cubicweb: comparison hooks/security.py

equal deleted inserted replaced

-:b56420abc00f
+:9bf648d678cd
 class _CheckEntityPermissionOp(hook.LateOperation):
 def precommit_event(self):
 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action
-self.entity.check_perm(self.action)
+session = self.session
-check_entity_attributes(self.session, self.entity, self.editedattrs)
+for values in session.transaction_data['check_entity_perm_op']:
+entity = session.entity_from_eid(values[0])
+action = values[1]
+entity.check_perm(action)
+check_entity_attributes(session, entity, values[2:])
 def commit_event(self):
 pass
 class AfterAddEntitySecurityHook(SecurityHook):
 __regid__ = 'securityafteraddentity'
 events = ('after_add_entity',)
 def __call__(self):
-_CheckEntityPermissionOp(self._cw, entity=self.entity,
+hook.set_operation(self._cw, 'check_entity_perm_op',
-editedattrs=tuple(self.entity.edited_attributes),
+(self.entity.eid, 'add') + tuple(self.entity.edited_attributes),
-action='add')
+_CheckEntityPermissionOp)
 class AfterUpdateEntitySecurityHook(SecurityHook):
 __regid__ = 'securityafterupdateentity'
 events = ('after_update_entity',)
 except Unauthorized:
 self.entity.clear_local_perm_cache('update')
 # save back editedattrs in case the entity is reedited later in the
 # same transaction, which will lead to edited_attributes being
 # overwritten
-_CheckEntityPermissionOp(self._cw, entity=self.entity,
+hook.set_operation(self._cw, 'check_entity_perm_op',
-editedattrs=tuple(self.entity.edited_attributes),
+(self.entity.eid, 'update') + tuple(self.entity.edited_attributes),
-action='update')
+_CheckEntityPermissionOp)
 class BeforeDelEntitySecurityHook(SecurityHook):
 __regid__ = 'securitybeforedelentity'
 events = ('before_delete_entity',)

branch	stable
changeset 5448	9bf648d678cd
parent 5424	8ecbcbff9777
child 5449	a7e1b316af03