Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/querier.py
changeset 5890 141b935a38fc
parent 5768 1e73a466aa69
parent 5888 3ee80d487f11
child 5989 099d46422f5a
equal deleted inserted replaced
5883:7a5f370c5be1 5890:141b935a38fc 
    27 
    27 
    28 from logilab.common.cache import Cache
 
    28 from logilab.common.cache import Cache
 
    29 from logilab.common.compat import any
 
    29 from logilab.common.compat import any
 
    30 from rql import RQLSyntaxError
 
    30 from rql import RQLSyntaxError
 
    31 from rql.stmts import Union, Select
 
    31 from rql.stmts import Union, Select
 
    32 from rql.nodes import Relation, VariableRef, Constant, SubQuery, Function
 
    32 from rql.nodes import (Relation, VariableRef, Constant, SubQuery, Function,
 
       
    33                        Exists, Not)
 
    33 
    34 
    34 from cubicweb import Unauthorized, QueryError, UnknownEid, typed_eid
 
    35 from cubicweb import Unauthorized, QueryError, UnknownEid, typed_eid
 
    35 from cubicweb import server
 
    36 from cubicweb import server
 
    36 from cubicweb.rset import ResultSet
 
    37 from cubicweb.rset import ResultSet
 
    37 
    38 
   111             erqlexprs = eschema.get_rqlexprs('read')
 
   112             erqlexprs = eschema.get_rqlexprs('read')
 
   112             if not erqlexprs:
 
   113             if not erqlexprs:
 
   113                 ex = Unauthorized('read', solution[varname])
 
   114                 ex = Unauthorized('read', solution[varname])
 
   114                 ex.var = varname
 
   115                 ex.var = varname
 
   115                 raise ex
 
   116                 raise ex
 
   116             localchecks[varname] = erqlexprs
 
   117             # don't insert security on variable only referenced by 'NOT X relation Y' or
 
       
   118             # 'NOT EXISTS(X relation Y)'
 
       
   119             varinfo = rqlst.defined_vars[varname].stinfo
 
       
   120             if varinfo['selected'] or (
 
       
   121                 len([r for r in varinfo['relations']
 
       
   122                      if (not schema.rschema(r.r_type).final
 
       
   123                          and ((isinstance(r.parent, Exists) and r.parent.neged(strict=True))
 
       
   124                               or isinstance(r.parent, Not)))])
 
       
   125                 != len(varinfo['relations'])):
 
       
   126                 localchecks[varname] = erqlexprs
 
   117     return localchecks
 
   127     return localchecks
 
   118 
   128 
   119 def add_noinvariant(noinvariant, restricted, select, nbtrees):
 
   129 def add_noinvariant(noinvariant, restricted, select, nbtrees):
 
   120     # a variable can actually be invariant if it has not been restricted for
 
   130     # a variable can actually be invariant if it has not been restricted for
 
   121     # security reason or if security assertion hasn't modified the possible
 
   131     # security reason or if security assertion hasn't modified the possible
cubicweb