don't open the database for static files (backport from HEAD)

Richard Jones · Richard Jones · commit 71328dde6fb3 · 2003-06-24T05:02:45.000Z
diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py
@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.65.2.11 2003-06-24 04:23:35 anthonybaxter Exp $
+# $Id: client.py,v 1.65.2.12 2003-06-24 05:02:45 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -169,10 +169,15 @@ def inner_main(self):
         self.ok_message = []
         self.error_message = []
         try:
-            # make sure we're identified (even anonymously)
-            self.determine_user()
             # figure out the context and desired content template
+            # do this first so we don't authenticate for static files
+            # Note: this method opens the database as "admin" in order to
+            # perform context checks
             self.determine_context()
+
+            # make sure we're identified (even anonymously)
+            self.determine_user()
+
             # possibly handle a form submit action (may change self.classname
             # and self.template, and may also append error/ok_messages)
             self.handle_action()
@@ -212,9 +217,7 @@ def inner_main(self):
     def determine_user(self):
         ''' Determine who the user is
         '''
-        # determine the uid to use
-        self.opendb('admin')
-
+        # clean age sessions
         self.clean_sessions()
 
         # make sure we have the session Class
@@ -331,6 +334,9 @@ def determine_context(self, dre=re.compile(r'([^\d]+)(\d+)')):
                 # send the file identified by the designator in path[0]
                 raise SendFile, path[0]
 
+        # we need the db for further context stuff - open it as admin
+        self.opendb('admin')
+
         # see if we got a designator
         m = dre.match(self.classname)
         if m:
