68 eschema.check_perm(session, 'delete', eid) |
68 eschema.check_perm(session, 'delete', eid) |
69 |
69 |
70 |
70 |
71 def before_add_relation(session, fromeid, rtype, toeid): |
71 def before_add_relation(session, fromeid, rtype, toeid): |
72 if rtype in BEFORE_ADD_RELATIONS and not session.is_super_session: |
72 if rtype in BEFORE_ADD_RELATIONS and not session.is_super_session: |
|
73 nocheck = session.transaction_data.get('skip-security', ()) |
|
74 if (fromeid, rtype, toeid) in nocheck: |
|
75 return |
73 rschema = session.repo.schema[rtype] |
76 rschema = session.repo.schema[rtype] |
74 rschema.check_perm(session, 'add', fromeid, toeid) |
77 rschema.check_perm(session, 'add', fromeid, toeid) |
75 |
78 |
76 def after_add_relation(session, fromeid, rtype, toeid): |
79 def after_add_relation(session, fromeid, rtype, toeid): |
77 if not rtype in BEFORE_ADD_RELATIONS and not session.is_super_session: |
80 if not rtype in BEFORE_ADD_RELATIONS and not session.is_super_session: |
|
81 nocheck = session.transaction_data.get('skip-security', ()) |
|
82 if (fromeid, rtype, toeid) in nocheck: |
|
83 return |
78 rschema = session.repo.schema[rtype] |
84 rschema = session.repo.schema[rtype] |
79 if rtype in ON_COMMIT_ADD_RELATIONS: |
85 if rtype in ON_COMMIT_ADD_RELATIONS: |
80 CheckRelationPermissionOp(session, action='add', rschema=rschema, |
86 CheckRelationPermissionOp(session, action='add', rschema=rschema, |
81 fromeid=fromeid, toeid=toeid) |
87 fromeid=fromeid, toeid=toeid) |
82 else: |
88 else: |
83 rschema.check_perm(session, 'add', fromeid, toeid) |
89 rschema.check_perm(session, 'add', fromeid, toeid) |
84 |
90 |
85 def before_del_relation(session, fromeid, rtype, toeid): |
91 def before_del_relation(session, fromeid, rtype, toeid): |
86 if not session.is_super_session: |
92 if not session.is_super_session: |
|
93 nocheck = session.transaction_data.get('skip-security', ()) |
|
94 if (fromeid, rtype, toeid) in nocheck: |
|
95 return |
87 session.repo.schema[rtype].check_perm(session, 'delete', fromeid, toeid) |
96 session.repo.schema[rtype].check_perm(session, 'delete', fromeid, toeid) |
88 |
97 |
89 def register_security_hooks(hm): |
98 def register_security_hooks(hm): |
90 """register meta-data related hooks on the hooks manager""" |
99 """register meta-data related hooks on the hooks manager""" |
91 hm.register_hook(after_add_entity, 'after_add_entity', '') |
100 hm.register_hook(after_add_entity, 'after_add_entity', '') |