Leonard Richardson has proposed merging lp:~leonardr/launchpad/bug-271029 into lp:launchpad with lp:~leonardr/launchpad/bug-106338 as a prerequisite.
Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~leonardr/launchpad/bug-271029/+merge/52423 This branch builds on my fix to bug 106338, and fixes bug 271029 in the same way. I 'slam' the 401 error code onto the Unauthorized and ForbiddenAttribute exceptions, so that whenever they occur in a web service context, the result is a 401 response code instead of an OOPS. This code is not as straightforward as it may appear. For one thing, the Unauthorized bit may not be necessary. We have a special lookup in lazr.restful that maps Zope's Unauthorized exception to a 401 response code. So I may take that out. Second, it's not absolutely guaranteed that ForbiddenAttribute means 401. As seen in 267888, it might mean 400, when the user tries to modify a read-only field. Bug 267888 was a very early lazr.restful bug, and it was fixed by adding checks in lazr.restful for attempts to modify a read-only field, but in theory it could still happen if a read-only field is explicitly published through the web service as read-write. -- https://code.launchpad.net/~leonardr/launchpad/bug-271029/+merge/52423 Your team Launchpad code reviewers is requested to review the proposed merge of lp:~leonardr/launchpad/bug-271029 into lp:launchpad. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
