Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/querier.py
branchstable
changeset 5888 3ee80d487f11
parent 5886 00a78298d30d
child 5890 141b935a38fc
equal deleted inserted replaced
5887:3f55f0f10a22 5888:3ee80d487f11 
    27 
    27 
    28 from logilab.common.cache import Cache
 
    28 from logilab.common.cache import Cache
 
    29 from logilab.common.compat import any
 
    29 from logilab.common.compat import any
 
    30 from rql import RQLSyntaxError
 
    30 from rql import RQLSyntaxError
 
    31 from rql.stmts import Union, Select
 
    31 from rql.stmts import Union, Select
 
    32 from rql.nodes import Relation, VariableRef, Constant, SubQuery
 
    32 from rql.nodes import Relation, VariableRef, Constant, SubQuery, Exists, Not
 
    33 
    33 
    34 from cubicweb import Unauthorized, QueryError, UnknownEid, typed_eid
 
    34 from cubicweb import Unauthorized, QueryError, UnknownEid, typed_eid
 
    35 from cubicweb import server
 
    35 from cubicweb import server
 
    36 from cubicweb.rset import ResultSet
 
    36 from cubicweb.rset import ResultSet
 
    37 
    37 
   110             erqlexprs = eschema.get_rqlexprs('read')
 
   110             erqlexprs = eschema.get_rqlexprs('read')
 
   111             if not erqlexprs:
 
   111             if not erqlexprs:
 
   112                 ex = Unauthorized('read', solution[varname])
 
   112                 ex = Unauthorized('read', solution[varname])
 
   113                 ex.var = varname
 
   113                 ex.var = varname
 
   114                 raise ex
 
   114                 raise ex
 
   115             localchecks[varname] = erqlexprs
 
   115             # don't insert security on variable only referenced by 'NOT X relation Y' or
 
       
   116             # 'NOT EXISTS(X relation Y)'
 
       
   117             varinfo = rqlst.defined_vars[varname].stinfo
 
       
   118             if varinfo['selected'] or (
 
       
   119                 len([r for r in varinfo['relations']
 
       
   120                      if (not schema.rschema(r.r_type).final
 
       
   121                          and ((isinstance(r.parent, Exists) and r.parent.neged(strict=True))
 
       
   122                               or isinstance(r.parent, Not)))])
 
       
   123                 != len(varinfo['relations'])):
 
       
   124                 localchecks[varname] = erqlexprs
 
   116     return localchecks
 
   125     return localchecks
 
   117 
   126 
   118 def add_noinvariant(noinvariant, restricted, select, nbtrees):
 
   127 def add_noinvariant(noinvariant, restricted, select, nbtrees):
 
   119     # a variable can actually be invariant if it has not been restricted for
 
   128     # a variable can actually be invariant if it has not been restricted for
 
   120     # security reason or if security assertion hasn't modified the possible
 
   129     # security reason or if security assertion hasn't modified the possible
cubicweb