Mercurial Mercurial > pub > hg > cubicweb / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/security.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Fri, 19 Feb 2010 09:34:14 +0100
branchstable
changeset 4643 921737d2e3a8
parent 4577 049d92fc8614
child 4835 13b0b96d7982
permissions -rw-r--r--
fix optimisation with super session that may lead to integrity loss at some point I've decided to stop ensuring ?1 cardinality was respected when adding a new relation using a super session, to avoid the cost of the delete query. That was yet discussable because it introduced unexpected difference between execute and unsafe_execute, which is imo not worth it. Also, now that rql() in migration script default to unsafe_execute, we definitly don't want that implicit behaviour change (which already cause bug when for instance adding another default workflow for an entity type: without that fix we end up with *two* default workflows while the schema tells we can have only one. IMO we should go to the direction that super session skip all security check, but nothing else, unless explicitly asked.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset 
     1
 
"""Security hooks: check permissions to add/delete/update entities according to
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset 
     2
 
the user connected to a session
b97547f5f1fa Showtime !
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
diff changeset 
     3
 












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




     4


:organization: Logilab







4212






ab6573088b4a
update copyright: welcome 2010



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
3689

diff
changeset




     5


:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




     6


:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr







1977






606923dff11b
big bunch of copyright / docstring update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
1802

diff
changeset




     7


:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




     8


"""












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




     9


__docformat__ = "restructuredtext en"












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    10














b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    11


from cubicweb import Unauthorized







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    12


from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    13









0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    14









4577






049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    15


def check_entity_attributes(session, entity, editedattrs=None):







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    16


    eid = entity.eid












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    17


    eschema = entity.e_schema












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    18


    # ._default_set is only there on entity creation to indicate unspecified












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    19


    # attributes which has been set to a default value defined in the schema












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    20


    defaults = getattr(entity, '_default_set', ())







4577






049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    21


    if editedattrs is None:












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    22


        try:












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    23


            editedattrs = entity.edited_attributes












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    24


        except AttributeError:












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    25


            editedattrs = entity







2647






b0a2e779845c
enable server side entity caching, 25% speedup on codenaf insertion. ALL CW TESTS OK



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
1977

diff
changeset




    26


    for attr in editedattrs:







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    27


        if attr in defaults:












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    28


            continue







3877






7ca53fc72a0a
reldefsecurity branch :



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3689

diff
changeset




    29


        rdef = eschema.rdef(attr)












7ca53fc72a0a
reldefsecurity branch :



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3689

diff
changeset




    30


        if rdef.final: # non final relation are checked by other hooks







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    31


            # add/delete should be equivalent (XXX: unify them into 'update' ?)







4570






ede247bbbf62
follow yams api change: attributes permissions are now defined for



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4252

diff
changeset




    32


            rdef.check_perm(session, 'update', eid=eid)







1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    33














d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    34









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    35


class _CheckEntityPermissionOp(hook.LateOperation):







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    36


    def precommit_event(self):












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    37


        #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    38


        self.entity.check_perm(self.action)







4577






049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    39


        check_entity_attributes(self.session, self.entity, self.editedattrs)







1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    40









0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    41


    def commit_event(self):












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    42


        pass







1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    43














d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    44









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    45


class _CheckRelationPermissionOp(hook.LateOperation):







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    46


    def precommit_event(self):







3890






d7a270f50f54
backport stable branch (one more time painfully)



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3877
3720

diff
changeset




    47


        rdef = self.rschema.rdef(self.session.describe(self.eidfrom)[0],












d7a270f50f54
backport stable branch (one more time painfully)



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3877
3720

diff
changeset




    48


                                 self.session.describe(self.eidto)[0])







3877






7ca53fc72a0a
reldefsecurity branch :



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3689

diff
changeset




    49


        rdef.check_perm(self.session, self.action,







3890






d7a270f50f54
backport stable branch (one more time painfully)



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3877
3720

diff
changeset




    50


                        fromeid=self.eidfrom, toeid=self.eidto)







1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    51









0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    52


    def commit_event(self):












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    53


        pass







1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    54









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    55














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    56


class SecurityHook(hook.Hook):












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    57


    __abstract__ = True












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    58


    category = 'security'












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    59


    __select__ = hook.Hook.__select__ & hook.regular_session()












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    60









0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    61









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    62


class AfterAddEntitySecurityHook(SecurityHook):







3376






f5c69485381f
[appobjects] use __regid__ instead of __id__, more explicit



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2968

diff
changeset




    63


    __regid__ = 'securityafteraddentity'







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    64


    events = ('after_add_entity',)












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    65














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    66


    def __call__(self):







4577






049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    67


        _CheckEntityPermissionOp(self._cw, entity=self.entity,












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    68


                                 editedattrs=tuple(self.entity.edited_attributes),












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    69


                                 action='add')







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    70














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    71














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    72


class AfterUpdateEntitySecurityHook(SecurityHook):







3376






f5c69485381f
[appobjects] use __regid__ instead of __id__, more explicit



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2968

diff
changeset




    73


    __regid__ = 'securityafterupdateentity'







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    74


    events = ('after_update_entity',)












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    75














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    76


    def __call__(self):







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    77


        try:












b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    78


            # check user has permission right now, if not retry at commit time







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    79


            self.entity.check_perm('update')







2847






c2ee28f4d4b1
use ._cw instead of .cw_req



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2835

diff
changeset




    80


            check_entity_attributes(self._cw, self.entity)







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    81


        except Unauthorized:







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    82


            self.entity.clear_local_perm_cache('update')







4577






049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    83


            # save back editedattrs in case the entity is reedited later in the












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    84


            # same transaction, which will lead to edited_attributes being












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    85


            # overwritten












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    86


            _CheckEntityPermissionOp(self._cw, entity=self.entity,












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    87


                                     editedattrs=tuple(self.entity.edited_attributes),












049d92fc8614
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4570

diff
changeset




    88


                                     action='update')







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    89














b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




    90









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    91


class BeforeDelEntitySecurityHook(SecurityHook):







3376






f5c69485381f
[appobjects] use __regid__ instead of __id__, more explicit



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2968

diff
changeset




    92


    __regid__ = 'securitybeforedelentity'







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    93


    events = ('before_delete_entity',)












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    94














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    95


    def __call__(self):







2895






903bd3f89f80
should directly use entity.check_perm now that we've an entity instance



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2847

diff
changeset




    96


        self.entity.check_perm('delete')







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    97









1802






d628defebc17
delete-trailing-whitespace + some copyright update



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 
479

diff
changeset




    98









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




    99


class BeforeAddRelationSecurityHook(SecurityHook):







3376






f5c69485381f
[appobjects] use __regid__ instead of __id__, more explicit



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2968

diff
changeset




   100


    __regid__ = 'securitybeforeaddrelation'







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   101


    events = ('before_add_relation',)












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   102














04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   103


    def __call__(self):












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   104


        if self.rtype in BEFORE_ADD_RELATIONS:







2968






0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   105


            nocheck = self._cw.transaction_data.get('skip-security', ())












0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   106


            if (self.eidfrom, self.rtype, self.eidto) in nocheck:












0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   107


                return







2847






c2ee28f4d4b1
use ._cw instead of .cw_req



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2835

diff
changeset




   108


            rschema = self._cw.repo.schema[self.rtype]







3890






d7a270f50f54
backport stable branch (one more time painfully)



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3877
3720

diff
changeset




   109


            rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0],












d7a270f50f54
backport stable branch (one more time painfully)



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
3877
3720

diff
changeset




   110


                                self._cw.describe(self.eidto)[0])







4190






742e3eb16f81
fix bad merge



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4048

diff
changeset




   111


            rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto)







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   112









0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




   113









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   114


class AfterAddRelationSecurityHook(SecurityHook):







3376






f5c69485381f
[appobjects] use __regid__ instead of __id__, more explicit



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2968

diff
changeset




   115


    __regid__ = 'securityafteraddrelation'







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   116


    events = ('after_add_relation',)







0






b97547f5f1fa
Showtime !



Adrien Di Mascio <Adrien.DiMascio@logilab.fr>


parents: 

diff
changeset




   117









2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   118


    def __call__(self):












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   119


        if not self.rtype in BEFORE_ADD_RELATIONS:







2968






0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   120


            nocheck = self._cw.transaction_data.get('skip-security', ())












0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   121


            if (self.eidfrom, self.rtype, self.eidto) in nocheck:












0e3460341023
somewhat painful backport of 3.5 branch, should mostly be ok



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2920
2895

diff
changeset




   122


                return







2847






c2ee28f4d4b1
use ._cw instead of .cw_req



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2835

diff
changeset




   123


            rschema = self._cw.repo.schema[self.rtype]







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   124


            if self.rtype in ON_COMMIT_ADD_RELATIONS:







2847






c2ee28f4d4b1
use ._cw instead of .cw_req



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2835

diff
changeset




   125


                _CheckRelationPermissionOp(self._cw, action='add',







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   126


                                           rschema=rschema,












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   127


                                           eidfrom=self.eidfrom,












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   128


                                           eidto=self.eidto)












04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   129


            else:







4003






b9436fe77c9e
fix bad merge



Sandrine Ribeau <sandrine.ribeau@logilab.fr>


parents: 
3890

diff
changeset




   130


                rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0],












b9436fe77c9e
fix bad merge



Sandrine Ribeau <sandrine.ribeau@logilab.fr>


parents: 
3890

diff
changeset




   131


                                    self._cw.describe(self.eidto)[0])












b9436fe77c9e
fix bad merge



Sandrine Ribeau <sandrine.ribeau@logilab.fr>


parents: 
3890

diff
changeset




   132


                rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto)







2835






04034421b072
[hooks] major refactoring:



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
2647

diff
changeset




   133









4048






12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   134














12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   135


class BeforeDeleteRelationSecurityHook(SecurityHook):












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   136


    __regid__ = 'securitybeforedelrelation'












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   137


    events = ('before_delete_relation',)












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   138














12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   139


    def __call__(self):












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   140


        nocheck = self._cw.transaction_data.get('skip-security', ())












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   141


        if (self.eidfrom, self.rtype, self.eidto) in nocheck:












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   142


            return












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   143


        rschema = self._cw.repo.schema[self.rtype]












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   144


        rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0],












12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   145


                            self._cw.describe(self.eidto)[0])







4190






742e3eb16f81
fix bad merge



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4048

diff
changeset




   146


        rdef.check_perm(self._cw, 'delete', fromeid=self.eidfrom, toeid=self.eidto)







4048






12c4f7e2bed6
had been involontarly dropped



Sylvain Thénault <sylvain.thenault@logilab.fr>


parents: 
4003

diff
changeset




   147
















cubicweb