--- a/hooks/security.py Wed Jan 07 14:56:33 2015 +0100
+++ b/hooks/security.py Thu Jan 22 17:18:20 2015 +0100
@@ -69,6 +69,13 @@
raise Unauthorized(action, str(rdef))
rdef.check_perm(cnx, action, eid=eid)
+ if action == 'add' and not etypechecked:
+ # think about cnx.create_entity('Foo')
+ # the standard metadata were inserted by a hook
+ # with a bypass ... we conceptually need to check
+ # the eid attribute at *creation* time
+ entity.cw_check_perm(action)
+
class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation):
def precommit_event(self):