23 try: |
23 try: |
24 editedattrs = entity.edited_attributes |
24 editedattrs = entity.edited_attributes |
25 except AttributeError: |
25 except AttributeError: |
26 editedattrs = entity # XXX unexpected |
26 editedattrs = entity # XXX unexpected |
27 for attr in editedattrs: |
27 for attr in editedattrs: |
28 try: |
28 if attr in dontcheck: |
29 dontcheck.remove(attr) |
|
30 continue |
29 continue |
31 except KeyError: |
|
32 pass |
|
33 rdef = eschema.rdef(attr) |
30 rdef = eschema.rdef(attr) |
34 if rdef.final: # non final relation are checked by other hooks |
31 if rdef.final: # non final relation are checked by other hooks |
35 # add/delete should be equivalent (XXX: unify them into 'update' ?) |
32 # add/delete should be equivalent (XXX: unify them into 'update' ?) |
36 rdef.check_perm(session, 'update', eid=eid) |
33 rdef.check_perm(session, 'update', eid=eid) |
|
34 # don't update dontcheck until everything went fine: see usage in |
|
35 # after_update_entity, where if we got an Unauthorized at hook time, we will |
|
36 # retry and commit time |
|
37 dontcheck |= frozenset(editedattrs) |
37 |
38 |
38 |
39 |
39 class _CheckEntityPermissionOp(hook.LateOperation): |
40 class _CheckEntityPermissionOp(hook.LateOperation): |
40 def precommit_event(self): |
41 def precommit_event(self): |
41 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
42 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |