Differential D25505
Improve handling queries with "Current Viewer" set while not logged in Authored by aklapper on Jan 4 2024, 11:39. Tags None Referenced Files
Details
Avoid exposing a cryptic exception and instead show an explanatory error message to the user by allowing error handling for PhabricatorTypeaheadInvalidTokenException in PhabricatorApplicationSearchController instead of PhabricatorTypeaheadDatasource. Yes, hardcoding names of child classes is ugly. Better ideas welcome. Create an advanced Maniphest query with "Closed By" set to "Current Viewer" and access the resulting URL while not logged in. Fixes T15704
Diff Detail
Event TimelineComment Actions Is this needed simply because PhabricatorApplicationSearchController doesn't actually have a try { } block to catch this particular case? Maybe we could improve the exception handling instead of return null? I guess I'm fine with this though, since I haven't dug into the details I'm not sure if there is a better solution. The behavior is undeniably improved though so I'm leaning towards accepting it despite the hard coded class name string. Comment Actions Not sure I can follow, there is a try block at https://we.phorge.it/source/phorge/browse/master/src/applications/search/controller/PhabricatorApplicationSearchController.php$246-348 which also catches PhabricatorTypeaheadInvalidTokenException. I don't know why PhabricatorTypeaheadDatasource.php "overwrites" the error handling for PhabricatorTypeaheadInvalidTokenException in PhabricatorApplicationSearchController though. Comment Actions How about other functions that might require a logged-in user? "current Viewer's Projects" for example? Comment Actions the simplest other-solution would be to extract the exception thrown to its own method, and override that method in the child-class: if !(allow_partial) { $this->throwInvalidTokenForNonPartial($function); } ... protected function throwInvalidTokenForNonPartial($function) { throw new PhabricatorTypeaheadInvalidTokenException( pht( 'This datasource ("%s") can not evaluate the function "%s(...)".', get_class($this), $function)); } and then have PhabricatorPeopleUserFunctionDatasource override it with a new exception class, and catch that exception somewhere and convert to a nicer error message... ok, that doesn't sound "simplest" now :) Comment Actions Alternatively, maybe catch the existing exception and show a nice error message + the form? Comment Actions Same Unhandled Exception behavior as described in this ticket for git master and same "Query Errors / Invalid Function: viewer()" behavior with my branch applied. Comment Actions Let's visually mark this to attract people. Side note: I've not found any way to "check if a function exists, but it's just not available" so to allow throw a more suitable exception, and eventually catch just that. Comment Actions IIUC that's what the current patch is doing - see the screenshots in T15704#14922. But it does so by hardcoding a specific class... |