equal
deleted
inserted
replaced
76 |
76 |
77 class CheckRelationPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |
77 class CheckRelationPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |
78 def precommit_event(self): |
78 def precommit_event(self): |
79 session = self.session |
79 session = self.session |
80 for action, rschema, eidfrom, eidto in self.get_data(): |
80 for action, rschema, eidfrom, eidto in self.get_data(): |
81 rdef = rschema.rdef(session.describe(eidfrom)[0], |
81 rdef = rschema.rdef(session.entity_metas(eidfrom)['type'], |
82 session.describe(eidto)[0]) |
82 session.entity_metas(eidto)['type']) |
83 rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto) |
83 rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto) |
84 |
84 |
85 |
85 |
86 @objectify_predicate |
86 @objectify_predicate |
87 def write_security_enabled(cls, req, **kwargs): |
87 def write_security_enabled(cls, req, **kwargs): |
132 if self.rtype in BEFORE_ADD_RELATIONS: |
132 if self.rtype in BEFORE_ADD_RELATIONS: |
133 nocheck = self._cw.transaction_data.get('skip-security', ()) |
133 nocheck = self._cw.transaction_data.get('skip-security', ()) |
134 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
134 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
135 return |
135 return |
136 rschema = self._cw.repo.schema[self.rtype] |
136 rschema = self._cw.repo.schema[self.rtype] |
137 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
137 rdef = rschema.rdef(self._cw.entity_metas(self.eidfrom)['type'], |
138 self._cw.describe(self.eidto)[0]) |
138 self._cw.entity_metas(self.eidto)['type']) |
139 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
139 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
140 |
140 |
141 |
141 |
142 class AfterAddRelationSecurityHook(SecurityHook): |
142 class AfterAddRelationSecurityHook(SecurityHook): |
143 __regid__ = 'securityafteraddrelation' |
143 __regid__ = 'securityafteraddrelation' |
151 rschema = self._cw.repo.schema[self.rtype] |
151 rschema = self._cw.repo.schema[self.rtype] |
152 if self.rtype in ON_COMMIT_ADD_RELATIONS: |
152 if self.rtype in ON_COMMIT_ADD_RELATIONS: |
153 CheckRelationPermissionOp.get_instance(self._cw).add_data( |
153 CheckRelationPermissionOp.get_instance(self._cw).add_data( |
154 ('add', rschema, self.eidfrom, self.eidto) ) |
154 ('add', rschema, self.eidfrom, self.eidto) ) |
155 else: |
155 else: |
156 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
156 rdef = rschema.rdef(self._cw.entity_metas(self.eidfrom)['type'], |
157 self._cw.describe(self.eidto)[0]) |
157 self._cw.entity_metas(self.eidto)['type']) |
158 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
158 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
159 |
159 |
160 |
160 |
161 class BeforeDeleteRelationSecurityHook(SecurityHook): |
161 class BeforeDeleteRelationSecurityHook(SecurityHook): |
162 __regid__ = 'securitybeforedelrelation' |
162 __regid__ = 'securitybeforedelrelation' |
165 def __call__(self): |
165 def __call__(self): |
166 nocheck = self._cw.transaction_data.get('skip-security', ()) |
166 nocheck = self._cw.transaction_data.get('skip-security', ()) |
167 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
167 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
168 return |
168 return |
169 rschema = self._cw.repo.schema[self.rtype] |
169 rschema = self._cw.repo.schema[self.rtype] |
170 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
170 rdef = rschema.rdef(self._cw.entity_metas(self.eidfrom)['type'], |
171 self._cw.describe(self.eidto)[0]) |
171 self._cw.entity_metas(self.eidto)['type']) |
172 rdef.check_perm(self._cw, 'delete', fromeid=self.eidfrom, toeid=self.eidto) |
172 rdef.check_perm(self._cw, 'delete', fromeid=self.eidfrom, toeid=self.eidto) |
173 |
173 |