Found some scenarios in which an exception view was wrapped in secure views which is not intended after info.exception_only was added. The main issue encountered is that there were tests for info.exception_only and permission is None but actually a default exception view has permission == NO_PERMISSION_REQUIRED so this new logic normalizes that.
While in there, I was able to re-order a bunch of the logic to early-out quicker.
Because exception views are no longer involved in security checks, this avoids the issue ran into via #3736 where an invalid URL was tested, which shouldn't happen while processing any normal exception views.
fixes https://github.com/Pylons/pyramid/issues/3736
Found some scenarios in which an exception view was wrapped in secure views which is not intended after info.exception_only was added. The main issue encountered is that there were tests for
info.exception_only and permission is Nonebut actually a default exception view haspermission == NO_PERMISSION_REQUIREDso this new logic normalizes that.While in there, I was able to re-order a bunch of the logic to early-out quicker.
Because exception views are no longer involved in security checks, this avoids the issue ran into via #3736 where an invalid URL was tested, which shouldn't happen while processing any normal exception views.