Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/securityhooks.py
branchtls-sprint
changeset 1802 d628defebc17
parent 479 ac5c9442b1fd
child 1977 606923dff11b
equal deleted inserted replaced
1801:672acc730ce5 1802:d628defebc17 
    22             continue
 
    22             continue
 
    23         rschema = eschema.subject_relation(attr)
 
    23         rschema = eschema.subject_relation(attr)
 
    24         if rschema.is_final(): # non final relation are checked by other hooks
 
    24         if rschema.is_final(): # non final relation are checked by other hooks
 
    25             # add/delete should be equivalent (XXX: unify them into 'update' ?)
 
    25             # add/delete should be equivalent (XXX: unify them into 'update' ?)
 
    26             rschema.check_perm(session, 'add', eid)
 
    26             rschema.check_perm(session, 'add', eid)
 
    27             
    27 
    28     
    28 
    29 class CheckEntityPermissionOp(LateOperation):
 
    29 class CheckEntityPermissionOp(LateOperation):
 
    30     def precommit_event(self):
 
    30     def precommit_event(self):
 
    31         #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action
 
    31         #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action
 
    32         self.entity.check_perm(self.action)
 
    32         self.entity.check_perm(self.action)
 
    33         check_entity_attributes(self.session, self.entity)
 
    33         check_entity_attributes(self.session, self.entity)
 
    34         
    34 
    35     def commit_event(self):
 
    35     def commit_event(self):
 
    36         pass
 
    36         pass
 
    37             
    37 
    38     
    38 
    39 class CheckRelationPermissionOp(LateOperation):
 
    39 class CheckRelationPermissionOp(LateOperation):
 
    40     def precommit_event(self):
 
    40     def precommit_event(self):
 
    41         self.rschema.check_perm(self.session, self.action, self.fromeid, self.toeid)
 
    41         self.rschema.check_perm(self.session, self.action, self.fromeid, self.toeid)
 
    42         
    42 
    43     def commit_event(self):
 
    43     def commit_event(self):
 
    44         pass
 
    44         pass
 
    45     
    45 
    46 def after_add_entity(session, entity):
 
    46 def after_add_entity(session, entity):
 
    47     if not session.is_super_session:
 
    47     if not session.is_super_session:
 
    48         CheckEntityPermissionOp(session, entity=entity, action='add')
 
    48         CheckEntityPermissionOp(session, entity=entity, action='add')
 
    49 
    49 
    50 def after_update_entity(session, entity):
 
    50 def after_update_entity(session, entity):
 
    54             entity.check_perm('update')
 
    54             entity.check_perm('update')
 
    55             check_entity_attributes(session, entity)
 
    55             check_entity_attributes(session, entity)
 
    56         except Unauthorized:
 
    56         except Unauthorized:
 
    57             entity.clear_local_perm_cache('update')
 
    57             entity.clear_local_perm_cache('update')
 
    58             CheckEntityPermissionOp(session, entity=entity, action='update')
 
    58             CheckEntityPermissionOp(session, entity=entity, action='update')
 
    59         
    59 
    60 def before_del_entity(session, eid):
 
    60 def before_del_entity(session, eid):
 
    61     if not session.is_super_session:
 
    61     if not session.is_super_session:
 
    62         eschema = session.repo.schema[session.describe(eid)[0]]
 
    62         eschema = session.repo.schema[session.describe(eid)[0]]
 
    63         eschema.check_perm(session, 'delete', eid)
 
    63         eschema.check_perm(session, 'delete', eid)
 
    64 
    64 
    65 
    65 
    66 def before_add_relation(session, fromeid, rtype, toeid):
 
    66 def before_add_relation(session, fromeid, rtype, toeid):
 
    67     if rtype in BEFORE_ADD_RELATIONS and not session.is_super_session:
 
    67     if rtype in BEFORE_ADD_RELATIONS and not session.is_super_session:
 
    68         rschema = session.repo.schema[rtype]
 
    68         rschema = session.repo.schema[rtype]
 
    69         rschema.check_perm(session, 'add', fromeid, toeid)
 
    69         rschema.check_perm(session, 'add', fromeid, toeid)
 
    70         
    70 
    71 def after_add_relation(session, fromeid, rtype, toeid):
 
    71 def after_add_relation(session, fromeid, rtype, toeid):
 
    72     if not rtype in BEFORE_ADD_RELATIONS and not session.is_super_session:
 
    72     if not rtype in BEFORE_ADD_RELATIONS and not session.is_super_session:
 
    73         rschema = session.repo.schema[rtype]
 
    73         rschema = session.repo.schema[rtype]
 
    74         if rtype in ON_COMMIT_ADD_RELATIONS:
 
    74         if rtype in ON_COMMIT_ADD_RELATIONS:
 
    75             CheckRelationPermissionOp(session, action='add', rschema=rschema,
 
    75             CheckRelationPermissionOp(session, action='add', rschema=rschema,
 
    87     hm.register_hook(after_update_entity, 'after_update_entity', '')
 
    87     hm.register_hook(after_update_entity, 'after_update_entity', '')
 
    88     hm.register_hook(before_del_entity, 'before_delete_entity', '')
 
    88     hm.register_hook(before_del_entity, 'before_delete_entity', '')
 
    89     hm.register_hook(before_add_relation, 'before_add_relation', '')
 
    89     hm.register_hook(before_add_relation, 'before_add_relation', '')
 
    90     hm.register_hook(after_add_relation, 'after_add_relation', '')
 
    90     hm.register_hook(after_add_relation, 'after_add_relation', '')
 
    91     hm.register_hook(before_del_relation, 'before_delete_relation', '')
 
    91     hm.register_hook(before_del_relation, 'before_delete_relation', '')
 
    92     
    92
cubicweb