Opened 6 years ago

Closed 6 years ago

#948 closed defect (fixed)

Errors viewing other user's blogs

Reported by: ayleph Owned by:
Priority: major Milestone: 0.7.0
Component: programming Keywords:
Cc: Christopher Allan Webber Parent Tickets:

Description

Following another user's Blog Dashboard link shows a list of that user's blogs. Clicking on one of the listed blogs produces unexpected results.

  1. If USER1 is logged in and clicks on one of USER2's blogs from USER2's Blog Dashboard, USER1 sees a 404 page.
  2. If a user who is not logged in clicks on one of any USER's blogs from USER's Blog Dashboard, the unauthenticated user sees SERVER ERROR.

This is caused by the below snippet of code.

mediagoblin/media_types/blog/views.py:

def blog_post_listing(request, page, url_user=None):
    """
    Page, listing all the blog posts of a particular blog.
    """
    blog_slug = request.matchdict.get('blog_slug', None)
    blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
    if not blog:
        return render_404(request)

In case 1 above, request.user.id will become the id of USER1, so blog returns empty (unless, I assume, USER1 has an identical blog slug to USER2).

In case 2 above, request.user.id produces a server error with the following text:

Error - <type 'exceptions.AttributeError'>: 'NoneType' object has no attribute 'id'
URL: https://domain.tld/mediagoblin/u/USER/b/BLOG/
File '/path/to/mediagoblin/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/exceptions/errormiddleware.py', line 144 in __call__
  app_iter = self.application(environ, sr_checker)
File '/path/to/mediagoblin/lib/python2.7/site-packages/Paste-1.7.5.1-py2.7.egg/paste/urlmap.py', line 203 in __call__
  return app(environ, start_response)
File '/path/to/mediagoblin/mediagoblin/app.py', line 265 in __call__
  return self.call_backend(environ, start_response)
File '/path/to/mediagoblin/mediagoblin/app.py', line 242 in call_backend
  response = controller(request)
File '/path/to/mediagoblin/mediagoblin/decorators.py', line 114 in wrapper
  return controller(request, *args, url_user=user, **kwargs)
File '/path/to/mediagoblin/mediagoblin/decorators.py', line 165 in wrapper
  return controller(request, page=page, *args, **kwargs)
File '/path/to/mediagoblin/mediagoblin/media_types/blog/views.py', line 264 in blog_post_listing
  blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
AttributeError: 'NoneType' object has no attribute 'id'

Subtickets

Change History (4)

comment:1 Changed 6 years ago by ayleph

Owner: set to ayleph
Status: newin_progress

Here's the apparent solution, borrowed from def blog_dashboard. I don't see any reason to require an authenticated user to list another user's blog posts, so I think this should work.

Here's the current state of code.

mediagoblin/media_types/blog/views.py:

def blog_post_listing(request, page, url_user=None):
    """
    Page, listing all the blog posts of a particular blog.
    """
    blog_slug = request.matchdict.get('blog_slug', None)
    blog = get_blog_by_slug(request, blog_slug, author=request.user.id)

And here's the corrected code.

mediagoblin/media_types/blog/views.py:

def blog_post_listing(request, page, url_user=None):
    """
    Page, listing all the blog posts of a particular blog.
    """
    blog_slug = request.matchdict.get('blog_slug', None)
    blog = get_blog_by_slug(request, blog_slug, author=url_user.id)

The only difference is:

-    blog = get_blog_by_slug(request, blog_slug, author=request.user.id)
+    blog = get_blog_by_slug(request, blog_slug, author=url_user.id)

comment:2 Changed 6 years ago by ayleph

Owner: ayleph deleted
Status: in_progressreview

I branched off current GMG master and pushed a fix.

https://gitorious.org/mediagoblin/aylephs-mediagoblin/commit/9f1f0c50a1bd89a02ad4b9d6ec3209aa072575ca

Summary: modify mediagoblin/media_types/blog/views.py to list blogs based on the URL user (ie, the username in the URL) rather than the requesting user.

comment:3 Changed 6 years ago by Elrond

Cc: Christopher Allan Webber added
Milestone: 0.7.0

Okay, this one is straight and simple. Please highly consider including in the next release.

Here are some additional small improvements, that don't fix any problem, but mkae the code better to read/understand. Basicly, the calling parts always provide the stuff, so no need to default-None. Although the Nones are not handled anyway.

-def blog_post_listing(request, page, url_user=None):
+def blog_post_listing(request, page, url_user):
...
-    blog_slug = request.matchdict.get('blog_slug', None)
+    blog_slug = request.matchdict['blog_slug']

ayleph has tested this changes also.

comment:4 Changed 6 years ago by Jessica Tallon

Resolution: fixed
Status: reviewclosed

This has been pushed to master in b56cd89 and I've added Elrond's change in 51f4911.

Note: See TracTickets for help on using tickets.