From 98acce88c71a437bda17e80d463e6b1a1095f136 Mon Sep 17 00:00:00 2001 From: Daniel Schadt Date: Sat, 2 Jul 2022 20:31:40 +0200 Subject: return 404 when track is not found --- fietsboek/views/detail.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fietsboek/views/detail.py b/fietsboek/views/detail.py index f8fc54b..ba7e946 100644 --- a/fietsboek/views/detail.py +++ b/fietsboek/views/detail.py @@ -3,7 +3,7 @@ import datetime from pyramid.view import view_config from pyramid.response import Response -from pyramid.httpexceptions import HTTPForbidden, HTTPFound +from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound from sqlalchemy import select @@ -20,7 +20,9 @@ def details(request): :rtype: pyramid.response.Response """ query = select(models.Track).filter_by(id=request.matchdict["id"]) - track = request.dbsession.execute(query).scalar_one() + track = request.dbsession.execute(query).scalar_one_or_none() + if track is None: + return HTTPNotFound() if (not track.is_visible_to(request.identity) and request.GET.get('secret') != track.link_secret): return HTTPForbidden() @@ -44,7 +46,9 @@ def gpx(request): :rtype: pyramid.response.Response """ query = select(models.Track).filter_by(id=request.matchdict["id"]) - track = request.dbsession.execute(query).scalar_one() + track = request.dbsession.execute(query).scalar_one_or_none() + if track is None: + return HTTPNotFound() if (not track.is_visible_to(request.identity) and request.GET.get('secret') != track.link_secret): return HTTPForbidden() -- cgit v1.2.3