54 category = 'security' |
54 category = 'security' |
55 __select__ = hook.Hook.__select__ & hook.regular_session() |
55 __select__ = hook.Hook.__select__ & hook.regular_session() |
56 |
56 |
57 |
57 |
58 class AfterAddEntitySecurityHook(SecurityHook): |
58 class AfterAddEntitySecurityHook(SecurityHook): |
59 __id__ = 'securityafteraddentity' |
59 __regid__ = 'securityafteraddentity' |
60 events = ('after_add_entity',) |
60 events = ('after_add_entity',) |
61 |
61 |
62 def __call__(self): |
62 def __call__(self): |
63 _CheckEntityPermissionOp(self._cw, entity=self.entity, action='add') |
63 _CheckEntityPermissionOp(self._cw, entity=self.entity, action='add') |
64 |
64 |
65 |
65 |
66 class AfterUpdateEntitySecurityHook(SecurityHook): |
66 class AfterUpdateEntitySecurityHook(SecurityHook): |
67 __id__ = 'securityafterupdateentity' |
67 __regid__ = 'securityafterupdateentity' |
68 events = ('after_update_entity',) |
68 events = ('after_update_entity',) |
69 |
69 |
70 def __call__(self): |
70 def __call__(self): |
71 try: |
71 try: |
72 # check user has permission right now, if not retry at commit time |
72 # check user has permission right now, if not retry at commit time |
76 self.entity.clear_local_perm_cache('update') |
76 self.entity.clear_local_perm_cache('update') |
77 _CheckEntityPermissionOp(self._cw, entity=self.entity, action='update') |
77 _CheckEntityPermissionOp(self._cw, entity=self.entity, action='update') |
78 |
78 |
79 |
79 |
80 class BeforeDelEntitySecurityHook(SecurityHook): |
80 class BeforeDelEntitySecurityHook(SecurityHook): |
81 __id__ = 'securitybeforedelentity' |
81 __regid__ = 'securitybeforedelentity' |
82 events = ('before_delete_entity',) |
82 events = ('before_delete_entity',) |
83 |
83 |
84 def __call__(self): |
84 def __call__(self): |
85 self.entity.check_perm('delete') |
85 self.entity.check_perm('delete') |
86 |
86 |
87 |
87 |
88 class BeforeAddRelationSecurityHook(SecurityHook): |
88 class BeforeAddRelationSecurityHook(SecurityHook): |
89 __id__ = 'securitybeforeaddrelation' |
89 __regid__ = 'securitybeforeaddrelation' |
90 events = ('before_add_relation',) |
90 events = ('before_add_relation',) |
91 |
91 |
92 def __call__(self): |
92 def __call__(self): |
93 if self.rtype in BEFORE_ADD_RELATIONS: |
93 if self.rtype in BEFORE_ADD_RELATIONS: |
94 nocheck = self._cw.transaction_data.get('skip-security', ()) |
94 nocheck = self._cw.transaction_data.get('skip-security', ()) |
97 rschema = self._cw.repo.schema[self.rtype] |
97 rschema = self._cw.repo.schema[self.rtype] |
98 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
98 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
99 |
99 |
100 |
100 |
101 class AfterAddRelationSecurityHook(SecurityHook): |
101 class AfterAddRelationSecurityHook(SecurityHook): |
102 __id__ = 'securityafteraddrelation' |
102 __regid__ = 'securityafteraddrelation' |
103 events = ('after_add_relation',) |
103 events = ('after_add_relation',) |
104 |
104 |
105 def __call__(self): |
105 def __call__(self): |
106 if not self.rtype in BEFORE_ADD_RELATIONS: |
106 if not self.rtype in BEFORE_ADD_RELATIONS: |
107 nocheck = self._cw.transaction_data.get('skip-security', ()) |
107 nocheck = self._cw.transaction_data.get('skip-security', ()) |
116 else: |
116 else: |
117 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
117 rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto) |
118 |
118 |
119 |
119 |
120 class BeforeDelRelationSecurityHook(SecurityHook): |
120 class BeforeDelRelationSecurityHook(SecurityHook): |
121 __id__ = 'securitybeforedelrelation' |
121 __regid__ = 'securitybeforedelrelation' |
122 events = ('before_delete_relation',) |
122 events = ('before_delete_relation',) |
123 |
123 |
124 def __call__(self): |
124 def __call__(self): |
125 nocheck = self._cw.transaction_data.get('skip-security', ()) |
125 nocheck = self._cw.transaction_data.get('skip-security', ()) |
126 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |
126 if (self.eidfrom, self.rtype, self.eidto) in nocheck: |