Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/security.py
changeset 9478 2d7521881d3d
parent 9469 032825bbacab
parent 9415 0ff1de2aa55d
child 9543 39f981482e34 
--- a/hooks/security.py	Fri Jan 24 10:04:56 2014 +0100
+++ b/hooks/security.py	Mon Jan 27 16:19:49 2014 +0100
@@ -42,7 +42,7 @@
     for attr in editedattrs:
         if attr in dontcheck:
             continue
-        rdef = eschema.rdef(attr)
+        rdef = eschema.rdef(attr, takefirst=True)
         if rdef.final: # non final relation are checked by standard hooks
             perms = rdef.permissions.get(action)
             # comparison below works because the default update perm is:
@@ -60,7 +60,8 @@
                 # nothing.
                 continue
             if perms == ():
-                # That means an immutable attribute.
+                # That means an immutable attribute; as an optimization, avoid
+                # going through check_perm.
                 raise Unauthorized(action, str(rdef))
             rdef.check_perm(session, action, eid=eid)
cubicweb