Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
selectors.py
branchstable
changeset 5900 002af94623d3
parent 5886 00a78298d30d
child 5901 782b27eaf97a
child 5903 aa01eb033620 
--- a/selectors.py	Tue Jul 06 09:42:16 2010 +0200
+++ b/selectors.py	Tue Jul 06 11:31:04 2010 +0200
@@ -840,10 +840,13 @@
         if self.target_etype is not None:
             try:
                 rdef = rschema.role_rdef(eschema, self.target_etype, self.role)
-                if self.action and not rdef.may_have_permission(self.action, req):
-                    return 0
             except KeyError:
                 return 0
+            if self.action and not rdef.may_have_permission(self.action, req):
+                return 0
+            teschema = req.vreg.schema.eschema(self.target_etype)
+            if not teschema.may_have_permission('read', req):
+                return 0
         elif self.action:
             return rschema.may_have_permission(self.action, req, eschema, self.role)
         return 1
@@ -860,6 +863,10 @@
                     return 0
             elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid):
                 return 0
+        if self.target_etype is not None:
+            teschema = entity._cw.vreg.schema.eschema(self.target_etype)
+            if not teschema.may_have_permission('read', req):
+                return 0
         return 1
cubicweb