Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hooks/security.py
branchstable
changeset 10153 85cbf16fbb57
parent 9981 7099bbd685aa
child 10156 57b68193413c 
--- a/hooks/security.py	Wed Nov 26 17:39:59 2014 +0100
+++ b/hooks/security.py	Wed Jan 21 15:58:33 2015 +0100
@@ -68,6 +68,12 @@
                 # going through check_perm.
                 raise Unauthorized(action, str(rdef))
             rdef.check_perm(session, action, eid=eid)
+    if action == 'add' and not etypechecked:
+        # think about cnx.create_entity('Foo')
+        # the standard metadata were inserted by a hook
+        # with a bypass ... we conceptually need to check
+        # the eid attribute at *creation* time
+        entity.cw_check_perm(action)
 
 
 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation):
cubicweb