Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
selectors.py
changeset 5901 782b27eaf97a
parent 5895 6a3f776292a5
parent 5900 002af94623d3
child 5904 6371b6760dc9 
--- a/selectors.py	Tue Jul 06 09:41:19 2010 +0200
+++ b/selectors.py	Tue Jul 06 11:31:34 2010 +0200
@@ -883,10 +883,13 @@
         if self.target_etype is not None:
             try:
                 rdef = rschema.role_rdef(eschema, self.target_etype, self.role)
-                if self.action and not rdef.may_have_permission(self.action, req):
-                    return 0
             except KeyError:
                 return 0
+            if self.action and not rdef.may_have_permission(self.action, req):
+                return 0
+            teschema = req.vreg.schema.eschema(self.target_etype)
+            if not teschema.may_have_permission('read', req):
+                return 0
         elif self.action:
             return rschema.may_have_permission(self.action, req, eschema, self.role)
         return 1
@@ -903,6 +906,10 @@
                     return 0
             elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid):
                 return 0
+        if self.target_etype is not None:
+            teschema = entity._cw.vreg.schema.eschema(self.target_etype)
+            if not teschema.may_have_permission('read', req):
+                return 0
         return 1
cubicweb