Merge pull request #1857 from coreos-inc/better-404

Better 404 (and 403) pages
This commit is contained in:
josephschorr 2016-09-27 11:12:54 +02:00 committed by GitHub
commit 4943ae3d32
12 changed files with 131 additions and 24 deletions

View file

@ -17,7 +17,7 @@ from auth import scopes
from auth.auth import require_session_login, process_oauth, has_basic_auth, process_auth_or_cookie
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
SuperUserPermission, AdministerRepositoryPermission,
ModifyRepositoryPermission)
ModifyRepositoryPermission, OrganizationMemberPermission)
from auth.auth_context import get_authenticated_user
from buildtrigger.basehandler import BuildTriggerHandler
from buildtrigger.bitbuckethandler import BitbucketBuildTrigger
@ -69,7 +69,7 @@ def internal_error_display():
@web.errorhandler(404)
@web.route('/404', methods=['GET'])
def not_found_error_display(e = None):
resp = render_page_template_with_routedata('404.html')
resp = index('', error_code=404)
resp.status_code = 404
return resp
@ -670,17 +670,46 @@ def attach_custom_build_trigger(namespace_name, repo_name):
@parse_repository_name(include_tag=True)
@anon_protect
def redirect_to_repository(namespace_name, repo_name, tag_name):
permission = ReadRepositoryPermission(namespace_name, repo_name)
is_public = model.repository.repository_is_public(namespace_name, repo_name)
# Always return 200 for ac-discovery, to ensure that rkt and other ACI-compliant clients can
# find the metadata they need. Permissions will be checked in the registry API.
if request.args.get('ac-discovery', 0) == 1:
return index('')
if permission.can() or is_public:
# Redirect to the repository page if the user can see the repository.
is_public = model.repository.repository_is_public(namespace_name, repo_name)
permission = ReadRepositoryPermission(namespace_name, repo_name)
repo_exists = bool(model.repository.get_repository(namespace_name, repo_name))
if repo_exists and (permission.can() or is_public):
repo_path = '/'.join([namespace_name, repo_name])
return redirect(url_for('web.repository', path=repo_path, tab="tags", tag=tag_name))
abort(404)
namespace_exists = bool(model.user.get_user_or_org(namespace_name))
namespace_permission = OrganizationMemberPermission(namespace_name).can()
if get_authenticated_user() and get_authenticated_user().username == namespace_name:
namespace_permission = True
# Otherwise, we display an error for the user. Which error we display depends on permissions:
# > If the namespace doesn't exist, 404.
# > If the user is a member of the namespace:
# - If the repository doesn't exist, 404
# - If the repository does exist (no access), 403
# > If the user is not a member of the namespace: 403
error_info = {
'for_repo': True,
'namespace_exists': namespace_exists,
'namespace': namespace_name,
'repo_name': repo_name,
}
if not namespace_exists or (namespace_permission and not repo_exists):
resp = index('', error_code=404, error_info=json.dumps(error_info))
resp.status_code = 404
return resp
else:
resp = index('', error_code=403, error_info=json.dumps(error_info))
resp.status_code = 403
return resp
@web.route('/<namespace>')