Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sobjects/notification.py
branchreldefsecurity
changeset 3877 7ca53fc72a0a
parent 3689 deb13e88e037
child 3890 d7a270f50f54 
--- a/sobjects/notification.py	Wed Nov 18 09:16:38 2009 +0100
+++ b/sobjects/notification.py	Thu Nov 19 12:55:47 2009 +0100
@@ -269,14 +269,16 @@
         changes = self.req.transaction_data['changes'][self.rset[0][0]]
         _ = self.req._
         formatted_changes = []
+        entity = self.entity(self.row or 0, self.col or 0)
         for attr, oldvalue, newvalue in sorted(changes):
             # check current user has permission to see the attribute
             rschema = self.vreg.schema[attr]
             if rschema.final:
-                if not rschema.has_perm(self.req, 'read', eid=self.rset[0][0]):
+                rdef = entity.e_schema.rdef(rschema)
+                if not rdef.has_perm(self.req, 'read', eid=self.rset[0][0]):
                     continue
             # XXX suppose it's a subject relation...
-            elif not rschema.has_perm(self.req, 'read', fromeid=self.rset[0][0]):
+            elif not rschema.has_perm(self.req, 'read', fromeid=self.rset[0][0]): # XXX toeid
                 continue
             if attr in self.no_detailed_change_attrs:
                 msg = _('%s updated') % _(attr)
cubicweb