equal
deleted
inserted
replaced
23 except AttributeError: |
23 except AttributeError: |
24 editedattrs = entity |
24 editedattrs = entity |
25 for attr in editedattrs: |
25 for attr in editedattrs: |
26 if attr in defaults: |
26 if attr in defaults: |
27 continue |
27 continue |
28 rschema = eschema.subjrels[attr] |
28 rdef = eschema.rdef(attr) |
29 if rschema.final: # non final relation are checked by other hooks |
29 if rdef.final: # non final relation are checked by other hooks |
30 # add/delete should be equivalent (XXX: unify them into 'update' ?) |
30 # add/delete should be equivalent (XXX: unify them into 'update' ?) |
31 rschema.check_perm(session, 'add', eid) |
31 rdef.check_perm(session, 'add', eid=eid) |
32 |
32 |
33 |
33 |
34 class _CheckEntityPermissionOp(hook.LateOperation): |
34 class _CheckEntityPermissionOp(hook.LateOperation): |
35 def precommit_event(self): |
35 def precommit_event(self): |
36 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
36 #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action |
41 pass |
41 pass |
42 |
42 |
43 |
43 |
44 class _CheckRelationPermissionOp(hook.LateOperation): |
44 class _CheckRelationPermissionOp(hook.LateOperation): |
45 def precommit_event(self): |
45 def precommit_event(self): |
46 self.rschema.check_perm(self.session, self.action, self.eidfrom, self.eidto) |
46 rdef = self.rschema.rdef(self.session.describe(self.eidfrom)[0], |
|
47 self.session.describe(self.eidto)[0]) |
|
48 rdef.check_perm(self.session, self.action, |
|
49 fromeid=self.eidfrom, toeid=self.eidto) |
47 |
50 |
48 def commit_event(self): |
51 def commit_event(self): |
49 pass |
52 pass |
50 |
53 |
51 |
54 |
93 if self.rtype in BEFORE_ADD_RELATIONS: |
96 if self.rtype in BEFORE_ADD_RELATIONS: |
94 nocheck = self._cw.transaction_data.get('skip-security', ()) |
97 nocheck = self._cw.transaction_data.get('skip-security', ()) |
95 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
98 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
96 return |
99 return |
97 rschema = self._cw.repo.schema[self.rtype] |
100 rschema = self._cw.repo.schema[self.rtype] |
98 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
101 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0], |
|
102 self._cw.describe(self.eidto)[0]) |
|
103 rdef.check_perm(session, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
99 |
104 |
100 |
105 |
101 class AfterAddRelationSecurityHook(SecurityHook): |
106 class AfterAddRelationSecurityHook(SecurityHook): |
102 __regid__ = 'securityafteraddrelation' |
107 __regid__ = 'securityafteraddrelation' |
103 events = ('after_add_relation',) |
108 events = ('after_add_relation',) |
112 _CheckRelationPermissionOp(self._cw, action='add', |
117 _CheckRelationPermissionOp(self._cw, action='add', |
113 rschema=rschema, |
118 rschema=rschema, |
114 eidfrom=self.eidfrom, |
119 eidfrom=self.eidfrom, |
115 eidto=self.eidto) |
120 eidto=self.eidto) |
116 else: |
121 else: |
117 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
122 rdef = rschema.rdef(session.describe(self.eidfrom)[0], |
|
123 session.describe(self.eidto)[0]) |
|
124 rdef.check_perm(session, 'add', fromeid=self.eidfrom, toeid=self.eidto) |
118 |
125 |
119 |
|
120 class BeforeDelRelationSecurityHook(SecurityHook): |
|
121 __regid__ = 'securitybeforedelrelation' |
|
122 events = ('before_delete_relation',) |
|
123 |
|
124 def __call__(self): |
|
125 nocheck = self._cw.transaction_data.get('skip-security', ()) |
|
126 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
|
127 return |
|
128 self._cw.repo.schema[self.rtype].check_perm(self._cw, 'delete', |
|
129 self.eidfrom, self.eidto) |
|
130 |
|