1 # copyright 2003-2014 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1 # copyright 2003-2016 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2 # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
3 # |
3 # |
4 # This file is part of CubicWeb. |
4 # This file is part of CubicWeb. |
5 # |
5 # |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
6 # CubicWeb is free software: you can redistribute it and/or modify it under the |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
18 """Security hooks: check permissions to add/delete/update entities according to |
18 """Security hooks: check permissions to add/delete/update entities according to |
19 the connected user |
19 the connected user |
20 """ |
20 """ |
21 |
21 |
22 __docformat__ = "restructuredtext en" |
|
23 from warnings import warn |
|
24 |
|
25 from logilab.common.registry import objectify_predicate |
22 from logilab.common.registry import objectify_predicate |
26 |
23 |
27 from yams import buildobjs |
24 from yams import buildobjs |
28 |
25 |
29 from cubicweb import Unauthorized |
26 from cubicweb import Unauthorized |
30 from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook |
27 from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook |
31 |
|
32 |
28 |
33 |
29 |
34 def check_entity_attributes(cnx, entity, action, editedattrs=None): |
30 def check_entity_attributes(cnx, entity, action, editedattrs=None): |
35 eid = entity.eid |
31 eid = entity.eid |
36 eschema = entity.e_schema |
32 eschema = entity.e_schema |
37 if action == 'delete': |
|
38 eschema.check_perm(session, action, eid=eid) |
|
39 return |
|
40 # ._cw_skip_security_attributes is there to bypass security for attributes |
33 # ._cw_skip_security_attributes is there to bypass security for attributes |
41 # set by hooks by modifying the entity's dictionary |
34 # set by hooks by modifying the entity's dictionary |
42 if editedattrs is None: |
35 if editedattrs is None: |
43 editedattrs = entity.cw_edited |
36 editedattrs = entity.cw_edited |
44 dontcheck = editedattrs.skip_security |
37 dontcheck = editedattrs.skip_security |