Commit 25911c3d authored by Chris McDonough's avatar Chris McDonough

Changed getobject logic to log on failure and raise a meaningful exception...

Changed getobject logic to log on failure and raise a meaningful exception instead of raising unauthorized and causing a browser auth box to pop up.
parent 0a4e64e8
...@@ -103,6 +103,7 @@ from Vocabulary import Vocabulary ...@@ -103,6 +103,7 @@ from Vocabulary import Vocabulary
import IOBTree import IOBTree
from Shared.DC.ZRDB.TM import TM from Shared.DC.ZRDB.TM import TM
from AccessControl import getSecurityManager from AccessControl import getSecurityManager
from zLOG import LOG, ERROR
manage_addZCatalogForm=DTMLFile('dtml/addZCatalog',globals()) manage_addZCatalogForm=DTMLFile('dtml/addZCatalog',globals())
...@@ -460,8 +461,13 @@ class ZCatalog(Folder, Persistent, Implicit): ...@@ -460,8 +461,13 @@ class ZCatalog(Folder, Persistent, Implicit):
REQUEST=self.REQUEST REQUEST=self.REQUEST
obj = self.aq_parent.resolve_url(self.getpath(rid), REQUEST) obj = self.aq_parent.resolve_url(self.getpath(rid), REQUEST)
return obj return obj
except: except 'Unauthorized':
pass user = getSecurityManager().getUser().getUserName()
LOG('ZCatalog', ERROR, ('User %s attempted to retrieve object '
'with record id %s using getobject.'
% (user, rid)))
raise ('Access to object with record id %s in Catalog denied: '
'unauthorized as %s.' % (rid, user))
def getMetadataForRID(self, rid): def getMetadataForRID(self, rid):
"""return the correct metadata for the cataloged record id""" """return the correct metadata for the cataloged record id"""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment