Change some 400 errors to 405 (method not allowed) errors where user is

tryng to delete or modify a read only attribute/resource.

Fix errors generated when output dict include exceptions and we are
generating XML output. Add XML header with encoding to xml output.

Author: rouilj

roundup/rest.py

@@ -1030,7 +1030,7 @@ def put_attribute(self, class_name, item_id, attr_name, input):
         except KeyError as message:
             # key error returned for changing protected keys
             # and changing invalid keys
-            raise UsageError(message)
+            raise AttributeError(message)
 
         result = {
             'id': item_id,
@@ -1150,7 +1150,7 @@ def delete_attribute(self, class_name, item_id, attr_name, input):
         class_obj = self.db.getclass(class_name)
         if attr_name not in class_obj.getprops(protected=False):
             if attr_name in class_obj.getprops(protected=True):
-                raise UsageError("Attribute '%s' can not be updated " \
+                raise AttributeError("Attribute '%s' can not be deleted " \
                                  "for class %s."%(attr_name, class_name))
             else:
                 raise UsageError("Attribute '%s' not valid for class %s."%(
@@ -1326,7 +1326,7 @@ def patch_attribute(self, class_name, item_id, attr_name, input):
         class_obj = self.db.getclass(class_name)
         if attr_name not in class_obj.getprops(protected=False):
             if attr_name in class_obj.getprops(protected=True):
-                raise UsageError("Attribute '%s' can not be updated " \
+                raise AttributeError("Attribute '%s' can not be updated " \
                                  "for class %s."%(attr_name, class_name))
 
         self.raise_if_no_etag(class_name, item_id, input)
@@ -1671,7 +1671,31 @@ def dispatch(self, method, uri, input):
             output = RoundupJSONEncoder(indent=indent).encode(output)
         elif data_type.lower() == "xml" and dicttoxml:
             self.client.setHeader("Content-Type", "application/xml")
-            output = b2s(dicttoxml(output, root=False))
+            if 'error' in output:
+                # capture values in error with types unsupported
+                # by dicttoxml e.g. an exception, into something it
+                # can handle
+                import numbers
+                import collections
+                for key,val in output['error'].items():
+                    if isinstance(val, numbers.Number) or type(val) in \
+                       (str, unicode):
+                        pass
+                    elif hasattr(val, 'isoformat'): # datetime
+                        pass
+                    elif type(val) == bool:
+                        pass
+                    elif isinstance(val, dict):
+                        pass
+                    elif isinstance(val, collections.Iterable):
+                        pass
+                    elif val is None:
+                        pass
+                    else:
+                        output['error'][key] = str(val)
+
+            output = '<?xml version="1.0" encoding="UTF-8" ?>\n' + \
+                     b2s(dicttoxml(output, root=False))
         else:
             # FIXME?? consider moving this earlier. We should
             # error out before doing any work if we can't

test/rest_common.py

@@ -1085,15 +1085,15 @@ def testPutAttribute(self):
         results = self.server.put_attribute(
             'user', self.joeid, 'creator', form
         )
-        expected= {'error': {'status': 400, 'msg': 
-                             UsageError('\'"creator", "actor", "creation" and '
+        expected= {'error': {'status': 405, 'msg': 
+                             AttributeError('\'"creator", "actor", "creation" and '
                                         '"activity" are reserved\'')}}
         print(results)
         self.assertEqual(results['error']['status'],
                          expected['error']['status'])
         self.assertEqual(type(results['error']['msg']),
                          type(expected['error']['msg']))
-        self.assertEqual(self.dummy_client.response_code, 400)
+        self.assertEqual(self.dummy_client.response_code, 405)
 
         # put invalid property
         # make sure we don't have permission issues
@@ -1272,15 +1272,15 @@ def testDeleteAttributeUri(self):
             'issue', issue_id, 'creator', form
         )
         expected= {'error': {
-            'status': 400, 
-            'msg': UsageError("Attribute 'creator' can not be updated for class issue.")
+            'status': 405, 
+            'msg': AttributeError("Attribute 'creator' can not be updated for class issue.")
         }}
 
         self.assertEqual(results['error']['status'],
                          expected['error']['status'])
         self.assertEqual(type(results['error']['msg']),
                          type(expected['error']['msg']))
-        self.assertEqual(self.dummy_client.response_code, 400)
+        self.assertEqual(self.dummy_client.response_code, 405)
 
         # delete required property
         etag = calculate_etag(self.db.issue.getnode(issue_id))