suggestion: decouple tickets from admin interface

11 views
Skip to first unread message

Jeff Bauer

unread,
Jan 21, 2010, 8:51:20 AM1/21/10
to web...@googlegroups.com
I'm using web2app for a small one-off application in a
corporate setting, quickly making changes to code to
get a project done. Two users behind a corporate
firewall. It's become a real hassle when application
errors occur because the tickets aren't visible.

I can understand not making the admin interface
accessible over an insecure connection, but because
the ticket notification is tied to the admin system,
here's what I have to do:

- user reports an error, sends me the ticket
- I fire up another copy of web2py on a different port
- run a proxy: ssh -L 8001:127.0.0.1:8001 m...@192.168.2.56
- get the ticket info
- shut everything down

That's a lot of work just to get a traceback when attempting
rapid development. There are settings where read-only access
to the ticket info is justified, even if you don't want to
grant users full admin access.

--
Jeff Bauer
Rubicon, Inc.

mdipierro

unread,
Jan 21, 2010, 9:12:13 AM1/21/10
to web2py-users
It should be trivial to make a view_tickets app by taking the
appropriate action from admin and add auth.

I encourage people to build one and I will be happy to post it.

Massimo

Jeff Bauer

unread,
Jan 21, 2010, 11:34:04 AM1/21/10
to web...@googlegroups.com
That shouldn't be too hard to do. In the meantime, I
realized that I could just grab the tickets from:

web2py/applications/myapp/errors

Jeff Bauer
Rubicon, Inc.

mdipierro

unread,
Jan 21, 2010, 12:41:14 PM1/21/10
to web2py-users
also look into scripts/tickets2db.py

howesc

unread,
Jan 21, 2010, 5:07:03 PM1/21/10
to web2py-users
I'm using web2py on GAE, and wanted to be able to click on a link and
view tickets in that world, so i basically did a copy of the code from
the admin interface into my default.py so that my app can display the
tickets. I'll paste it in here, hope it copies fine in email (i don't
think i can add an attachment to the group)

note that because this is a copy of code from the admin interface it's
not best practice, but i was in a hurry. Also keep in mind that this
breaks the security of the ticket system, which is why it is set up
the way it is in the first place, so use with care.

in default.py in my application i added:

from applications.rockriver.modules.parse_xml import *
from gluon.restricted import RestrictedError
import os

####################
# ticket stuff
####################
def make_link(path):
""" Create a link from a path """
tryFile = path.replace('\\', '/')

if os.path.isabs(tryFile) and os.path.isfile(tryFile):
(folder, filename) = os.path.split(tryFile)
(base, ext) = os.path.splitext(filename)
app = request.args[0]

editable = {'controllers': '.py', 'models': '.py', 'views':
'.html'}
for key in editable.keys():
check_extension = folder.endswith("%s/%s" % (app,key))
if ext.lower() == editable[key] and check_extension:
return A('"' + tryFile + '"',
_href=URL(r=request,
f='edit/%s/%s/%s' % (app, key, filename))).xml
()
return ''

def make_links(traceback):
""" Make links using the given traceback """

lwords = traceback.split('"')

# Making the short circuit compatible with <= python2.4
result = (len(lwords) != 0) and lwords[0] or ''

i = 1

while i < len(lwords):
link = make_link(lwords[i])

if link == '':
result += '"' + lwords[i]
else:
result += link

if i + 1 < len(lwords):
result += lwords[i + 1]
i = i + 1

i = i + 1

return result

class TRACEBACK(object):
""" Generate the traceback """

def __init__(self, text):
""" TRACEBACK constructor """

self.s = make_links(CODE(text).xml())

def xml(self):
""" Returns the xml """

return self.s

@auth.requires_login()
def ticket():
""" Ticket handler """

if len(request.args) != 2:
session.flash = T('invalid ticket')
redirect(URL(r=request, f='site'))

app = request.args[0]
ticket = request.args[1]
e = RestrictedError()
e.load(request, app, ticket)

return dict(app=app,
ticket=ticket,
traceback=TRACEBACK(e.traceback),
code=e.code,
layer=e.layer)

#############
in routes.py i added an error message to make the link point back to
my app (note that i already have a route that removes the app name
from the URL):

error_message = '<html><body><h1>Invalid request</h1></body></html>'
error_message_ticket = '<html><body><h1>Internal error</h1>Ticket
issued: <a href="/default/ticket/%(ticket)s" target="_blank">%(ticket)
s</a></body></html>'

Jeff Bauer

unread,
Jan 21, 2010, 6:47:27 PM1/21/10
to web...@googlegroups.com
Thanks, howesc. I think having a mechanism similar to this
and supported by Massimo would not be too much of a security
risk, assuming it's not turned on by default. There's a
big difference between allowing a user to view your source
code and granting full admin access.

I've added a new issue to google code and linked it
to this thread.

http://code.google.com/p/web2py/issues/detail?id=69

Jeff Bauer
Rubicon, Inc.

mdipierro

unread,
Jan 21, 2010, 7:46:00 PM1/21/10
to web2py-users
can you please email it to me? thank you.

Fran

unread,
Jan 22, 2010, 2:49:06 AM1/22/10
to web2py-users
On Jan 21, 1:51 pm, Jeff Bauer <jba...@rubic.com> wrote:
> I'm using web2app for a small one-off application in a
> corporate setting, quickly making changes to code to
> get a project done.  Two users behind a corporate
> firewall.  It's become a real hassle when application
> errors occur because the tickets aren't visible.

+1 this has been really painful for us for the Haiti response -
integrating a fix to this I'd deem pretty high priority :)

F

howesc

unread,
Jan 22, 2010, 3:08:26 AM1/22/10
to web2py-users
I sent massimo the source as requested. note that my code does not
display your source code in the ticket when running on GAE, and
perhaps when running elsewhere, and except when the problem is in my
view it's good enough for me.

thanks,

cfh

Reply all
Reply to author
Forward
0 new messages