Launchpad itself

Forbidden error when viewing a milestone with private bugs

Bug #6751 reported by James Henstridge on 2006-01-13

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Medium	Christian Reis

Bug Description

When I try to view the following URL, I get a forbidden error:
https://launchpad.net/products/malone/+milestone/1.1

The end of the traceback reads as follows:

    * Module zope.tales.tales, line 698, in evaluate
      return expression(self)
      /srv/launchpad.net/production/launchpad/lib/canonical/launchpad/templates/milestone-index.pt
      Line 38, Column 4
      Expression: <PathExpr standard:'bugtask/@@+listing-detailed'>
         - Names:
            {'args': (),
             'context': <Milestone at 0x8b6fd50>,
             'default': <object object at 0x2aaaaab171d0>,
             'loop': {},
             'nothing': None,
             'options': {},
             'repeat': {},
             'request': <canonical.launchpad.webapp.servers.LaunchpadBrowserRequest instance URL=https://launchpad.net/products/malone/+milestone/1.1/+index>,
             'template': <zope.app.pagetemplate.viewpagetemplatefile.ViewPageTemplateFile object at 0x2aaab45fec10>,
             'usage': <zope.pagetemplate.pagetemplate.TemplateUsage object at 0x2aaab95ccad0>,
             'view': <zope.app.pagetemplate.simpleviewclass.SimpleViewClass from /srv/launchpad.net/production/launchpad/lib/canonical/launchpad/templates/milestone-index.pt object at 0x2aaabb374bd0>,
             'views': <zope.app.pagetemplate.viewpagetemplatefile.ViewMapper object at 0x2aaabb5be110>}
    * Module zope.tales.expressions, line 204, in __call__
      return self._eval(econtext)
    * Module zope.tales.expressions, line 198, in _eval
      return ob()
    * Module zope.app.pagetemplate.simpleviewclass, line 45, in __call__
      return self.index(*args, **kw)
    * Module zope.app.pagetemplate.viewpagetemplatefile, line 80, in __call__
      return self.im_func(im_self, *args, **kw)
    * Module zope.app.pagetemplate.viewpagetemplatefile, line 49, in __call__
      sourceAnnotations=debug_flags.sourceAnnotations)
    * Module zope.pagetemplate.pagetemplate, line 120, in pt_render
      strictinsert=0, sourceAnnotations=sourceAnnotations)()
    * Module zope.tal.talinterpreter, line 236, in __call__
      self.interpret(self.program)
    * Module zope.tal.talinterpreter, line 311, in interpret
      handlers[opcode](self, args)
    * Module zope.tal.talinterpreter, line 558, in do_insertText_tal
      text = self.engine.evaluateText(stuff[0])
    * Module zope.app.pagetemplate.engine, line 101, in evaluateText
      text = self.evaluate(expr)
    * Module zope.tales.tales, line 698, in evaluate
      return expression(self)
      /srv/launchpad.net/production/launchpad/lib/canonical/launchpad/templates/bugtask-listing-detailed.pt
      Line 2, Column 0
      Expression: <PathExpr standard:'context/status/title'>
         - Names:
            {'args': (),
             'context': <BugTask at 0x2aaabba6f610>,
             'default': <object object at 0x2aaaaab171d0>,
             'loop': {},
             'nothing': None,
             'options': {},
             'repeat': {},
             'request': <canonical.launchpad.webapp.servers.LaunchpadBrowserRequest instance URL=https://launchpad.net/products/malone/+milestone/1.1/+index>,
             'template': <zope.app.pagetemplate.viewpagetemplatefile.ViewPageTemplateFile object at 0x2aaab400bb10>,
             'usage': <zope.pagetemplate.pagetemplate.TemplateUsage object at 0x2aaab7d9f550>,
             'view': <zope.app.pagetemplate.simpleviewclass.SimpleViewClass from /srv/launchpad.net/production/launchpad/lib/canonical/launchpad/templates/bugtask-listing-detailed.pt object at 0x2aaab7d9fa90>,
             'views': <zope.app.pagetemplate.viewpagetemplatefile.ViewMapper object at 0x2aaabb57d610>}
    * Module zope.tales.expressions, line 204, in __call__
      return self._eval(econtext)
    * Module zope.tales.expressions, line 191, in _eval
      ob = self._subexprs[-1](econtext)
    * Module zope.tales.expressions, line 123, in _eval
      ob = self._traverser(ob, element, econtext)
    * Module zope.app.pagetemplate.engine, line 72, in trustedZopeTraverser
      request=getattr(econtext, 'request', None))
    * Module zope.app.traversing.adapters, line 114, in traverse
      curr = traversePathElement(curr, name, path, request=request)
    * Module zope.app.traversing.adapters, line 167, in traversePathElement
      next_item = traversable.traverse(nm, further_path)
    * Module zope.app.traversing.adapters, line 44, in traverse
      attr = getattr(subject, name, _marker)
      __traceback_info__: (<BugTask at 0x2aaabba6f610>, 'status', ['title'])

Unauthorized: ('status', 'launchpad.View')

I am guessing that a private bug that I am not subscribed to is targetted at the milestone, which causes the Unauthorized exception when trying to read the details of that bug.

A simple fix would be to add tal:condition="bugtask/required:launchpad.View" to the element that includes the listing-detailed template to skip private bugs.

Tags:

Brad Bollenbach (bradb) on 2006-01-19

Changed in malone:
status:	Unconfirmed → Confirmed

Revision history for this message

Gustavo Niemeyer (niemeyer) wrote on 2006-01-25:

Got the same problem with a different attribute. The URL accessed was:

https://launchpad.net/products/launchpad-upload-and-queue/+bug/29645/+index

I got a Forbidden error (Not allowed here), and the backtrace tail was:

    * Module zope.app.traversing.adapters, line 114, in traverse
      curr = traversePathElement(curr, name, path, request=request)
    * Module zope.app.traversing.adapters, line 167, in traversePathElement
      next_item = traversable.traverse(nm, further_path)
    * Module canonical.launchpad.webapp.tales, line 553, in traverse
      return self.pagetitle()
    * Module canonical.launchpad.webapp.tales, line 584, in pagetitle
      title = titleobj(context, view)
    * Module canonical.launchpad.pagetitles, line 51, in __call__
      return smartquote('Bug #%d in %s: "%s"') % (

Unauthorized: ('targetname', 'launchpad.View')

Revision history for this message

Christian Reis (kiko) wrote on 2006-06-23:

Should be fixed with my patch that fixes bug 45429.

Changed in malone:
status:	Confirmed → Fix Committed

Christian Reis (kiko) on 2006-06-27

Changed in malone:
assignee:	nobody → kiko

Diogo Matsubara (matsubara) on 2006-07-12

Changed in malone:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.