Opened 10 years ago
Closed 10 years ago
#948 closed defect (fixed)
Errors viewing other user's blogs
| Reported by: | ayleph | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 0.7.0 |
| Component: | programming | Keywords: | |
| Cc: | Christopher Allan Webber | Parent Tickets: |
Description
Following another user's Blog Dashboard link shows a list of that user's blogs. Clicking on one of the listed blogs produces unexpected results.
- If USER1 is logged in and clicks on one of USER2's blogs from USER2's Blog Dashboard, USER1 sees a 404 page.
- If a user who is not logged in clicks on one of any USER's blogs from USER's Blog Dashboard, the unauthenticated user sees SERVER ERROR.
This is caused by the below snippet of code.
mediagoblin/media_types/blog/views.py:
def blog_post_listing(request, page, url_user=None):
"""
Page, listing all the blog posts of a particular blog.
"""
blog_slug = request.matchdict.get('blog_slug', None)
blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
if not blog:
return render_404(request)
In case 1 above, request.user.id will become the id of USER1, so blog returns empty (unless, I assume, USER1 has an identical blog slug to USER2).
In case 2 above, request.user.id produces a server error with the following text:
Error - <type 'exceptions.AttributeError'>: 'NoneType' object has no attribute 'id' URL: https://domain.tld/mediagoblin/u/USER/b/BLOG/ File '/path/to/mediagoblin/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/exceptions/errormiddleware.py', line 144 in __call__ app_iter = self.application(environ, sr_checker) File '/path/to/mediagoblin/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/urlmap.py', line 203 in __call__ return app(environ, start_response) File '/path/to/mediagoblin/mediagoblin/app.py', line 265 in __call__ return self.call_backend(environ, start_response) File '/path/to/mediagoblin/mediagoblin/app.py', line 242 in call_backend response = controller(request) File '/path/to/mediagoblin/mediagoblin/decorators.py', line 114 in wrapper return controller(request, *args, url_user=user, **kwargs) File '/path/to/mediagoblin/mediagoblin/decorators.py', line 165 in wrapper return controller(request, page=page, *args, **kwargs) File '/path/to/mediagoblin/mediagoblin/media_types/blog/views.py', line 264 in blog_post_listing blog = get_blog_by_slug(request, blog_slug, author=request.user.id) AttributeError: 'NoneType' object has no attribute 'id'
Change History (4)
comment:1 by , 10 years ago
| Owner: | set to |
|---|---|
| Status: | new → in_progress |
comment:2 by , 10 years ago
| Owner: | removed |
|---|---|
| Status: | in_progress → review |
I branched off current GMG master and pushed a fix.
Summary: modify mediagoblin/media_types/blog/views.py to list blogs based on the URL user (ie, the username in the URL) rather than the requesting user.
comment:3 by , 10 years ago
| Cc: | added |
|---|---|
| Milestone: | → 0.7.0 |
Okay, this one is straight and simple. Please highly consider including in the next release.
Here are some additional small improvements, that don't fix any problem, but mkae the code better to read/understand. Basicly, the calling parts always provide the stuff, so no need to default-None. Although the Nones are not handled anyway.
-def blog_post_listing(request, page, url_user=None):
+def blog_post_listing(request, page, url_user):
...
- blog_slug = request.matchdict.get('blog_slug', None)
+ blog_slug = request.matchdict['blog_slug']
ayleph has tested this changes also.
comment:4 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | review → closed |
Here's the apparent solution, borrowed from
def blog_dashboard. I don't see any reason to require an authenticated user to list another user's blog posts, so I think this should work.Here's the current state of code.
mediagoblin/media_types/blog/views.py:
def blog_post_listing(request, page, url_user=None): """ Page, listing all the blog posts of a particular blog. """ blog_slug = request.matchdict.get('blog_slug', None) blog = get_blog_by_slug(request, blog_slug, author=request.user.id)And here's the corrected code.
mediagoblin/media_types/blog/views.py:
def blog_post_listing(request, page, url_user=None): """ Page, listing all the blog posts of a particular blog. """ blog_slug = request.matchdict.get('blog_slug', None) blog = get_blog_by_slug(request, blog_slug, author=url_user.id)The only difference is: