检查用户权限时Django runserver的空白响应 [英] Blank responses from Django runserver when checking user permissions
问题描述
我有类似的问题,列于
和
以下是其中一个意见:
@ transaction.commit_on_success
@occ_update
@checks_status
def hold(request):
如果没有request.user.has_perm('
return error_response_rollback(NO_PERMISSION_MSG%hold orders)
order = Order.objects.get(pk = request.POST.get('pk'))
occ_revision = int(request.POST.get('occ_revision'))
agent = Agent.get_agent(request.user)
action = Action(agent = agent,t ype ='hold_order',
comments = request.POST.get('comments'))
action.save()
order.hold(action,occ_revision)
return ok_response_commit (顺序保持成功)
error_response_rollback回滚事务并返回一个HTTP的HttpResponse作为其内容。
我正在对我的应用程序中的许多视图添加权限检查,并且当用户没有正确的权限时,返回空白响应。
不过像上面提到的问题一样,如果你把一个
打印请求
或
request.POST
语句在权限检查之前,将返回NO_PERMISSION_MSG JSON字符串每次都正确地浏览浏览器(error_response_rollback返回一个带有JSON的HttpResponse对象)。
当您在打印请求之前检查权限时,您会得到空白的响应, strong>不要具有正确的权限。
您不会得到空白回复:
- 用户具有正确的权限
- 打印请求语句在任何权限检查之前
- 您使用Firefox在任何时候。
@occ_update和@checks_status装饰器只是捕获异常。
我正在Chrome开发,而且这些都不是Firefox的一个问题。
>我发现一个页面建议在WSGIRequest对象传递给视图之前重载WSGIRequest对象,但这对我来说似乎是愚蠢的,我宁愿找出真正的解决方案。 / p>
有没有人知道runserver命令的任何修复/设置,以帮助这个问题,而不是黑客的请求?我的用户主要使用Chrome,所以我宁愿继续使用它...我们会看到。目前在Windows中使用Django 1.3.1开发
我已经考虑过一个选项,就是使另一个manage.py命令来处理这个问题,但是也似乎很傻。 >
谢谢
更新:
我已经能够重新组织我的代码,以便在从POST读取一些数据后进行任何权限检查。这似乎已经消除了这个问题的任何症状。它仍然不是理想的,但它是插入中间件阅读文章的好选择。并且在所有应用程序中并不总是可能的。
请注意,如果您有类似的情况,只是无法弄清楚。
request.POST 在返回一个HttpResponse之前。原因在链接中描述。您不必重写一个处理程序,只需在返回代码之前放置
request.POST 行,或者在一些装饰器或中间件之内。我在半年前曾经在生产现场遇到这个问题,并把它放在一个中间件来解决它。
I have a similar problem to those listed in
Django produces blank pages when POST data is sent and Models are accessed
and
Nginx connection reset, response from uWsgi lost
Here is one of the views in question:
@transaction.commit_on_success
@occ_update
@checks_status
def hold(request):
if not request.user.has_perm('orders.hold'):
return error_response_rollback(NO_PERMISSION_MSG % "hold orders")
order = Order.objects.get(pk=request.POST.get('pk'))
occ_revision = int(request.POST.get('occ_revision'))
agent = Agent.get_agent(request.user)
action = Action(agent=agent, type='hold_order',
comments=request.POST.get('comments'))
action.save()
order.hold(action, occ_revision)
return ok_response_commit("Order held successfully.")
error_response_rollback rolls back the transaction and returns an HttpResponse with JSON as its contents.
I am adding permission checking to many of my views in my application and when the user does not have the correct permission, a blank response is returned.
However like the questions referenced above, if you put a
print request
or
request.POST
statement BEFORE the permission check, the NO_PERMISSION_MSG JSON string is returned to the browser correctly every time (error_response_rollback returns an HttpResponse object with JSON in it.)
You get blank responses when you check permissions before the "print request" and they do not have the correct permissions.
You do NOT get blank responses when:
- the user has the correct permissions
- a "print request" statement is before any permission check
- you use Firefox at any point.
The @occ_update and @checks_status decorators just catch exceptions. These problems occur with and without them present.
I'm developing in Chrome and none of this is an issue in Firefox.
One page I found suggested overloading the WSGIRequest object to read the request before it is passed to the view but this seems icky to me and I'd rather find out the real solution.
Does anyone know of any fixes/settings to the runserver command to help this issue without hacking on the request? My users are primarily using Chrome so I'd prefer to keep using it... we'll see. Currently developing in Windows using Django 1.3.1
One option I have considered is making another manage.py command to handle this but that, too, seems icky.
Thanks
Update:
I have been able to re-organize my code so that any permission checks happen after some bit of data is read from the POST. This seems to have eliminated any symptoms of this problem. It's still not ideal but it is a good alternative to inserting middleware to read the post. and won't always be possible in all applications.
Please comment if you have a similar situation and just can't figure it out.
As saying in the second link in your post, especially http://forum.nginx.org/read.php?2,196581 : when you works w/ Nginx and uWSGI and get a non-empty POST, always read the request.POST before return an HttpResponse. The reason is described in the link.
You don't have to override an handler, just put the request.POST line before the return code, or inside some decorator or middleware.
I encountered this issue for production site half a year ago and put the line in a middleware to solve it.
这篇关于检查用户权限时Django runserver的空白响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
