home</a></li>
<li ng-show="auth0.isAuthenticated()" class="dropdown nav" ng-class="{active: isOn('/rules')}">
<li class="dropdown nav" ng-class="{active: isOn('/rules')}">
<a href="/rules">Rules <span class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-left">
<li><a href="/rules/scheduled_changes">Scheduled Changes</a></li>
</ul>
</li>
<li ng-show="auth0.isAuthenticated()" class="dropdown nav" ng-class="{active: isOn('/releases')}">
<li class="dropdown nav" ng-class="{active: isOn('/releases')}">
<a href="/releases">Releases <span class="caret"></span></a>
<ul class="dropdown-menu dropdown-menu-left">
<li><a href="/releases/scheduled_changes">Scheduled Changes</a></li>
Expand All @@ -48,7 +48,7 @@
<a href="/required_signoffs">Required Signoffs</a>
</li>

<li ng-show="auth0.isAuthenticated()" ng-class="{active: isOn('/change_logs')}">
<li ng-class="{active: isOn('/change_logs')}">
<a href="/change_logs">Change Logs</a>
</li>
<li ng-class="{dropdown: auth0.isAuthenticated(), nav: auth0.isAuthenticated()}">
Expand Down
24 changes: 13 additions & 11 deletions ui/app/templates/permission_scheduled_changes.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ <h2>
<span>found)</span>
</span>

<button class="btn btn-primary btn-xs" ng-click="openNewScheduledPermissionChangeModal()">
<button class="btn btn-primary btn-xs" ng-click="openNewScheduledPermissionChangeModal()" ng-show="auth0.isAuthenticated()">
Add a new Scheduled Permission Change
<i class="glyphicon glyphicon-plus"></i>
</button>
Expand Down Expand Up @@ -42,16 +42,18 @@ <h2>
<h3 class="panel-title">
<div style="float: right">
<i ng-if="scheduled_changes_rules_count && $first && (currentPage == 1)">Current</i>
<button class="btn btn-xs btn-primary" ng-click="signoff(sc)" ng-show="!isEmpty(sc['required_signoffs']) &&
!sc['signoffs'].hasOwnProperty(current_user)">
Signoff as...
</button>
<button class="btn btn-xs btn-danger" ng-click="revokeSignoff(sc)" ng-show="!isEmpty(sc['signoffs']) &&
sc['signoffs'].hasOwnProperty(current_user)" >
Revoke your Signoff
</button>
<button ng-show="!sc.complete" class="btn btn-default btn-xs" ng-click="openScheduledUpdateModal(sc)">Update</button>
<button ng-show="!sc.complete" class="btn btn-default btn-xs" ng-click="openDeleteModal(sc)">Delete</button>
<span ng-show="auth0.isAuthenticated()">
<button class="btn btn-xs btn-primary" ng-click="signoff(sc)" ng-show="!isEmpty(sc['required_signoffs']) &&
!sc['signoffs'].hasOwnProperty(current_user)">
Signoff as...
</button>
<button class="btn btn-xs btn-danger" ng-click="revokeSignoff(sc)" ng-show="!isEmpty(sc['signoffs']) &&
sc['signoffs'].hasOwnProperty(current_user)" >
Revoke your Signoff
</button>
<button ng-show="!sc.complete" class="btn btn-default btn-xs" ng-click="openScheduledUpdateModal(sc)">Update</button>
<button ng-show="!sc.complete" class="btn btn-default btn-xs" ng-click="openDeleteModal(sc)">Delete</button>
</span>
</div>


Expand Down
8 changes: 4 additions & 4 deletions ui/app/templates/permissions.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ <h2>
<span ng-bind="hasFilter() ? 'found' : 'in total'"></span>)
</span>

<button class="btn btn-primary btn-xs" ng-show="!username" ng-click="openNewModal()">
<button class="btn btn-primary btn-xs" ng-show="auth0.isAuthenticated() && !username" ng-click="openNewModal()">
Add a new permission
<i class="glyphicon glyphicon-plus"></i>
</button>
Expand All @@ -61,8 +61,8 @@ <h2>
<h3 class="panel-title">
<div style="float: right">
<i ng-show="username && $first">Current</i>
<button ng-show="!username" class="btn btn-default btn-xs" ng-click="openNewScheduledPermissionChangeModal(user)">Schedule a Change</button>
<button ng-show="!username" class="btn btn-default btn-xs" ng-click="openUpdateModal(user)">Update</button>
<button ng-show="auth0.isAuthenticated() && !username" class="btn btn-default btn-xs" ng-click="openNewScheduledPermissionChangeModal(user)">Schedule a Change</button>
<button ng-show="auth0.isAuthenticated() && !username" class="btn btn-default btn-xs" ng-click="openUpdateModal(user)">Update</button>
</div>
<span title="Username" ng-bind-html="highlightSearch(user.username, 'username')"></span>
</h3>
Expand Down Expand Up @@ -125,4 +125,4 @@ <h5 class="panel panel-default panel-heading">{{ roleUser.username }}</h5>
<div class="pagination-container" ng-show="filtered_roles_items.length > pageSize">
<pagination class="pagination-sm" total-items="filtered_roles_items.length" ng-model="currentPage" items-per-page="pageSize"></pagination>
</div>
</div>
</div>
26 changes: 15 additions & 11 deletions ui/app/templates/release_scheduled_changes.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ <h2>
<span>found)</span>
</span>

<button ng-show="!scheduled_changes_count" class="btn btn-primary btn-xs" ng-click="openNewScheduledReleaseChangeModal()">
<button ng-show="auth0.isAuthenticated() && !scheduled_changes_count" class="btn btn-primary btn-xs" ng-click="openNewScheduledReleaseChangeModal()">
Create a new Release with a Scheduled Change
<i class="glyphicon glyphicon-plus"></i>
</button>
Expand Down Expand Up @@ -51,17 +51,21 @@ <h2>
<h3 class="panel-title">
<div style="float: right">
<i ng-if="scheduled_changes_count && $first && (currentPage == 1)">Current</i>
<button ng-show="!sc_id && (! isEmpty(sc['required_signoffs']) &&
!sc['signoffs'].hasOwnProperty(current_user))" class="btn btn-xs btn-primary" ng-click="signoff(sc)">
Signoff as...
</button>
<button ng-show="!sc_id && (! isEmpty(sc['required_signoffs']) &&
sc['signoffs'].hasOwnProperty(current_user))" class="btn btn-xs btn-danger" ng-click="revokeSignoff(sc)">
Revoke your Signoff
</button>
<span ng-show="auth0.isAuthenticated()">
<button ng-show="!sc_id && (! isEmpty(sc['required_signoffs']) &&
!sc['signoffs'].hasOwnProperty(current_user))" class="btn btn-xs btn-primary" ng-click="signoff(sc)">
Signoff as...
</button>
<button ng-show="!sc_id && (! isEmpty(sc['required_signoffs']) &&
sc['signoffs'].hasOwnProperty(current_user))" class="btn btn-xs btn-danger" ng-click="revokeSignoff(sc)">
Revoke your Signoff
</button>
</span>
<button class="btn btn-default btn-xs" ng-click="openDataModal(sc)">View Data</button>
<button ng-show="!scheduled_changes_count && !sc.complete" class="btn btn-default btn-xs" ng-click="openUpdateModal(sc)">Update</button>
<button ng-show="!scheduled_changes_count && !sc.complete" class="btn btn-default btn-xs" ng-click="openDeleteModal(sc)">Delete</button>
<span ng-show="auth0.isAuthenticated()">
<button ng-show="!scheduled_changes_count && !sc.complete" class="btn btn-default btn-xs" ng-click="openUpdateModal(sc)">Update</button>
<button ng-show="!scheduled_changes_count && !sc.complete" class="btn btn-default btn-xs" ng-click="openDeleteModal(sc)">Delete</button>
</span>
<a ng-show="!scheduled_changes_count" class="btn btn-default btn-xs" ng-href="/scheduled_changes/releases/{{ sc.sc_id }}">History</a>
</div>

Expand Down
28 changes: 18 additions & 10 deletions ui/app/templates/releases.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ <h2>
</span>

<button class="btn btn-primary btn-xs"
ng-show="!release_name" ng-click="openNewReleaseModal()">
ng-show="auth0.isAuthenticated() && !release_name" ng-click="openNewReleaseModal()">
Add a new Release
<i class="glyphicon glyphicon-plus"></i>
</button>
Expand Down Expand Up @@ -75,16 +75,24 @@ <h2>
<h3 class="panel-title">
<div style="float:right">
<i ng-if="release_name && $first && (currentPage == 1)">Current</i>
<button ng-if="release_name && ((currentPage != 1) || !$first )" class="btn btn-default btn-xs" ng-click="openRevertModal(release)">Revert to this</button>
<button ng-show="!release_name" class="btn btn-warning btn-xs" ng-click="openNewScheduledReleaseChangeModal(release)">Schedule an Update</button>
<button ng-show="!release_name" class="btn btn-danger btn-xs" ng-click="openNewScheduledDeleteModal(release)">Schedule for Deletion</button>
<button class="btn btn-default btn-xs" ng-click="openDataModal(release)">View Data</button>
<a ng-show="!release_name" class="btn btn-default btn-xs" download="{{ release.name | uriencode }}.json" target="_self" ng-href="/api/releases/{{ release.name | uriencode }}?pretty=1">Download</a>
<button ng-show="!release_name && !release.required_signoffs.length" class="btn btn-default btn-xs" ng-click="openUpdateModal(release)">Update</button>
<button ng-show="!release_name && !release.required_signoffs.length" class="btn btn-default btn-xs" ng-click="openDeleteModal(release)">Delete</button>
<span ng-show="auth0.isAuthenticated()">
<button ng-if="release_name && ((currentPage != 1) || !$first )" class="btn btn-default btn-xs" ng-click="openRevertModal(release)">Revert to this</button>
<button ng-show="!release_name" class="btn btn-warning btn-xs" ng-click="openNewScheduledReleaseChangeModal(release)">Schedule an Update</button>
<button ng-show="!release_name" class="btn btn-danger btn-xs" ng-click="openNewScheduledDeleteModal(release)">Schedule for Deletion</button>
<button class="btn btn-default btn-xs" ng-click="openDataModal(release)">View Data</button>
<a ng-show="!release_name" class="btn btn-default btn-xs" download="{{ release.name | uriencode }}.json" target="_self" ng-href="/api/releases/{{ release.name | uriencode }}?pretty=1">Download</a>
<button ng-show="!release_name && !release.required_signoffs.length" class="btn btn-default btn-xs" ng-click="openUpdateModal(release)">Update</button>
<button ng-show="!release_name && !release.required_signoffs.length" class="btn btn-default btn-xs" ng-click="openDeleteModal(release)">Delete</button>
</span>
<a ng-show="!release_name" class="btn btn-default btn-xs" ng-href="/releases/{{ release.name }}">History</a>
<button ng-show="!release_name && !release.read_only" class="btn btn-xs btn-success" ng-click="openReadOnlyModal(release)">Modifiable</button>
<button ng-show="!release_name && release.read_only" class="btn btn-xs btn-danger" ng-click="openReadOnlyModal(release)">Read Only</button>
<span ng-show="auth0.isAuthenticated()">
<button ng-show="!release_name && !release.read_only" class="btn btn-xs btn-success" ng-click="openReadOnlyModal(release)">Modifiable</button>
<button ng-show="!release_name && release.read_only" class="btn btn-xs btn-danger" ng-click="openReadOnlyModal(release)">Read Only</button>
</span>
<span ng-show="!auth0.isAuthenticated()">
<button ng-show="!release_name && !release.read_only" class="btn btn-xs btn-success" disabled>Modifiable</button>
<button ng-show="!release_name && release.read_only" class="btn btn-xs btn-danger" disabled>Read Only</button>
</span>

</div>
<span ng-bind-html="highlightSearch(release.name, 'name')"></span>
Expand Down
Loading

0 comments on commit 6bd63d1

Please sign in to comment.