From c777d1a13b3d6c22a3b18c6453f4edd6801ccc8a Mon Sep 17 00:00:00 2001
From: Scott Torborg <scott@crookedmedia.com>
Date: Thu, 5 Nov 2009 17:11:23 -1000
Subject: [PATCH 1/1] throw a 404 when trying to edit an expenditure or
 transfer that doesn't exist

---
 bluechips/controllers/spend.py    | 5 +++++
 bluechips/controllers/transfer.py | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/bluechips/controllers/spend.py b/bluechips/controllers/spend.py
index e3ea675..45db96d 100644
--- a/bluechips/controllers/spend.py
+++ b/bluechips/controllers/spend.py
@@ -11,6 +11,7 @@ from bluechips.lib.base import *
 from pylons import request, app_globals as g
 from pylons.decorators.rest import dispatch_on
 from pylons.decorators import validate
+from pylons.controllers.util import abort
 
 from formencode import validators, Schema
 from formencode.foreach import ForEach
@@ -64,6 +65,8 @@ class SpendController(BaseController):
         else:
             c.title = 'Edit an Expenditure'
             c.expenditure = meta.Session.query(model.Expenditure).get(id)
+            if c.expenditure is None:
+                abort(404)
         return render('/spend/index.mako')
 
     @validate(schema=ExpenditureSchema(), form='edit', variable_decode=True)
@@ -76,6 +79,8 @@ class SpendController(BaseController):
             op = 'created'
         else:
             e = meta.Session.query(model.Expenditure).get(id)
+            if e is None:
+                abort(404)
             op = 'updated'
         
         # Set the fields that were submitted
diff --git a/bluechips/controllers/transfer.py b/bluechips/controllers/transfer.py
index 016f508..5aa8be2 100644
--- a/bluechips/controllers/transfer.py
+++ b/bluechips/controllers/transfer.py
@@ -10,6 +10,7 @@ from bluechips.lib.base import *
 
 from pylons import request, app_globals as g
 from pylons.decorators import validate
+from pylons.controllers.util import abort
 
 from formencode import Schema, validators
 
@@ -42,6 +43,8 @@ class TransferController(BaseController):
         else:
             c.title = 'Edit a Transfer'
             c.transfer = meta.Session.query(model.Transfer).get(id)
+            if c.transfer is None:
+                abort(404)
         return render('/transfer/index.mako')
     
     @validate(schema=TransferSchema(), form='edit')
@@ -52,6 +55,8 @@ class TransferController(BaseController):
             op = 'created'
         else:
             t = meta.Session.query(model.Transfer).get(id)
+            if t is None:
+                abort(404)
             op = 'updated'
         
         update_sar(t, self.form_result)
-- 
2.45.2