From 85078f4eb39c6827973292a628cdf5ff6b34249a Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Tue, 28 Oct 2008 23:12:41 +0000
Subject:    - If the ``render_view_to_response`` function was called, if the  
    view was found and called, but it returned something that did not     
 implement IResponse, the error would pass by unflagged.  This was     
 noticed when I created a view function that essentially returned      None,
 but received a NotFound error rather than a ValueError when      the view was
 rendered.  This was fixed.

---
 repoze/bfg/router.py          |  4 ----
 repoze/bfg/tests/test_view.py | 21 +++++++++++++++++++++
 repoze/bfg/view.py            | 25 ++++++++++++++++++-------
 3 files changed, 39 insertions(+), 11 deletions(-)

(limited to 'repoze')

diff --git a/repoze/bfg/router.py b/repoze/bfg/router.py
index febc7ad28..2850b14e3 100644
--- a/repoze/bfg/router.py
+++ b/repoze/bfg/router.py
@@ -60,10 +60,6 @@ class Router(object):
             app = HTTPNotFound(request.url)
             return app(environ, start_response)
 
-        if not is_response(response):
-            raise ValueError('response did not implement IResponse: %r'
-                             % response)
-
         dispatch(NewResponse(response))
 
         start_response(response.status, response.headerlist)
diff --git a/repoze/bfg/tests/test_view.py b/repoze/bfg/tests/test_view.py
index 6eee8fbab..3636692a8 100644
--- a/repoze/bfg/tests/test_view.py
+++ b/repoze/bfg/tests/test_view.py
@@ -124,6 +124,27 @@ class RenderViewToResponseTests(unittest.TestCase, BaseTest):
         response = renderer(context, request, name='registered', secure=False)
         self.assertEqual(response.status, '200 OK')
 
+
+    def test_call_view_response_doesnt_implement_IResponse(self):
+        context = DummyContext()
+        from zope.interface import Interface
+        from zope.interface import directlyProvides
+        from repoze.bfg.interfaces import IRequest
+        class IContext(Interface):
+            pass
+        directlyProvides(context, IContext)
+        response = 'abc'
+        view = make_view(response)
+        self._registerView(view, 'registered', IContext, IRequest)
+        environ = self._makeEnviron()
+        from webob import Request
+        request = Request(environ)
+        directlyProvides(request, IRequest)
+        renderer = self._getFUT()
+        self.assertRaises(ValueError, renderer, context, request,
+                          name='registered', secure=False)
+
+
 class RenderViewToIterableTests(unittest.TestCase, BaseTest):
     def _getFUT(self):
         from repoze.bfg.view import render_view_to_iterable
diff --git a/repoze/bfg/view.py b/repoze/bfg/view.py
index 5426b53e5..0012019e7 100644
--- a/repoze/bfg/view.py
+++ b/repoze/bfg/view.py
@@ -6,15 +6,20 @@ from repoze.bfg.interfaces import IViewPermission
 from repoze.bfg.interfaces import IView
 from repoze.bfg.security import Unauthorized
 
+_marker = ()
+
 def render_view_to_response(context, request, name='', secure=True):
     """ Render the view named ``name`` against the specified
     ``context`` and ``request`` to an object implementing
     ``repoze.bfg.interfaces.IResponse`` or ``None`` if no such view
     exists.  This function will return ``None`` if a corresponding
-    view cannot be found.  If ``secure`` is ``True``, and the view is
-    protected by a permission, the permission will be checked before
-    calling the view function.  If the permission check disallows view
-    execution (based on the current security policy), a
+    view cannot be found.  Additionally, this function will raise a
+    ``ValueError`` if a view function is found and called but the view
+    returns an object which does not implement
+    ``repoze.bfg.interfaces.IResponse``.  If ``secure`` is ``True``,
+    and the view is protected by a permission, the permission will be
+    checked before calling the view function.  If the permission check
+    disallows view execution (based on the current security policy), a
     ``repoze.bfg.security.Unauthorized`` exception will be raised; its
     ``args`` attribute explains why the view access was disallowed.
     If ``secure`` is ``False``, no permission checking is done."""
@@ -27,7 +32,15 @@ def render_view_to_response(context, request, name='', secure=True):
                 result = permission(security_policy)
                 if not result:
                     raise Unauthorized(result)
-    return queryMultiAdapter((context, request), IView, name=name)
+    response = queryMultiAdapter((context, request), IView, name=name,
+                                 default=_marker)
+    if response is _marker:
+        return None
+
+    if not is_response(response):
+        raise ValueError('response did not implement IResponse: %r' % response)
+
+    return response
 
 def render_view_to_iterable(context, request, name='', secure=True):
     """ Render the view named ``name`` against the specified
@@ -50,8 +63,6 @@ def render_view_to_iterable(context, request, name='', secure=True):
     response = render_view_to_response(context, request, name, secure)
     if response is None:
         return None
-    if not is_response(response):
-        raise ValueError('response did not implement IResponse: %r' % response)
     return response.app_iter
 
 def render_view(context, request, name='', secure=True):
-- 
cgit v1.2.3