avoid to see the same warning twice, one for 3.6 another for 3.3
"""Security hooks: check permissions to add/delete/update entities according tothe user connected to a session:organization: Logilab:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2.:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses"""__docformat__="restructuredtext en"fromcubicwebimportUnauthorizedfromcubicweb.serverimportBEFORE_ADD_RELATIONS,ON_COMMIT_ADD_RELATIONS,hookdefcheck_entity_attributes(session,entity):eid=entity.eideschema=entity.e_schema# ._default_set is only there on entity creation to indicate unspecified# attributes which has been set to a default value defined in the schemadefaults=getattr(entity,'_default_set',())try:editedattrs=entity.edited_attributesexceptAttributeError:editedattrs=entityforattrineditedattrs:ifattrindefaults:continuerdef=eschema.rdef(attr)ifrdef.final:# non final relation are checked by other hooks# add/delete should be equivalent (XXX: unify them into 'update' ?)rdef.check_perm(session,'add',eid=eid)class_CheckEntityPermissionOp(hook.LateOperation):defprecommit_event(self):#print 'CheckEntityPermissionOp', self.session.user, self.entity, self.actionself.entity.check_perm(self.action)check_entity_attributes(self.session,self.entity)defcommit_event(self):passclass_CheckRelationPermissionOp(hook.LateOperation):defprecommit_event(self):rdef=self.rschema.rdef(self.session.describe(self.eidfrom)[0],self.session.describe(self.eidto)[0])rdef.check_perm(self.session,self.action,fromeid=self.eidfrom,toeid=self.eidto)defcommit_event(self):passclassSecurityHook(hook.Hook):__abstract__=Truecategory='security'__select__=hook.Hook.__select__&hook.regular_session()classAfterAddEntitySecurityHook(SecurityHook):__regid__='securityafteraddentity'events=('after_add_entity',)def__call__(self):_CheckEntityPermissionOp(self._cw,entity=self.entity,action='add')classAfterUpdateEntitySecurityHook(SecurityHook):__regid__='securityafterupdateentity'events=('after_update_entity',)def__call__(self):try:# check user has permission right now, if not retry at commit timeself.entity.check_perm('update')check_entity_attributes(self._cw,self.entity)exceptUnauthorized:self.entity.clear_local_perm_cache('update')_CheckEntityPermissionOp(self._cw,entity=self.entity,action='update')classBeforeDelEntitySecurityHook(SecurityHook):__regid__='securitybeforedelentity'events=('before_delete_entity',)def__call__(self):self.entity.check_perm('delete')classBeforeAddRelationSecurityHook(SecurityHook):__regid__='securitybeforeaddrelation'events=('before_add_relation',)def__call__(self):ifself.rtypeinBEFORE_ADD_RELATIONS:nocheck=self._cw.transaction_data.get('skip-security',())if(self.eidfrom,self.rtype,self.eidto)innocheck:returnrschema=self._cw.repo.schema[self.rtype]rdef=rschema.rdef(self._cw.describe(self.eidfrom)[0],self._cw.describe(self.eidto)[0])rdef.check_perm(self._cw,'add',fromeid=self.eidfrom,toeid=self.eidto)classAfterAddRelationSecurityHook(SecurityHook):__regid__='securityafteraddrelation'events=('after_add_relation',)def__call__(self):ifnotself.rtypeinBEFORE_ADD_RELATIONS:nocheck=self._cw.transaction_data.get('skip-security',())if(self.eidfrom,self.rtype,self.eidto)innocheck:returnrschema=self._cw.repo.schema[self.rtype]ifself.rtypeinON_COMMIT_ADD_RELATIONS:_CheckRelationPermissionOp(self._cw,action='add',rschema=rschema,eidfrom=self.eidfrom,eidto=self.eidto)else:rdef=rschema.rdef(self._cw.describe(self.eidfrom)[0],self._cw.describe(self.eidto)[0])rdef.check_perm(self._cw,'add',fromeid=self.eidfrom,toeid=self.eidto)classBeforeDeleteRelationSecurityHook(SecurityHook):__regid__='securitybeforedelrelation'events=('before_delete_relation',)def__call__(self):nocheck=self._cw.transaction_data.get('skip-security',())if(self.eidfrom,self.rtype,self.eidto)innocheck:returnrschema=self._cw.repo.schema[self.rtype]rdef=rschema.rdef(self._cw.describe(self.eidfrom)[0],self._cw.describe(self.eidto)[0])rdef.check_perm(self._cw,'delete',fromeid=self.eidfrom,toeid=self.eidto)