Thanks, howesc. I think having a mechanism similar to this
and supported by Massimo would not be too much of a security
risk, assuming it's not turned on by default. There's a
big difference between allowing a user to view your source
code and granting full admin access.
I've added a new issue to google code and linked it
to this thread.
http://code.google.com/p/web2py/issues/detail?id=69
Jeff Bauer
Rubicon, Inc.
On 01/21/2010 04:07 PM, howesc wrote:
I'm using web2py on GAE, and wanted to be able to click on a link and
view tickets in that world, so i basically did a copy of the code from
the admin interface into my default.py so that my app can display the
tickets. I'll paste it in here, hope it copies fine in email (i don't
think i can add an attachment to the group)
note that because this is a copy of code from the admin interface it's
not best practice, but i was in a hurry. Also keep in mind that this
breaks the security of the ticket system, which is why it is set up
the way it is in the first place, so use with care.
in default.py in my application i added:
from applications.rockriver.modules.parse_xml import *
from gluon.restricted import RestrictedError
import os
####################
# ticket stuff
####################
def make_link(path):
""" Create a link from a path """
tryFile = path.replace('\\', '/')
if os.path.isabs(tryFile) and os.path.isfile(tryFile):
(folder, filename) = os.path.split(tryFile)
(base, ext) = os.path.splitext(filename)
app = request.args[0]
editable = {'controllers': '.py', 'models': '.py', 'views':
'.html'}
for key in editable.keys():
check_extension = folder.endswith("%s/%s" % (app,key))
if ext.lower() == editable[key] and check_extension:
return A('"' + tryFile + '"',
_href=URL(r=request,
f='edit/%s/%s/%s' % (app, key, filename))).xml
()
return ''
def make_links(traceback):
""" Make links using the given traceback """
lwords = traceback.split('"')
# Making the short circuit compatible with<= python2.4
result = (len(lwords) != 0) and lwords[0] or ''
i = 1
while i< len(lwords):
link = make_link(lwords[i])
if link == '':
result += '"' + lwords[i]
else:
result += link
if i + 1< len(lwords):
result += lwords[i + 1]
i = i + 1
i = i + 1
return result
class TRACEBACK(object):
""" Generate the traceback """
def __init__(self, text):
""" TRACEBACK constructor """
self.s = make_links(CODE(text).xml())
def xml(self):
""" Returns the xml """
return self.s
@auth.requires_login()
def ticket():
""" Ticket handler """
if len(request.args) != 2:
session.flash = T('invalid ticket')
redirect(URL(r=request, f='site'))
app = request.args[0]
ticket = request.args[1]
e = RestrictedError()
e.load(request, app, ticket)
return dict(app=app,
ticket=ticket,
traceback=TRACEBACK(e.traceback),
code=e.code,
layer=e.layer)
#############
in routes.py i added an error message to make the link point back to
my app (note that i already have a route that removes the app name
from the URL):
error_message = '<html><body><h1>Invalid request</h1></body></html>'
error_message_ticket = '<html><body><h1>Internal error</h1>Ticket
issued:<a href="/default/ticket/%(ticket)s" target="_blank">%(ticket)
s</a></body></html>'
On Jan 21, 9:41 am, mdipierro<mdipie...@cs.depaul.edu> wrote:
also look into scripts/tickets2db.py
On Jan 21, 10:34 am, Jeff Bauer<jba...@rubic.com> wrote:
That shouldn't be too hard to do. In the meantime, I
realized that I could just grab the tickets from:
web2py/applications/myapp/errors
Jeff Bauer
Rubicon, Inc.
On 01/21/2010 08:12 AM, mdipierro wrote:
It should be trivial to make a view_tickets app by taking the
appropriate action from admin and add auth.
I encourage people to build one and I will be happy to post it.
Massimo
On Jan 21, 7:51 am, Jeff Bauer<jba...@rubic.com> wrote:
I'm using web2app for a small one-off application in a
corporate setting, quickly making changes to code to
get a project done. Two users behind a corporate
firewall. It's become a real hassle when application
errors occur because the tickets aren't visible.
I can understand not making the admin interface
accessible over an insecure connection, but because
the ticket notification is tied to the admin system,
here's what I have to do:
- user reports an error, sends me the ticket
- I fire up another copy of web2py on a different port
- run a proxy: ssh -L 8001:127.0.0.1:8001 m...@192.168.2.56
- get the ticket info
- shut everything down
That's a lot of work just to get a traceback when attempting
rapid development. There are settings where read-only access
to the ticket info is justified, even if you don't want to
grant users full admin access.
--
Jeff Bauer
Rubicon, Inc.
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
