Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cubicweb/hooks/security.py
changeset 11767 432f87a63057
parent 11765 9cb215e833b0
equal deleted inserted replaced
11766:d8de1ac21f36 11767:432f87a63057 
     1 # copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 
     1 # copyright 2003-2016 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
 
     2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 
     2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
 
     3 #
 
     3 #
 
     4 # This file is part of CubicWeb.
 
     4 # This file is part of CubicWeb.
 
     5 #
 
     5 #
 
     6 # CubicWeb is free software: you can redistribute it and/or modify it under the
 
     6 # CubicWeb is free software: you can redistribute it and/or modify it under the
 
    17 # with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
 
    17 # with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
 
    18 """Security hooks: check permissions to add/delete/update entities according to
 
    18 """Security hooks: check permissions to add/delete/update entities according to
 
    19 the connected user
 
    19 the connected user
 
    20 """
 
    20 """
 
    21 
    21 
    22 __docformat__ = "restructuredtext en"
 
       
    23 from warnings import warn
 
       
    24 
       
    25 from logilab.common.registry import objectify_predicate
 
    22 from logilab.common.registry import objectify_predicate
 
    26 
    23 
    27 from yams import buildobjs
 
    24 from yams import buildobjs
 
    28 
    25 
    29 from cubicweb import Unauthorized
 
    26 from cubicweb import Unauthorized
 
    30 from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook
 
    27 from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook
 
    31 
       
    32 
    28 
    33 
    29 
    34 def check_entity_attributes(cnx, entity, action, editedattrs=None):
 
    30 def check_entity_attributes(cnx, entity, action, editedattrs=None):
 
    35     eid = entity.eid
 
    31     eid = entity.eid
 
    36     eschema = entity.e_schema
 
    32     eschema = entity.e_schema
 
    37     if action == 'delete':
 
       
    38         eschema.check_perm(session, action, eid=eid)
 
       
    39         return
 
       
    40     # ._cw_skip_security_attributes is there to bypass security for attributes
 
    33     # ._cw_skip_security_attributes is there to bypass security for attributes
 
    41     # set by hooks by modifying the entity's dictionary
 
    34     # set by hooks by modifying the entity's dictionary
 
    42     if editedattrs is None:
 
    35     if editedattrs is None:
 
    43         editedattrs = entity.cw_edited
 
    36         editedattrs = entity.cw_edited
 
    44     dontcheck = editedattrs.skip_security
 
    37     dontcheck = editedattrs.skip_security
cubicweb