silverstripe-admin icon indicating copy to clipboard operation
silverstripe-admin copied to clipboard

Published 20 hours ago verified publisher icon silverstripe

FIX return 404 instead of 500 for invalid model class, fixes #570

Open xini opened this issue 1 year ago • 4 comments

Description

When a ModelAdmin is called with a model that doesn’t exist, the fact that it doesn’t exist is exposed in a 500 error if the site is in dev.

Affected: silverstripe/silverstripe-admin 1 and 2 (Silverstripe 4 and 5)

In the init() method of ModelAdmin (https://github.com/silverstripe/silverstripe-admin/blob/2/code/ModelAdmin.php#L165) a RuntimeException is thrown including the class information. This is also the case when there is no user logged into the CMS.

This is the case for v1 and v2 of this module!

Issues

  • #570

Pull request checklist

  • [x] The target branch is correct
  • [x] All commits are relevant to the purpose of the PR (e.g. no debug statements, unrelated refactoring, or arbitrary linting)
    • Small amounts of additional linting are usually okay, but if it makes it hard to concentrate on the relevant changes, ask for the unrelated changes to be reverted, and submitted as a separate PR.
  • [x] The commit messages follow our commit message guidelines
  • [x] The PR follows our contribution guidelines
  • [x] Code changes follow our coding conventions
  • [x] This change is covered with tests (or tests aren't necessary for this change)
  • [ ] Any relevant User Help/Developer documentation is updated; for impactful changes, information is added to the changelog for the intended release
  • [x] CI is green

xini avatar May 28 '24 00:05 xini

I'm not convinced this is desirable. As @dhensby points out in the issue, the existing error is useful for debugging. At a minimum I'd want to keep throwing the exception in dev mode.

Maybe we want a 404 in live and maybe test mode? Though I'd want @silverstripe/core-team to weigh in with their thoughts. In my opinion it's currently working as expected.

GuySartorelli avatar May 28 '24 03:05 GuySartorelli

In the meantime, please retarget this to the 2.2 branch, and either add tests or check the relevant checkbox if tests aren't required.

GuySartorelli avatar May 28 '24 03:05 GuySartorelli

I'd leave it as is. The fact the model doesn't exist would still be exposed, just with a different HTTP code. It might be more confusing, as a developer, to get 404 instead of 500.

michalkleiner avatar May 28 '24 04:05 michalkleiner

I disagree. When an URL is incorrect, like https://www.silverstripe.org/foo, you expect a 404. This should also be the case for a model admin URL like https://www.silverstripe.org/admin/my-admin/foo. There is no logical reason for this to be a 5xx response and not a 404.

xini avatar May 28 '24 05:05 xini