621 oldwrite = self.set_write_security(write) |
621 oldwrite = self.set_write_security(write) |
622 self._tx.ctx_count += 1 |
622 self._tx.ctx_count += 1 |
623 return oldread, oldwrite |
623 return oldread, oldwrite |
624 |
624 |
625 def reset_security(self, read, write): |
625 def reset_security(self, read, write): |
626 txstore = self._tx |
626 tx = self._tx |
627 txstore.ctx_count -= 1 |
627 tx.ctx_count -= 1 |
628 if txstore.ctx_count == 0: |
628 if tx.ctx_count == 0: |
629 self._clear_thread_storage(txstore) |
629 self._clear_thread_storage(tx) |
630 else: |
630 else: |
631 if read is not None: |
631 if read is not None: |
632 self.set_read_security(read) |
632 self.set_read_security(read) |
633 if write is not None: |
633 if write is not None: |
634 self.set_write_security(write) |
634 self.set_write_security(write) |
635 |
635 |
636 @property |
636 @property |
637 def read_security(self): |
637 def read_security(self): |
638 """return a boolean telling if read security is activated or not""" |
638 """return a boolean telling if read security is activated or not""" |
639 txstore = self._tx |
639 tx = self._tx |
640 if txstore is None: |
640 if tx is None: |
641 return DEFAULT_SECURITY |
641 return DEFAULT_SECURITY |
642 return txstore.read_security |
642 return tx.read_security |
643 |
643 |
644 def set_read_security(self, activated): |
644 def set_read_security(self, activated): |
645 """[de]activate read security, returning the previous value set for |
645 """[de]activate read security, returning the previous value set for |
646 later restoration. |
646 later restoration. |
647 |
647 |
648 you should usually use the `security_enabled` context manager instead |
648 you should usually use the `security_enabled` context manager instead |
649 of this to change security settings. |
649 of this to change security settings. |
650 """ |
650 """ |
651 txstore = self._tx |
651 tx = self._tx |
652 if txstore is None: |
652 if tx is None: |
653 return DEFAULT_SECURITY |
653 return DEFAULT_SECURITY |
654 oldmode = txstore.read_security |
654 oldmode = tx.read_security |
655 txstore.read_security = activated |
655 tx.read_security = activated |
656 # dbapi_query used to detect hooks triggered by a 'dbapi' query (eg not |
656 # dbapi_query used to detect hooks triggered by a 'dbapi' query (eg not |
657 # issued on the session). This is tricky since we the execution model of |
657 # issued on the session). This is tricky since we the execution model of |
658 # a (write) user query is: |
658 # a (write) user query is: |
659 # |
659 # |
660 # repository.execute (security enabled) |
660 # repository.execute (security enabled) |
667 # so we can't rely on simply checking session.read_security, but |
667 # so we can't rely on simply checking session.read_security, but |
668 # recalling the first transition from DEFAULT_SECURITY to something |
668 # recalling the first transition from DEFAULT_SECURITY to something |
669 # else (False actually) is not perfect but should be enough |
669 # else (False actually) is not perfect but should be enough |
670 # |
670 # |
671 # also reset dbapi_query to true when we go back to DEFAULT_SECURITY |
671 # also reset dbapi_query to true when we go back to DEFAULT_SECURITY |
672 txstore.dbapi_query = (oldmode is DEFAULT_SECURITY |
672 tx.dbapi_query = (oldmode is DEFAULT_SECURITY |
673 or activated is DEFAULT_SECURITY) |
673 or activated is DEFAULT_SECURITY) |
674 return oldmode |
674 return oldmode |
675 |
675 |
676 @property |
676 @property |
677 def write_security(self): |
677 def write_security(self): |
678 """return a boolean telling if write security is activated or not""" |
678 """return a boolean telling if write security is activated or not""" |
679 txstore = self._tx |
679 tx = self._tx |
680 if txstore is None: |
680 if tx is None: |
681 return DEFAULT_SECURITY |
681 return DEFAULT_SECURITY |
682 return txstore.write_security |
682 return tx.write_security |
683 |
683 |
684 def set_write_security(self, activated): |
684 def set_write_security(self, activated): |
685 """[de]activate write security, returning the previous value set for |
685 """[de]activate write security, returning the previous value set for |
686 later restoration. |
686 later restoration. |
687 |
687 |
688 you should usually use the `security_enabled` context manager instead |
688 you should usually use the `security_enabled` context manager instead |
689 of this to change security settings. |
689 of this to change security settings. |
690 """ |
690 """ |
691 txstore = self._tx |
691 tx = self._tx |
692 if txstore is None: |
692 if tx is None: |
693 return DEFAULT_SECURITY |
693 return DEFAULT_SECURITY |
694 oldmode = txstore.write_security |
694 oldmode = tx.write_security |
695 txstore.write_security = activated |
695 tx.write_security = activated |
696 return oldmode |
696 return oldmode |
697 |
697 |
698 @property |
698 @property |
699 def running_dbapi_query(self): |
699 def running_dbapi_query(self): |
700 """return a boolean telling if it's triggered by a db-api query or by |
700 """return a boolean telling if it's triggered by a db-api query or by |
730 changes = self.disable_hook_categories(*categories) |
730 changes = self.disable_hook_categories(*categories) |
731 self._tx.ctx_count += 1 |
731 self._tx.ctx_count += 1 |
732 return oldmode, changes |
732 return oldmode, changes |
733 |
733 |
734 def reset_hooks_mode_categories(self, oldmode, mode, categories): |
734 def reset_hooks_mode_categories(self, oldmode, mode, categories): |
735 txstore = self._tx |
735 tx = self._tx |
736 txstore.ctx_count -= 1 |
736 tx.ctx_count -= 1 |
737 if txstore.ctx_count == 0: |
737 if tx.ctx_count == 0: |
738 self._clear_thread_storage(txstore) |
738 self._clear_thread_storage(tx) |
739 else: |
739 else: |
740 try: |
740 try: |
741 if categories: |
741 if categories: |
742 if mode is self.HOOKS_DENY_ALL: |
742 if mode is self.HOOKS_DENY_ALL: |
743 return self.disable_hook_categories(*categories) |
743 return self.disable_hook_categories(*categories) |
1003 """remove everything from the thread local storage, except connections set |
1003 """remove everything from the thread local storage, except connections set |
1004 which is explicitly removed by free_cnxset, and mode which is set anyway |
1004 which is explicitly removed by free_cnxset, and mode which is set anyway |
1005 by _touch |
1005 by _touch |
1006 """ |
1006 """ |
1007 try: |
1007 try: |
1008 txstore = self.__threaddata.tx |
1008 tx = self.__threaddata.tx |
1009 except AttributeError: |
1009 except AttributeError: |
1010 pass |
1010 pass |
1011 else: |
1011 else: |
1012 if free_cnxset: |
1012 if free_cnxset: |
1013 self.free_cnxset() |
1013 self.free_cnxset() |
1014 if txstore.ctx_count == 0: |
1014 if tx.ctx_count == 0: |
1015 self._clear_thread_storage(txstore) |
1015 self._clear_thread_storage(tx) |
1016 else: |
1016 else: |
1017 self._clear_tx_storage(txstore) |
1017 self._clear_tx_storage(tx) |
1018 else: |
1018 else: |
1019 self._clear_tx_storage(txstore) |
1019 self._clear_tx_storage(tx) |
1020 |
1020 |
1021 def _clear_thread_storage(self, txstore): |
1021 def _clear_thread_storage(self, tx): |
1022 self._txs.pop(txstore.transactionid, None) |
1022 self._txs.pop(tx.transactionid, None) |
1023 try: |
1023 try: |
1024 del self.__threaddata.tx |
1024 del self.__threaddata.tx |
1025 except AttributeError: |
1025 except AttributeError: |
1026 pass |
1026 pass |
1027 |
1027 |
1028 def _clear_tx_storage(self, txstore): |
1028 def _clear_tx_storage(self, tx): |
1029 txstore.clear() |
1029 tx.clear() |
1030 txstore._rewriter = RQLRewriter(self) |
1030 tx._rewriter = RQLRewriter(self) |
1031 |
1031 |
1032 def commit(self, free_cnxset=True, reset_pool=None): |
1032 def commit(self, free_cnxset=True, reset_pool=None): |
1033 """commit the current session's transaction""" |
1033 """commit the current session's transaction""" |
1034 if reset_pool is not None: |
1034 if reset_pool is not None: |
1035 warn('[3.13] use free_cnxset argument instead for reset_pool', |
1035 warn('[3.13] use free_cnxset argument instead for reset_pool', |