From 17ce5747ea36df10ec78e0af7140b55f691f5016 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sun, 2 Nov 2008 17:27:33 +0000 Subject: Features - The ``BFG_DEBUG_AUTHORIZATION`` envvar and the ``debug_authorization`` config file value now only imply debugging of view-invoked security checks. Previously, information was printed for every call to ``has_permission`` as well, which made output confusing. To debug ``has_permission`` checks and other manual permission checks, use the debugger and print statements in your own code. - Authorization debugging info is now only present in the HTTP response body oif ``debug_authorization`` is true. - The format of authorization debug messages was improved. - A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric ``debug_notfound`` config file value was added. When either is true, and a NotFound response is returned by the BFG router (because a view could not be found), debugging information is printed to stderr. When this value is set true, the body of HTTPNotFound responses will also contain the same debugging information. - ``Allowed`` and ``Denied`` responses from the security machinery are now specialized into two types: ACL types, and non-ACL types. The ACL-related responses are instances of ``repoze.bfg.security.ACLAllowed`` and ``repoze.bfg.security.ACLDenied``. The non-ACL-related responses are ``repoze.bfg.security.Allowed`` and ``repoze.bfg.security.Denied``. The allowed-type responses continue to evaluate equal to things that themselves evaluate equal to the ``True`` boolean, while the denied-type responses continue to evaluate equal to things that themselves evaluate equal to the ``False`` boolean. The only difference between the two types is the information attached to them for debugging purposes. - Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all`` config file value. When either is true, all other debug-related flags are set true unconditionally (e.g. ``debug_notfound`` and ``debug_authorization``). Documentation - Added info about debug flag changes. - Added a section to the security chapter named "Debugging Imperative Authorization Failures" (for e.g. ``has_permssion``). --- docs/narr/traversal.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'docs/narr/traversal.rst') diff --git a/docs/narr/traversal.rst b/docs/narr/traversal.rst index d57cf8f02..6ed2dabd1 100644 --- a/docs/narr/traversal.rst +++ b/docs/narr/traversal.rst @@ -129,11 +129,25 @@ code to execute: and the context. If a view function is found, it is called with the context and the request. It returns a response, which is fed back upstream. If a view is not found, a generic WSGI - ``NotFound`` application is constructed. + ``NotFound`` application is constructed and returned. In either case, the result is returned upstream via the :term:`WSGI` protocol. +.. _debug_notfound_section: + +NotFound Errors +--------------- + +It's useful to be able to debug ``NotFound`` errors when they occur +unexpectedly due to an application registry misconfiguration. To +debug these errors, use the ``BFG_DEBUG_NOTFOUND`` environment +variable or the ``debug_notfound`` configuration file setting. +Details of why a view was not found will be printed to stderr, and the +browser representation of the error will include the same information. +See :ref:`environment_chapter` for more information about how and +where to set these values. + A Traversal Example ------------------- -- cgit v1.2.3