OOPS created when a canonical.com site links to a private page w/out access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Benji York |
Bug Description
We generate an OOPS when a 404 occurs *and* the referrer is launchpad itself, or a number of select related sites (like canonical.com). OOPS-1872D1945 was triggered when a staff member followed a link on the wiki to a team which is private and they couldn't see.
This behaviour is correct if launchpad had generated the link - we shouldn't generate links to confidential things someone cannot access. However related sites with static links may put the URL for confidential things so that staff know how to get at the thing *once* they are granted access.
One way to stop this OOPS occuring would be to only care about 404s on referrers from LP (and (dev,help)
Another, more complex approach would be to categorise 404s into 'hidden' and 'really not there' and then for hidden cases from not-launchpad-
Of these two solutions I suspect the simplest solution is best - but there may be other approaches.
Related branches
- Aaron Bentley (community): Approve
-
Diff: 51 lines (+30/-1)2 files modifiedlib/canonical/launchpad/webapp/errorlog.py (+6/-1)
lib/canonical/launchpad/webapp/tests/test_errorlog.py (+24/-0)
Changed in launchpad: | |
assignee: | nobody → Benji York (benji) |
Changed in launchpad: | |
status: | Triaged → In Progress |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
This issue may become moot when implement the disclosure feature. The intent to to permit grant view on teams and projects. The specific case for knowing we are done is when canonical staff can see private canonical teams, bugs, and branches. I believe the 404+oops could only happen for users who are not authenticated.