--- a/server/ssplanner.py Mon Mar 08 19:02:35 2010 +0100
+++ b/server/ssplanner.py Tue Mar 09 08:59:43 2010 +0100
@@ -63,6 +63,7 @@
return {}
eidconsts = {}
neweids = session.transaction_data.get('neweids', ())
+ checkread = session.read_security
for rel in rqlst.where.get_nodes(Relation):
if rel.r_type == 'eid' and not rel.neged(strict=True):
lhs, rhs = rel.get_variable_parts()
@@ -71,7 +72,7 @@
# check read permission here since it may not be done by
# the generated select substep if not emited (eg nothing
# to be selected)
- if eid not in neweids:
+ if checkread and eid not in neweids:
eschema(session.describe(eid)[0]).check_perm(session, 'read')
eidconsts[lhs.variable] = eid
return eidconsts