--- a/selectors.py Tue Jul 06 09:42:16 2010 +0200
+++ b/selectors.py Tue Jul 06 11:31:04 2010 +0200
@@ -840,10 +840,13 @@
if self.target_etype is not None:
try:
rdef = rschema.role_rdef(eschema, self.target_etype, self.role)
- if self.action and not rdef.may_have_permission(self.action, req):
- return 0
except KeyError:
return 0
+ if self.action and not rdef.may_have_permission(self.action, req):
+ return 0
+ teschema = req.vreg.schema.eschema(self.target_etype)
+ if not teschema.may_have_permission('read', req):
+ return 0
elif self.action:
return rschema.may_have_permission(self.action, req, eschema, self.role)
return 1
@@ -860,6 +863,10 @@
return 0
elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid):
return 0
+ if self.target_etype is not None:
+ teschema = entity._cw.vreg.schema.eschema(self.target_etype)
+ if not teschema.may_have_permission('read', req):
+ return 0
return 1