[Zope-Coders] Hidden Attribute Error
Shane Hathaway
shane@zope.com
Wed, 05 Mar 2003 10:02:42 -0500
Christian Theune wrote:
> Hi.
>
> This costed me a lot of time to debug. I had an AttributeError which was
> within the security/authorization machinery.
>
> It was hidden by the reraise (with Unauthorized) here:
>
> lib/python/AccessControl/ZopeGuards.py line 61-64
>
> I propose to only raise it as Unauthorized if in Production mode. Debug
> mode shouldn't hide those kinds of errors.
>
> If you are fine with that, I can give a fix for that.
Ow, that would hurt. :-(
You're talking about the Zope HEAD, right? This code is different on
the 2_6 branch.
Here's the problem: ZopeSecurityPolicy doesn't always raise Unauthorized
when it should. Sometimes it simply returns "false". This leads to
Acquisition.c raising an AttributeError. In guarded_getattr(), that
situation is unacceptable: the system needs to see Unauthorized in order
to prompt the user for credentials. So guarded_getattr() converts the
AttributeError to the Unauthorized that it should have been.
This has been a major source of bugs. I think ZopeSecurityPolicy needs
to be fixed so that we don't have to convert exceptions. I think it
should always raise Unauthorized when the user is denied access to
something. The change is quite simple, but it will probably expose bugs
in Zope and/or products (we'll get more Unauthorized errors than we used
to). What do you think?
Shane