Error ticket usability for developers
8 views
Skip to first unread message
sgtpep
Aug 18, 2009, 3:44:34 AM8/18/09
to web2py-users
Hi Massimo and all web2piers!
Displaying a link to ticket on error for visitor is a very nice idea.
But how about displaying full ticket with error traceback at once if
the visitor is administrator. This will prevent me, developer, from
clicking on ticket link every time the error occurs.
Displaying a link to ticket on error for visitor is a very nice idea.
But how about displaying full ticket with error traceback at once if
the visitor is administrator. This will prevent me, developer, from
clicking on ticket link every time the error occurs.
sgtpep
Aug 18, 2009, 4:08:38 AM8/18/09
to web2py-users
To achieve such behavior I've added some code in two places in gluon/
main.py:
is_local_user = request.client == request.env.http_host.split
(':')[0]
if is_local_user:
# redirecting to error ticket
return HTTP(303, error_message_ticket
% dict(ticket=ticket), Location="/admin/default/
ticket/%s"
% ticket).to(responder)
else:
# displaying error ticket url
return HTTP(http_error_status, error_message_ticket
% dict(ticket=ticket), web2py_error='ticket %s'
% ticket).to(responder)
main.py:
is_local_user = request.client == request.env.http_host.split
(':')[0]
if is_local_user:
# redirecting to error ticket
return HTTP(303, error_message_ticket
% dict(ticket=ticket), Location="/admin/default/
ticket/%s"
% ticket).to(responder)
else:
# displaying error ticket url
return HTTP(http_error_status, error_message_ticket
% dict(ticket=ticket), web2py_error='ticket %s'
% ticket).to(responder)
mdipierro
Aug 18, 2009, 4:18:35 AM8/18/09
to web2py-users
I am afraid it is a little more complex than that.
- a local user is not necessarily the administrator
- the server may be behind a proxy so all users are local users
- request.client can be spoofed by remote malicious clients
it is possible to detect if the user is the administrator by checking
a cookie (using gluon.fileutils.check_credentials('admin')) but
it is possible (although very rare) that the ticket itself cannot be
displayed by admin (because admin is not installed, because admin has
a bug, because the ticket is malformed) and we still want to see the
ticket number so we can access it manually
Anyway. In principle, I am not opposed to this change but let's give
this some thought ad hear more opinions.
Massimo
- a local user is not necessarily the administrator
- the server may be behind a proxy so all users are local users
- request.client can be spoofed by remote malicious clients
it is possible to detect if the user is the administrator by checking
a cookie (using gluon.fileutils.check_credentials('admin')) but
it is possible (although very rare) that the ticket itself cannot be
displayed by admin (because admin is not installed, because admin has
a bug, because the ticket is malformed) and we still want to see the
ticket number so we can access it manually
Anyway. In principle, I am not opposed to this change but let's give
this some thought ad hear more opinions.
Massimo
sgtpep
Aug 19, 2009, 3:02:05 AM8/19/09
to web2py-users
Yes, you are right, we should take into account all this issues.
May be we could look into other web frameworks. For example, Zend
Framework can be configured with few levels of configuration (I mean
"production", "staging", "development", ...
http://framework.zend.com/docs/quickstart/create-your-project).
Meanwhile Django has boolean DEBUG configuration option. But web2py is
glorious by it's zero configuration, so we should avoid redundant
config options.
How about adding new command line option --debug?
May be we could look into other web frameworks. For example, Zend
Framework can be configured with few levels of configuration (I mean
"production", "staging", "development", ...
http://framework.zend.com/docs/quickstart/create-your-project).
Meanwhile Django has boolean DEBUG configuration option. But web2py is
glorious by it's zero configuration, so we should avoid redundant
config options.
How about adding new command line option --debug?
Reply all
Reply to author
Forward
0 new messages