Custom Query (1173 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (178 - 180 of 1173)

Ticket Resolution Summary Owner Reporter
#637 fixed Callable hooks that iterate through vs hooks that halt Christopher Allan Webber Christopher Allan Webber
Description

We can handle notification and transform via the "callable hooks" system, but we don't have a "handler" that is the last one to get it and then things stop.

One way to handle this: have a series of method calling handlers that do things in different ways, like:

  • callable_hook_runone: runs them all till they stop
    • which order? Does the last or the first get to claim it?
  • callable_hook_runall: runs every one of the hooks
    • likewise... which order?

.. both of those would expect *args, **kwargs and pass those keyword arguments onto the hooks.

It might also be possible to make some callable classes like this, like:

   callable_hook = CallableHookRunone(
      'some_hookname', accrue=True)  # accrues the results into a list
   results = callable_hook(arg1, arg2, kwarg="foo")
#5356 fixed Can't GET another user's outbox ayleph
Description

When a pump client tries to GET the outbox of another user, the API always returns the outbox of the requesting user. The below patch addresses this issue.

From c5f40d03a2ae6dd5f5c8ea67e441d4711e052c35 Mon Sep 17 00:00:00 2001
From: ayleph <ayleph@thisshitistemp.com>
Date: Sat, 31 Oct 2015 04:18:44 -0400
Subject: [PATCH 2/2] Allow API client to GET another user's outbox

---
 mediagoblin/api/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/api/views.py b/mediagoblin/api/views.py
index 671c3b3..dcd04cd 100644
--- a/mediagoblin/api/views.py
+++ b/mediagoblin/api/views.py
@@ -565,9 +565,9 @@ def feed_endpoint(request, outbox=None):
 
     # Create outbox
     if outbox is None:
-        outbox = Activity.query.filter_by(actor=request.user.id)
+        outbox = Activity.query.filter_by(actor=requested_user.id)
     else:
-        outbox = outbox.filter_by(actor=request.user.id)
+        outbox = outbox.filter_by(actor=requested_user.id)
 
     # We want the newest things at the top (issue: #1055)
     outbox = outbox.order_by(Activity.published.desc())
-- 
2.6.2

I think this change is safe to make because:

  • There is already code to check that the requesting user and the requested user match for PUT/POST requests.
421                 # Check that the person trying to update the comment is
422                 # the author of the comment.
423                 if image.actor != request.user.id:
424                     return json_error(
425                         "Only uploader of image is able to update image.",
426                         status=403
427                     )
  • There is code which throws an error if a request other than PUT, POST, or GET is made.
548     elif request.method != "GET":
549         return json_error(
550             "Unsupported HTTP method {0}".format(request.method),
551             status=501
552         

So theoretically only a GET request should be able to pass through with the requested user not the same as the requesting user.

#5513 fixed Can't delete draft blog posts ayleph
Description

Draft blog posts are set to the 'failed' state. The generated blogpost_delete_url link for a draft gets routed to a 404 page.

Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.