Merge pull request #1857 from coreos-inc/better-404
Better 404 (and 403) pages
This commit is contained in:
commit
4943ae3d32
12 changed files with 131 additions and 24 deletions
|
@ -17,7 +17,7 @@ from auth import scopes
|
|||
from auth.auth import require_session_login, process_oauth, has_basic_auth, process_auth_or_cookie
|
||||
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
|
||||
SuperUserPermission, AdministerRepositoryPermission,
|
||||
ModifyRepositoryPermission)
|
||||
ModifyRepositoryPermission, OrganizationMemberPermission)
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from buildtrigger.basehandler import BuildTriggerHandler
|
||||
from buildtrigger.bitbuckethandler import BitbucketBuildTrigger
|
||||
|
@ -69,7 +69,7 @@ def internal_error_display():
|
|||
@web.errorhandler(404)
|
||||
@web.route('/404', methods=['GET'])
|
||||
def not_found_error_display(e = None):
|
||||
resp = render_page_template_with_routedata('404.html')
|
||||
resp = index('', error_code=404)
|
||||
resp.status_code = 404
|
||||
return resp
|
||||
|
||||
|
@ -670,17 +670,46 @@ def attach_custom_build_trigger(namespace_name, repo_name):
|
|||
@parse_repository_name(include_tag=True)
|
||||
@anon_protect
|
||||
def redirect_to_repository(namespace_name, repo_name, tag_name):
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
is_public = model.repository.repository_is_public(namespace_name, repo_name)
|
||||
|
||||
# Always return 200 for ac-discovery, to ensure that rkt and other ACI-compliant clients can
|
||||
# find the metadata they need. Permissions will be checked in the registry API.
|
||||
if request.args.get('ac-discovery', 0) == 1:
|
||||
return index('')
|
||||
|
||||
if permission.can() or is_public:
|
||||
# Redirect to the repository page if the user can see the repository.
|
||||
is_public = model.repository.repository_is_public(namespace_name, repo_name)
|
||||
permission = ReadRepositoryPermission(namespace_name, repo_name)
|
||||
repo_exists = bool(model.repository.get_repository(namespace_name, repo_name))
|
||||
|
||||
if repo_exists and (permission.can() or is_public):
|
||||
repo_path = '/'.join([namespace_name, repo_name])
|
||||
return redirect(url_for('web.repository', path=repo_path, tab="tags", tag=tag_name))
|
||||
|
||||
abort(404)
|
||||
namespace_exists = bool(model.user.get_user_or_org(namespace_name))
|
||||
namespace_permission = OrganizationMemberPermission(namespace_name).can()
|
||||
if get_authenticated_user() and get_authenticated_user().username == namespace_name:
|
||||
namespace_permission = True
|
||||
|
||||
# Otherwise, we display an error for the user. Which error we display depends on permissions:
|
||||
# > If the namespace doesn't exist, 404.
|
||||
# > If the user is a member of the namespace:
|
||||
# - If the repository doesn't exist, 404
|
||||
# - If the repository does exist (no access), 403
|
||||
# > If the user is not a member of the namespace: 403
|
||||
error_info = {
|
||||
'for_repo': True,
|
||||
'namespace_exists': namespace_exists,
|
||||
'namespace': namespace_name,
|
||||
'repo_name': repo_name,
|
||||
}
|
||||
|
||||
if not namespace_exists or (namespace_permission and not repo_exists):
|
||||
resp = index('', error_code=404, error_info=json.dumps(error_info))
|
||||
resp.status_code = 404
|
||||
return resp
|
||||
else:
|
||||
resp = index('', error_code=403, error_info=json.dumps(error_info))
|
||||
resp.status_code = 403
|
||||
return resp
|
||||
|
||||
|
||||
@web.route('/<namespace>')
|
||||
|
|
Reference in a new issue