--- a/hooks/security.py Mon Mar 08 19:02:35 2010 +0100
+++ b/hooks/security.py Tue Mar 09 08:59:43 2010 +0100
@@ -9,6 +9,7 @@
__docformat__ = "restructuredtext en"
from cubicweb import Unauthorized
+from cubicweb.selectors import objectify_selector, lltrace
from cubicweb.server import BEFORE_ADD_RELATIONS, ON_COMMIT_ADD_RELATIONS, hook
@@ -53,10 +54,17 @@
pass
+@objectify_selector
+@lltrace
+def write_security_enabled(cls, req, **kwargs):
+ if req is None or not req.write_security:
+ return 0
+ return 1
+
class SecurityHook(hook.Hook):
__abstract__ = True
category = 'security'
- __select__ = hook.Hook.__select__ & hook.regular_session()
+ __select__ = hook.Hook.__select__ & write_security_enabled()
class AfterAddEntitySecurityHook(SecurityHook):