151 """ |
151 """ |
152 def __init__(self, session, read=None, write=None): |
152 def __init__(self, session, read=None, write=None): |
153 self.session = session |
153 self.session = session |
154 self.read = read |
154 self.read = read |
155 self.write = write |
155 self.write = write |
|
156 self.oldread = None |
|
157 self.oldwrite = None |
156 |
158 |
157 def __enter__(self): |
159 def __enter__(self): |
158 self.oldread, self.oldwrite = self.session.init_security( |
160 if self.read is None: |
159 self.read, self.write) |
161 self.oldread = None |
|
162 else: |
|
163 self.oldread = self.session._tx.read_security |
|
164 self.session._tx.read_security = self.read |
|
165 if self.write is None: |
|
166 self.oldwrite = None |
|
167 else: |
|
168 self.oldwrite = self.session._tx.write_security |
|
169 self.session._tx.write_security = self.write |
|
170 self.session._tx.ctx_count += 1 |
160 |
171 |
161 def __exit__(self, exctype, exc, traceback): |
172 def __exit__(self, exctype, exc, traceback): |
162 self.session.reset_security(self.oldread, self.oldwrite) |
173 tx = self.session._tx |
|
174 tx.ctx_count -= 1 |
|
175 if tx.ctx_count == 0: |
|
176 self.session._clear_thread_storage(tx) |
|
177 else: |
|
178 if self.oldread is not None: |
|
179 self.session._tx.read_security = self.oldread |
|
180 if self.oldwrite is not None: |
|
181 self.session._tx.write_security = self.oldwrite |
163 |
182 |
164 HOOKS_ALLOW_ALL = object() |
183 HOOKS_ALLOW_ALL = object() |
165 HOOKS_DENY_ALL = object() |
184 HOOKS_DENY_ALL = object() |
166 DEFAULT_SECURITY = object() # evaluated to true by design |
185 DEFAULT_SECURITY = object() # evaluated to true by design |
167 |
186 |
691 Security level Management: |
710 Security level Management: |
692 |
711 |
693 :attr:`read_security` and :attr:`write_security`, boolean flags telling if |
712 :attr:`read_security` and :attr:`write_security`, boolean flags telling if |
694 read/write security is currently activated. |
713 read/write security is currently activated. |
695 |
714 |
696 .. automethod:: cubicweb.server.session.Session.init_security |
|
697 .. automethod:: cubicweb.server.session.Session.reset_security |
|
698 .. automethod:: cubicweb.server.session.Session.security_enabled |
715 .. automethod:: cubicweb.server.session.Session.security_enabled |
699 |
716 |
700 Hooks Management: |
717 Hooks Management: |
701 |
718 |
702 :attr:`hooks_mode`, may be either `HOOKS_ALLOW_ALL` or `HOOKS_DENY_ALL`. |
719 :attr:`hooks_mode`, may be either `HOOKS_ALLOW_ALL` or `HOOKS_DENY_ALL`. |
968 # security control ######################################################### |
985 # security control ######################################################### |
969 |
986 |
970 |
987 |
971 def security_enabled(self, read=None, write=None): |
988 def security_enabled(self, read=None, write=None): |
972 return security_enabled(self, read=read, write=write) |
989 return security_enabled(self, read=read, write=write) |
973 |
|
974 def init_security(self, read, write): |
|
975 if read is None: |
|
976 oldread = None |
|
977 else: |
|
978 oldread = self._tx.read_security |
|
979 self._tx.read_security = read |
|
980 if write is None: |
|
981 oldwrite = None |
|
982 else: |
|
983 oldwrite = self._tx.write_security |
|
984 self._tx.write_security = write |
|
985 self._tx.ctx_count += 1 |
|
986 return oldread, oldwrite |
|
987 |
|
988 def reset_security(self, read, write): |
|
989 tx = self._tx |
|
990 tx.ctx_count -= 1 |
|
991 if tx.ctx_count == 0: |
|
992 self._clear_thread_storage(tx) |
|
993 else: |
|
994 if read is not None: |
|
995 self._tx.read_security = read |
|
996 if write is not None: |
|
997 self._tx.write_security = write |
|
998 |
990 |
999 read_security = tx_attr('read_security', writable=True) |
991 read_security = tx_attr('read_security', writable=True) |
1000 write_security = tx_attr('write_security', writable=True) |
992 write_security = tx_attr('write_security', writable=True) |
1001 running_dbapi_query = tx_attr('running_dbapi_query') |
993 running_dbapi_query = tx_attr('running_dbapi_query') |
1002 |
994 |