Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/security.py
changeset 2847 c2ee28f4d4b1
parent 2835 04034421b072
child 2895 903bd3f89f80
equal deleted inserted replaced
2846:e71d6a585b83 2847:c2ee28f4d4b1 
    58 class AfterAddEntitySecurityHook(SecurityHook):
 
    58 class AfterAddEntitySecurityHook(SecurityHook):
 
    59     __id__ = 'securityafteraddentity'
 
    59     __id__ = 'securityafteraddentity'
 
    60     events = ('after_add_entity',)
 
    60     events = ('after_add_entity',)
 
    61 
    61 
    62     def __call__(self):
 
    62     def __call__(self):
 
    63         _CheckEntityPermissionOp(self.cw_req, entity=self.entity, action='add')
 
    63         _CheckEntityPermissionOp(self._cw, entity=self.entity, action='add')
 
    64 
    64 
    65 
    65 
    66 class AfterUpdateEntitySecurityHook(SecurityHook):
 
    66 class AfterUpdateEntitySecurityHook(SecurityHook):
 
    67     __id__ = 'securityafterupdateentity'
 
    67     __id__ = 'securityafterupdateentity'
 
    68     events = ('after_update_entity',)
 
    68     events = ('after_update_entity',)
 
    69 
    69 
    70     def __call__(self):
 
    70     def __call__(self):
 
    71         try:
 
    71         try:
 
    72             # check user has permission right now, if not retry at commit time
 
    72             # check user has permission right now, if not retry at commit time
 
    73             self.entity.check_perm('update')
 
    73             self.entity.check_perm('update')
 
    74             check_entity_attributes(self.cw_req, self.entity)
 
    74             check_entity_attributes(self._cw, self.entity)
 
    75         except Unauthorized:
 
    75         except Unauthorized:
 
    76             self.entity.clear_local_perm_cache('update')
 
    76             self.entity.clear_local_perm_cache('update')
 
    77             _CheckEntityPermissionOp(self.cw_req, entity=self.entity, action='update')
 
    77             _CheckEntityPermissionOp(self._cw, entity=self.entity, action='update')
 
    78 
    78 
    79 
    79 
    80 class BeforeDelEntitySecurityHook(SecurityHook):
 
    80 class BeforeDelEntitySecurityHook(SecurityHook):
 
    81     __id__ = 'securitybeforedelentity'
 
    81     __id__ = 'securitybeforedelentity'
 
    82     events = ('before_delete_entity',)
 
    82     events = ('before_delete_entity',)
 
    83 
    83 
    84     def __call__(self):
 
    84     def __call__(self):
 
    85         self.entity.e_schema.check_perm(self.cw_req, 'delete', eid)
 
    85         self.entity.e_schema.check_perm(self._cw, 'delete', eid)
 
    86 
    86 
    87 
    87 
    88 class BeforeAddRelationSecurityHook(SecurityHook):
 
    88 class BeforeAddRelationSecurityHook(SecurityHook):
 
    89     __id__ = 'securitybeforeaddrelation'
 
    89     __id__ = 'securitybeforeaddrelation'
 
    90     events = ('before_add_relation',)
 
    90     events = ('before_add_relation',)
 
    91 
    91 
    92     def __call__(self):
 
    92     def __call__(self):
 
    93         if self.rtype in BEFORE_ADD_RELATIONS:
 
    93         if self.rtype in BEFORE_ADD_RELATIONS:
 
    94             rschema = self.cw_req.repo.schema[self.rtype]
 
    94             rschema = self._cw.repo.schema[self.rtype]
 
    95             rschema.check_perm(self.cw_req, 'add', self.eidfrom, self.eidto)
 
    95             rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto)
 
    96 
    96 
    97 
    97 
    98 class AfterAddRelationSecurityHook(SecurityHook):
 
    98 class AfterAddRelationSecurityHook(SecurityHook):
 
    99     __id__ = 'securityafteraddrelation'
 
    99     __id__ = 'securityafteraddrelation'
 
   100     events = ('after_add_relation',)
 
   100     events = ('after_add_relation',)
 
   101 
   101 
   102     def __call__(self):
 
   102     def __call__(self):
 
   103         if not self.rtype in BEFORE_ADD_RELATIONS:
 
   103         if not self.rtype in BEFORE_ADD_RELATIONS:
 
   104             rschema = self.cw_req.repo.schema[self.rtype]
 
   104             rschema = self._cw.repo.schema[self.rtype]
 
   105             if self.rtype in ON_COMMIT_ADD_RELATIONS:
 
   105             if self.rtype in ON_COMMIT_ADD_RELATIONS:
 
   106                 _CheckRelationPermissionOp(self.cw_req, action='add',
 
   106                 _CheckRelationPermissionOp(self._cw, action='add',
 
   107                                            rschema=rschema,
 
   107                                            rschema=rschema,
 
   108                                            eidfrom=self.eidfrom,
 
   108                                            eidfrom=self.eidfrom,
 
   109                                            eidto=self.eidto)
 
   109                                            eidto=self.eidto)
 
   110             else:
 
   110             else:
 
   111                 rschema.check_perm(self.cw_req, 'add', self.eidfrom, self.eidto)
 
   111                 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto)
 
   112 
   112 
   113 
   113 
   114 class BeforeDelRelationSecurityHook(SecurityHook):
 
   114 class BeforeDelRelationSecurityHook(SecurityHook):
 
   115     __id__ = 'securitybeforedelrelation'
 
   115     __id__ = 'securitybeforedelrelation'
 
   116     events = ('before_delete_relation',)
 
   116     events = ('before_delete_relation',)
 
   117 
   117 
   118     def __call__(self):
 
   118     def __call__(self):
 
   119         self.cw_req.repo.schema[self.rtype].check_perm(self.cw_req, 'delete',
 
   119         self._cw.repo.schema[self.rtype].check_perm(self._cw, 'delete',
 
   120                                                        self.eidfrom, self.eidto)
 
   120                                                        self.eidfrom, self.eidto)
 
   121 
   121
cubicweb