147 self.cnx.hooks_mode = self.oldmode |
147 self.cnx.hooks_mode = self.oldmode |
148 |
148 |
149 class _session_hooks_control(_hooks_control): |
149 class _session_hooks_control(_hooks_control): |
150 """hook control context manager for session |
150 """hook control context manager for session |
151 |
151 |
152 Necessary To handle some unholy transaction scope logic.""" |
152 Necessary to handle some unholy transaction scope logic.""" |
153 |
153 |
154 |
154 |
155 def __init__(self, session, mode, *categories): |
155 def __init__(self, session, mode, *categories): |
156 self.session = session |
156 self.session = session |
157 super_init = super(_session_hooks_control, self).__init__ |
157 super_init = super(_session_hooks_control, self).__init__ |
172 """context manager to control security w/ session.execute, |
172 """context manager to control security w/ session.execute, |
173 |
173 |
174 By default security is disabled on queries executed on the repository |
174 By default security is disabled on queries executed on the repository |
175 side. |
175 side. |
176 """ |
176 """ |
177 def __init__(self, session, read=None, write=None): |
177 def __init__(self, cnx, read=None, write=None): |
178 self.session = session |
178 self.cnx = cnx |
179 self.cnx = session._cnx |
|
180 self.read = read |
179 self.read = read |
181 self.write = write |
180 self.write = write |
182 self.oldread = None |
181 self.oldread = None |
183 self.oldwrite = None |
182 self.oldwrite = None |
184 |
183 |
195 self.cnx.write_security = self.write |
194 self.cnx.write_security = self.write |
196 self.cnx.ctx_count += 1 |
195 self.cnx.ctx_count += 1 |
197 |
196 |
198 def __exit__(self, exctype, exc, traceback): |
197 def __exit__(self, exctype, exc, traceback): |
199 self.cnx.ctx_count -= 1 |
198 self.cnx.ctx_count -= 1 |
|
199 if self.oldread is not None: |
|
200 self.cnx.read_security = self.oldread |
|
201 if self.oldwrite is not None: |
|
202 self.cnx.write_security = self.oldwrite |
|
203 |
|
204 class _session_security_enabled(_security_enabled): |
|
205 """hook security context manager for session |
|
206 |
|
207 Necessary To handle some unholy transaction scope logic.""" |
|
208 |
|
209 |
|
210 def __init__(self, session, read=None, write=None): |
|
211 self.session = session |
|
212 super_init = super(_session_security_enabled, self).__init__ |
|
213 return super_init(session._cnx, read=read, write=write) |
|
214 |
|
215 def __exit__(self, exctype, exc, traceback): |
|
216 super_exit = super(_session_security_enabled, self).__exit__ |
|
217 ret = super_exit(exctype, exc, traceback) |
200 if self.cnx.ctx_count == 0: |
218 if self.cnx.ctx_count == 0: |
201 self.session._clear_thread_storage(self.cnx) |
219 self.session._clear_thread_storage(self.cnx) |
202 else: |
220 return ret |
203 if self.oldread is not None: |
|
204 self.cnx.read_security = self.oldread |
|
205 if self.oldwrite is not None: |
|
206 self.cnx.write_security = self.oldwrite |
|
207 |
221 |
208 HOOKS_ALLOW_ALL = object() |
222 HOOKS_ALLOW_ALL = object() |
209 HOOKS_DENY_ALL = object() |
223 HOOKS_DENY_ALL = object() |
210 DEFAULT_SECURITY = object() # evaluated to true by design |
224 DEFAULT_SECURITY = object() # evaluated to true by design |
211 |
225 |
624 activated or not |
638 activated or not |
625 """ |
639 """ |
626 return self.is_hook_category_activated(hook.category) |
640 return self.is_hook_category_activated(hook.category) |
627 |
641 |
628 # Security management ##################################################### |
642 # Security management ##################################################### |
|
643 |
|
644 def security_enabled(self, read=None, write=None): |
|
645 return _security_enabled(self, read=read, write=write) |
|
646 |
629 @property |
647 @property |
630 def read_security(self): |
648 def read_security(self): |
631 return self._read_security |
649 return self._read_security |
632 |
650 |
633 @read_security.setter |
651 @read_security.setter |
1056 |
1074 |
1057 # security control ######################################################### |
1075 # security control ######################################################### |
1058 |
1076 |
1059 |
1077 |
1060 def security_enabled(self, read=None, write=None): |
1078 def security_enabled(self, read=None, write=None): |
1061 return _security_enabled(self, read=read, write=write) |
1079 return _session_security_enabled(self, read=read, write=write) |
1062 |
1080 |
1063 read_security = cnx_attr('read_security', writable=True) |
1081 read_security = cnx_attr('read_security', writable=True) |
1064 write_security = cnx_attr('write_security', writable=True) |
1082 write_security = cnx_attr('write_security', writable=True) |
1065 running_dbapi_query = cnx_attr('running_dbapi_query') |
1083 running_dbapi_query = cnx_attr('running_dbapi_query') |
1066 |
1084 |