Respond to API requests with 503 when read-only mode
Review Request #8657 — Created Jan. 21, 2017 and submitted
Read-only mode is a setting an admin can enable to prevent writes to
the database. This can be used when the site is under maintenence or
being upgraded. The previous commit added the siteconfig attribute and
a checkbox to toggle the mode. This commit adds a new 503 error to
Review Board's webapi. Furthermore, all requests that hit RB's API
usingPUT,POST,DELETEmethods while read-only mode is on, and
the user is not a superuser, will return the new 503 error. A utility
fileread_only.pyhas been added which deals with the logic and
caching of determining when a user should be affected by read-only
mode.
Added new Python unit tests that send API requests as superuser and
non-superuser
Ran the Python unit test suite
Check that modifying/deleting review requests and comments works
properly
| Description | From | Last Updated |
|---|---|---|
|
Can you wrap your description at 72 characters? |
 brennie
|
|
|
Col: 80 E501 line too long (80 > 79 characters) |
 reviewbot
|
|
|
request.user should always be an object. If the user is logged in, it will be a User. Otherwise it will … |
brennie
|
|
|
This needs a default value in reviewboard/admin/siteconfig.py |
brennie
|
|
|
The performance difference between set and tuple here is probably negligible, but we should probably just use tuple (i.e., ('POST', … |
brennie
|
|
|
'SiteConfiguration' imported but unused |
reviewbot
|
|
|
Col: 1 E302 expected 2 blank lines, found 1 |
reviewbot
|
|
|
Col: 39 E703 statement ends with a semicolon |
reviewbot
|
|
|
Missing docstring. |
brennie
|
|
|
Docstrings for tests should begin with "Testing" |
brennie
|
|
|
Can you pass the boolean params as keywords? It makes the test cases clearer. |
brennie
|
|
|
Col: 45 E201 whitespace after '[' |
reviewbot
|
|
|
How about "If read-only mode is enabled, all PUT, POST, and DELETE requests will be rejected with a 503 Service … |
brennie
|
|
|
"these" |
brennie
|
|
|
There are other mutable types of requests that may be supported down the road. I'd change this to request.method not … |
 chipx86
|
|
|
Can you verify that all unit tests for Review Board pass? My concern is that the siteconfig changes made in … |
chipx86
|
|
|
Blank line between these. |
chipx86
|
|
|
Blank line between these. |
chipx86
|
|
|
Two blank lines. |
chipx86
|
|
|
I don't know that we need to cache this, since SiteConfiguration.objects.get_current() will only hit the database the first time its … |
brennie
|
|
|
Docstring. |
brennie
|
-
-
request.usershould always be an object. If the user is logged in, it will be aUser. Otherwise it will be anAnonymousUser(for whichis_superuserwill beFalse). -
-
The performance difference between
setandtuplehere is probably negligible, but we should probably just usetuple(i.e.,('POST', 'PUT', 'DELETE')).setis (I believe) backed by a red-black tree and so will have to allocate memory for the nodes, as well as do bunch of other overhead work.
- Change Summary:
-
Updated according to comments; formatting and update test by adding user to requests
- Commit:
-
2f476e2153e798fcc9e0865c05a7c996aa3ae595e04ec08999f4d629fd32c727a7316a130b175dd0
-
Tool: PEP8 Style Checker Processed Files: reviewboard/admin/siteconfig.py reviewboard/admin/forms.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py reviewboard/webapi/base.py Tool: Pyflakes Processed Files: reviewboard/admin/siteconfig.py reviewboard/admin/forms.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py reviewboard/webapi/base.py -
-
Tool: PEP8 Style Checker Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py Tool: Pyflakes Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py
- Change Summary:
-
Updated with responses with Barret's comments. Also updated tests to include an argument for expected outcome instead of coding an expected behaviour into the test.
-
Tool: Pyflakes Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py Tool: PEP8 Style Checker Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py
-
-
There are other mutable types of requests that may be supported down the road. I'd change this to
request.method not in ('GET', 'HEAD', 'OPTIONS'), since those are all safe. -
Can you verify that all unit tests for Review Board pass? My concern is that the
siteconfigchanges made in the unit tests could leak. Just in case, could you have thetearDown()method resetsite_read_onlyback to defaults? -
-
- Change Summary:
-
Revised according to comments.
- Description:
-
~ Read-only mode is a setting an admin can enable to prevent writes to the database. This can be used when the site is under maintenence or being upgraded. The previous commit added the siteconfig attribute and a checkbox to toggle the mode. This commit adds a new 503 error to Review Board's webapi. Furthermore, all requests that hit RB's API using
PUT,POST,DELETEmethods while read-only mode is on, and the user is not a superuser, will return the new 503 error.~ Read-only mode is a setting an admin can enable to prevent writes to
+ the database. This can be used when the site is under maintenence or + being upgraded. The previous commit added the siteconfig attribute and + a checkbox to toggle the mode. This commit adds a new 503 error to + Review Board's webapi. Furthermore, all requests that hit RB's API + using PUT,POST,DELETEmethods while read-only mode is on, and+ the user is not a superuser, will return the new 503 error. - Testing Done:
-
~ Added new Python unit tests that send API requests as superuser and non-superuser
~ Added new Python unit tests that send API requests as superuser and
+ non-superuser Ran the Python unit test suite ~ Check that modifying/deleting review requests and comments works properly ~ Check that modifying/deleting review requests and comments works + properly
-
Tool: Pyflakes Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py Tool: PEP8 Style Checker Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py
-
Tool: Pyflakes Processed Files: reviewboard/webapi/base.py reviewboard/admin/read_only.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py Tool: PEP8 Style Checker Processed Files: reviewboard/webapi/base.py reviewboard/admin/read_only.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py
- Description:
-
Read-only mode is a setting an admin can enable to prevent writes to
the database. This can be used when the site is under maintenence or being upgraded. The previous commit added the siteconfig attribute and a checkbox to toggle the mode. This commit adds a new 503 error to Review Board's webapi. Furthermore, all requests that hit RB's API using PUT,POST,DELETEmethods while read-only mode is on, and~ the user is not a superuser, will return the new 503 error. ~ the user is not a superuser, will return the new 503 error. A utility + file read_only.pyhas been added which deals with the logic and+ caching of determining when a user should be affected by read-only + mode.
Tool: Pyflakes Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py Tool: PEP8 Style Checker Processed Files: reviewboard/webapi/base.py reviewboard/webapi/tests/test_base.py reviewboard/webapi/errors.py