From de0d45b0b9e4df910d36f1614ec6e7843c17eb04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Mon, 28 Dec 2015 17:07:34 +0100
Subject: [PATCH] backoffice: return 404 for URIs that do not match any role
 (#8571)

---
 wcs/admin/roles.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wcs/admin/roles.py b/wcs/admin/roles.py
index e63bbd6..d22dcde 100644
--- a/wcs/admin/roles.py
+++ b/wcs/admin/roles.py
@@ -18,6 +18,7 @@ from quixote import redirect
 from quixote.directory import Directory
 from quixote.html import TemplateIO, htmltext
 
+from qommon import errors
 from qommon.form import *
 
 from qommon.backoffice.menu import html_top
@@ -73,7 +74,10 @@ class RolePage(Directory):
     _q_exports = ['', "edit", "delete"]
 
     def __init__(self, component):
-        self.role = Role.get(component)
+        try:
+            self.role = Role.get(component)
+        except KeyError:
+            raise errors.TraversalError()
         self.role_ui = RoleUI(self.role)
         get_response().breadcrumb.append((component + '/', self.role.name))
 
-- 
2.6.4