zcml processing allows <securedutility> to override <class> with no warning
Bug #316813 reported by
Brad Crittenden
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
Low
|
Unassigned |
Bug Description
Restrictions placed in a <class> directive in ZCML can be overridden by subsequent <securedutility> directives with no conflict being flagged. The problem is demonstrated in the following pasted diff where the original ignores the permission set for the method 'forReview' while the fixed version works.
Changed in launchpad-foundations: | |
importance: | Undecided → Low |
status: | New → Triaged |
To post a comment you must log in.