Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/security.py
changeset 10156 57b68193413c
parent 10114 6f4b4567b77d
parent 10153 85cbf16fbb57
child 10388 90fcddcce166 
--- a/hooks/security.py	Wed Jan 07 14:56:33 2015 +0100
+++ b/hooks/security.py	Thu Jan 22 17:18:20 2015 +0100
@@ -69,6 +69,13 @@
                 raise Unauthorized(action, str(rdef))
             rdef.check_perm(cnx, action, eid=eid)
 
+    if action == 'add' and not etypechecked:
+        # think about cnx.create_entity('Foo')
+        # the standard metadata were inserted by a hook
+        # with a bypass ... we conceptually need to check
+        # the eid attribute at *creation* time
+        entity.cw_check_perm(action)
+
 
 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation):
     def precommit_event(self):
cubicweb