equal
deleted
inserted
replaced
27 |
27 |
28 |
28 |
29 def check_entity_attributes(session, entity, editedattrs=None): |
29 def check_entity_attributes(session, entity, editedattrs=None): |
30 eid = entity.eid |
30 eid = entity.eid |
31 eschema = entity.e_schema |
31 eschema = entity.e_schema |
32 # .skip_security_attributes is there to bypass security for attributes |
32 # ._cw_skip_security_attributes is there to bypass security for attributes |
33 # set by hooks by modifying the entity's dictionnary |
33 # set by hooks by modifying the entity's dictionnary |
34 dontcheck = entity.skip_security_attributes |
34 dontcheck = entity._cw_skip_security_attributes |
35 if editedattrs is None: |
35 if editedattrs is None: |
36 try: |
36 try: |
37 editedattrs = entity.edited_attributes |
37 editedattrs = entity.edited_attributes |
38 except AttributeError: |
38 except AttributeError: |
39 editedattrs = entity # XXX unexpected |
39 editedattrs = entity # XXX unexpected |
55 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
55 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
56 session = self.session |
56 session = self.session |
57 for values in session.transaction_data.pop('check_entity_perm_op'): |
57 for values in session.transaction_data.pop('check_entity_perm_op'): |
58 entity = session.entity_from_eid(values[0]) |
58 entity = session.entity_from_eid(values[0]) |
59 action = values[1] |
59 action = values[1] |
60 entity.check_perm(action) |
60 entity.cw_check_perm(action) |
61 check_entity_attributes(session, entity, values[2:]) |
61 check_entity_attributes(session, entity, values[2:]) |
62 |
62 |
63 def commit_event(self): |
63 def commit_event(self): |
64 pass |
64 pass |
65 |
65 |
103 events = ('after_update_entity',) |
103 events = ('after_update_entity',) |
104 |
104 |
105 def __call__(self): |
105 def __call__(self): |
106 try: |
106 try: |
107 # check user has permission right now, if not retry at commit time |
107 # check user has permission right now, if not retry at commit time |
108 self.entity.check_perm('update') |
108 self.entity.cw_check_perm('update') |
109 check_entity_attributes(self._cw, self.entity) |
109 check_entity_attributes(self._cw, self.entity) |
110 except Unauthorized: |
110 except Unauthorized: |
111 self.entity.clear_local_perm_cache('update') |
111 self.entity._cw_clear_local_perm_cache('update') |
112 # save back editedattrs in case the entity is reedited later in the |
112 # save back editedattrs in case the entity is reedited later in the |
113 # same transaction, which will lead to edited_attributes being |
113 # same transaction, which will lead to edited_attributes being |
114 # overwritten |
114 # overwritten |
115 hook.set_operation(self._cw, 'check_entity_perm_op', |
115 hook.set_operation(self._cw, 'check_entity_perm_op', |
116 (self.entity.eid, 'update') + tuple(self.entity.edited_attributes), |
116 (self.entity.eid, 'update') + tuple(self.entity.edited_attributes), |
120 class BeforeDelEntitySecurityHook(SecurityHook): |
120 class BeforeDelEntitySecurityHook(SecurityHook): |
121 __regid__ = 'securitybeforedelentity' |
121 __regid__ = 'securitybeforedelentity' |
122 events = ('before_delete_entity',) |
122 events = ('before_delete_entity',) |
123 |
123 |
124 def __call__(self): |
124 def __call__(self): |
125 self.entity.check_perm('delete') |
125 self.entity.cw_check_perm('delete') |
126 |
126 |
127 |
127 |
128 class BeforeAddRelationSecurityHook(SecurityHook): |
128 class BeforeAddRelationSecurityHook(SecurityHook): |
129 __regid__ = 'securitybeforeaddrelation' |
129 __regid__ = 'securitybeforeaddrelation' |
130 events = ('before_add_relation',) |
130 events = ('before_add_relation',) |