SecurityInfo Conflicting security declarations no longer include traceback
Bug #142978 reported by
ChrisW
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
And without the traceback, it's pretty hard to see what's causing the problem :-(
Changed in zope2: | |
importance: | Medium → Wishlist |
Changed in zope2: | |
status: | New → Triaged |
To post a comment you must log in.
I'm not sure what the behavior was like before, but the reason why there is no traceback is because there is no exception. Warnings are issued in the log containing both the class name and conflicting method or role names.
IMO, Zope should raise a hard exception and refuse to start in debug mode if there are security conflicts. I tried to implement this, but unfortunately, the code executed too early to import DevelopmentMode from Globals. It causes a circular import when ZConfig tries to load the zope.conf and everything falls over.
If someone has any insights on how I can access the debug-mode config setting inside of AccessControl. SecurityInfo, I will be happy to implement a fix for this.