109 :meth:`~cubicweb.server.session.Session.deny_all_hooks_but` or |
109 :meth:`~cubicweb.server.session.Session.deny_all_hooks_but` or |
110 :meth:`~cubicweb.server.session.Session.allow_all_hooks_but` session |
110 :meth:`~cubicweb.server.session.Session.allow_all_hooks_but` session |
111 methods. |
111 methods. |
112 """ |
112 """ |
113 def __init__(self, session, mode, *categories): |
113 def __init__(self, session, mode, *categories): |
|
114 assert mode in (HOOKS_ALLOW_ALL, HOOKS_DENY_ALL) |
114 self.session = session |
115 self.session = session |
115 self.mode = mode |
116 self.mode = mode |
116 self.categories = categories |
117 self.categories = categories |
|
118 self.oldmode = None |
|
119 self.changes = () |
117 |
120 |
118 def __enter__(self): |
121 def __enter__(self): |
119 self.oldmode, self.changes = self.session.init_hooks_mode_categories( |
122 self.oldmode = self.session._tx.hooks_mode |
120 self.mode, self.categories) |
123 self.session._tx.hooks_mode = self.mode |
|
124 if self.mode is HOOKS_DENY_ALL: |
|
125 self.changes = self.session.enable_hook_categories(*self.categories) |
|
126 else: |
|
127 self.changes = self.session.disable_hook_categories(*self.categories) |
|
128 self.session._tx.ctx_count += 1 |
121 |
129 |
122 def __exit__(self, exctype, exc, traceback): |
130 def __exit__(self, exctype, exc, traceback): |
123 self.session.reset_hooks_mode_categories(self.oldmode, self.mode, self.changes) |
131 tx = self.session._tx |
|
132 tx.ctx_count -= 1 |
|
133 if tx.ctx_count == 0: |
|
134 self.session._clear_thread_storage(tx) |
|
135 else: |
|
136 try: |
|
137 if self.categories: |
|
138 if self.mode is HOOKS_DENY_ALL: |
|
139 self.session.disable_hook_categories(*self.categories) |
|
140 else: |
|
141 self.session.enable_hook_categories(*self.categories) |
|
142 finally: |
|
143 self.session._tx.hooks_mode = self.oldmode |
124 |
144 |
125 |
145 |
126 class security_enabled(object): |
146 class security_enabled(object): |
127 """context manager to control security w/ session.execute, |
147 """context manager to control security w/ session.execute, |
128 |
148 |
987 return hooks_control(self, HOOKS_ALLOW_ALL, *categories) |
1007 return hooks_control(self, HOOKS_ALLOW_ALL, *categories) |
988 def deny_all_hooks_but(self, *categories): |
1008 def deny_all_hooks_but(self, *categories): |
989 return hooks_control(self, HOOKS_DENY_ALL, *categories) |
1009 return hooks_control(self, HOOKS_DENY_ALL, *categories) |
990 |
1010 |
991 hooks_mode = tx_attr('hooks_mode') |
1011 hooks_mode = tx_attr('hooks_mode') |
992 |
|
993 def init_hooks_mode_categories(self, mode, categories): |
|
994 assert mode is HOOKS_ALLOW_ALL or mode is HOOKS_DENY_ALL |
|
995 oldmode = self._tx.hooks_mode |
|
996 self._tx.hooks_mode = mode |
|
997 if mode is self.HOOKS_DENY_ALL: |
|
998 changes = self.enable_hook_categories(*categories) |
|
999 else: |
|
1000 changes = self.disable_hook_categories(*categories) |
|
1001 self._tx.ctx_count += 1 |
|
1002 return oldmode, changes |
|
1003 |
|
1004 def reset_hooks_mode_categories(self, oldmode, mode, categories): |
|
1005 tx = self._tx |
|
1006 tx.ctx_count -= 1 |
|
1007 if tx.ctx_count == 0: |
|
1008 self._clear_thread_storage(tx) |
|
1009 else: |
|
1010 try: |
|
1011 if categories: |
|
1012 if mode is self.HOOKS_DENY_ALL: |
|
1013 return self.disable_hook_categories(*categories) |
|
1014 else: |
|
1015 return self.enable_hook_categories(*categories) |
|
1016 finally: |
|
1017 self._tx.hooks_mode = oldmode |
|
1018 |
1012 |
1019 disabled_hook_categories = tx_attr('disabled_hook_cats') |
1013 disabled_hook_categories = tx_attr('disabled_hook_cats') |
1020 enabled_hook_categories = tx_attr('enabled_hook_cats') |
1014 enabled_hook_categories = tx_attr('enabled_hook_cats') |
1021 disable_hook_categories = tx_meth('disable_hook_categories') |
1015 disable_hook_categories = tx_meth('disable_hook_categories') |
1022 enable_hook_categories = tx_meth('enable_hook_categories') |
1016 enable_hook_categories = tx_meth('enable_hook_categories') |