HUE-1094 [fb] Fail early when creating files in a folder without permissions

Review Request #2752 — Created March 13, 2013 and submitted

romain
old-hue-rw
HUE-1094
hue
abec, enricoberti
commit 4057fafc3f7caf8f18dd50999565b29c0166d81f
Author: Romain Rigaux <romain@cloudera.com>
Date:   Wed Mar 13 15:02:07 2013 -0700

    HUE-1094 [fb] Fail early when creating files in a folder without permissions
    
    Do the upload as the current user as we can authenticate it before and are uploading
    to the destination path.
    Upload a file gets triggered by the is_ajax middleware. request.is_ajax() is not set
    for some reason.
    Upload archive works as expected but could not spot the different. This could be useful
    for bubbling up the exception in the notification.

:100644 100644 59bf157... eae542d... M	apps/filebrowser/src/filebrowser/templates/listdir_components.mako
:100644 100644 7b8d944... 621068f... M	apps/filebrowser/src/filebrowser/views.py
:100644 100644 881b22f... f5b885a... M	desktop/core/src/desktop/settings.py
:100644 100644 e959e53... e1ecdd7... M	desktop/libs/hadoop/src/hadoop/fs/upload.py
manual tests
  • 1
  • 0
  • 0
  • 0
  • 1
Description From Last Updated
Should also chmod the file? abec abec
romain
  1. This is still a bit messy but at least fixed the security issue and the bug
  2. 
      
abec
  1. Looks good to me... a few comments on comments! Choose to ignore them if you'd like.
  2. Should also chmod the file?
    1. We don't need as it was created by the current user
  3. desktop/core/src/desktop/settings.py (Diff revision 1)
     
     
     
     
     
     
     
     
    Can we move these out and make them a tuple? Add a comment describing the order as well? Just in case we forget the the auth middleware has to come before every thing else.
    1. There is already a comment about Hue auth. I can put a tuple and add another comment.
  4. We should note somewhere that FILES and POST params are lazily parsed. Just in case someone writes a middleware that parses it early.
    1. I added a comment about how Django works
  5. desktop/libs/hadoop/src/hadoop/fs/upload.py (Diff revision 1)
     
     
     
    Could we also note that the auth middleware may not be triggered in time as well?
  6. 
      
romain
Review request changed

Status: Closed (submitted)

Loading...