43 if creation and not rdef.permissions.get('update'): |
43 if creation and not rdef.permissions.get('update'): |
44 continue |
44 continue |
45 rdef.check_perm(session, 'update', eid=eid) |
45 rdef.check_perm(session, 'update', eid=eid) |
46 |
46 |
47 |
47 |
48 class _CheckEntityPermissionOp(hook.LateOperation): |
48 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |
49 def precommit_event(self): |
49 def precommit_event(self): |
50 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
|
51 session = self.session |
50 session = self.session |
52 for values in session.transaction_data.pop('check_entity_perm_op'): |
51 for eid, action, edited in self.get_data(): |
53 eid, action, edited = values |
|
54 entity = session.entity_from_eid(eid) |
52 entity = session.entity_from_eid(eid) |
55 entity.cw_check_perm(action) |
53 entity.cw_check_perm(action) |
56 check_entity_attributes(session, entity, edited, |
54 check_entity_attributes(session, entity, edited, |
57 creation=self.creation) |
55 creation=(action == 'add')) |
58 |
56 |
59 |
57 |
60 class _CheckRelationPermissionOp(hook.LateOperation): |
58 class CheckRelationPermissionOp(hook.DataOperationMixIn, hook.LateOperation): |
61 def precommit_event(self): |
59 def precommit_event(self): |
62 session = self.session |
60 session = self.session |
63 for args in session.transaction_data.pop('check_relation_perm_op'): |
61 for action, rschema, eidfrom, eidto in self.get_data(): |
64 action, rschema, eidfrom, eidto = args |
|
65 rdef = rschema.rdef(session.describe(eidfrom)[0], |
62 rdef = rschema.rdef(session.describe(eidfrom)[0], |
66 session.describe(eidto)[0]) |
63 session.describe(eidto)[0]) |
67 rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto) |
64 rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto) |
68 |
65 |
69 |
66 |
83 class AfterAddEntitySecurityHook(SecurityHook): |
80 class AfterAddEntitySecurityHook(SecurityHook): |
84 __regid__ = 'securityafteraddentity' |
81 __regid__ = 'securityafteraddentity' |
85 events = ('after_add_entity',) |
82 events = ('after_add_entity',) |
86 |
83 |
87 def __call__(self): |
84 def __call__(self): |
88 hook.set_operation(self._cw, 'check_entity_perm_op', |
85 CheckEntityPermissionOp.get_instance(self._cw).add_data( |
89 (self.entity.eid, 'add', self.entity.cw_edited), |
86 (self.entity.eid, 'add', self.entity.cw_edited) ) |
90 _CheckEntityPermissionOp, creation=True) |
|
91 |
87 |
92 |
88 |
93 class AfterUpdateEntitySecurityHook(SecurityHook): |
89 class AfterUpdateEntitySecurityHook(SecurityHook): |
94 __regid__ = 'securityafterupdateentity' |
90 __regid__ = 'securityafterupdateentity' |
95 events = ('after_update_entity',) |
91 events = ('after_update_entity',) |
102 except Unauthorized: |
98 except Unauthorized: |
103 self.entity._cw_clear_local_perm_cache('update') |
99 self.entity._cw_clear_local_perm_cache('update') |
104 # save back editedattrs in case the entity is reedited later in the |
100 # save back editedattrs in case the entity is reedited later in the |
105 # same transaction, which will lead to cw_edited being |
101 # same transaction, which will lead to cw_edited being |
106 # overwritten |
102 # overwritten |
107 hook.set_operation(self._cw, 'check_entity_perm_op', |
103 CheckEntityPermissionOp.get_instance(self._cw).add_data( |
108 (self.entity.eid, 'update', self.entity.cw_edited), |
104 (self.entity.eid, 'update', self.entity.cw_edited) ) |
109 _CheckEntityPermissionOp, creation=False) |
|
110 |
105 |
111 |
106 |
112 class BeforeDelEntitySecurityHook(SecurityHook): |
107 class BeforeDelEntitySecurityHook(SecurityHook): |
113 __regid__ = 'securitybeforedelentity' |
108 __regid__ = 'securitybeforedelentity' |
114 events = ('before_delete_entity',) |
109 events = ('before_delete_entity',) |
141 nocheck = self._cw.transaction_data.get('skip-security', ()) |
136 nocheck = self._cw.transaction_data.get('skip-security', ()) |
142 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
137 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
143 return |
138 return |
144 rschema = self._cw.repo.schema[self.rtype] |
139 rschema = self._cw.repo.schema[self.rtype] |
145 if self.rtype in ON_COMMIT_ADD_RELATIONS: |
140 if self.rtype in ON_COMMIT_ADD_RELATIONS: |
146 hook.set_operation(self._cw, 'check_relation_perm_op', |
141 CheckRelationPermissionOp.get_instance(self._cw).add_data( |
147 ('add', rschema, self.eidfrom, self.eidto), |
142 ('add', rschema, self.eidfrom, self.eidto) ) |
148 _CheckRelationPermissionOp) |
|
149 else: |
143 else: |
150 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
144 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
151 self._cw.describe(self.eidto)[0]) |
145 self._cw.describe(self.eidto)[0]) |
152 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
146 rdef.check_perm(self._cw, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
153 |
147 |