equal
deleted
inserted
replaced
40 editedattrs = entity.cw_edited |
40 editedattrs = entity.cw_edited |
41 dontcheck = editedattrs.skip_security |
41 dontcheck = editedattrs.skip_security |
42 for attr in editedattrs: |
42 for attr in editedattrs: |
43 if attr in dontcheck: |
43 if attr in dontcheck: |
44 continue |
44 continue |
45 rdef = eschema.rdef(attr) |
45 rdef = eschema.rdef(attr, takefirst=True) |
46 if rdef.final: # non final relation are checked by standard hooks |
46 if rdef.final: # non final relation are checked by standard hooks |
47 perms = rdef.permissions.get(action) |
47 perms = rdef.permissions.get(action) |
48 # comparison below works because the default update perm is: |
48 # comparison below works because the default update perm is: |
49 # |
49 # |
50 # ('managers', ERQLExpression(Any X WHERE U has_update_permission X, |
50 # ('managers', ERQLExpression(Any X WHERE U has_update_permission X, |
58 # this object as a marker saying "no specific" |
58 # this object as a marker saying "no specific" |
59 # permission rule for this attribute. Thus we just do |
59 # permission rule for this attribute. Thus we just do |
60 # nothing. |
60 # nothing. |
61 continue |
61 continue |
62 if perms == (): |
62 if perms == (): |
63 # That means an immutable attribute. |
63 # That means an immutable attribute; as an optimization, avoid |
|
64 # going through check_perm. |
64 raise Unauthorized(action, str(rdef)) |
65 raise Unauthorized(action, str(rdef)) |
65 rdef.check_perm(session, action, eid=eid) |
66 rdef.check_perm(session, action, eid=eid) |
66 |
67 |
67 |
68 |
68 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |
69 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |