Tue, 21 Jul 2015 18:17:31 +0200 |
Julien Cristau |
[hook] remove assumption about entity cache vs cw_edited
|
file |
diff |
annotate
|
Tue, 21 Jul 2015 18:09:12 +0200 |
Julien Cristau |
[hook] don't open-code Connection.entity_cache
|
file |
diff |
annotate
|
Mon, 15 Jun 2015 10:49:33 +0200 |
Sylvain Thénault |
when some inlined relation is set using cw_edited, its security shouldn't be checked.
|
file |
diff |
annotate
|
Thu, 22 Jan 2015 17:18:20 +0100 |
Julien Cristau |
merge 3.18.8 into 3.19 branch
|
file |
diff |
annotate
|
Wed, 21 Jan 2015 15:58:33 +0100 |
Julien Cristau |
[security] Test case and fix for an INSERT security hole
stable
|
file |
diff |
annotate
|
Wed, 17 Dec 2014 10:55:53 +0100 |
Aurelien Campeas |
[security] check attributes: dispatch on the "add" action if entity was just created
|
file |
diff |
annotate
|
Wed, 24 Sep 2014 18:04:30 +0200 |
Julien Cristau |
merge 3.18.6 into 3.19
|
file |
diff |
annotate
|
Tue, 28 Jan 2014 15:27:59 +0100 |
Aurelien Campeas |
[hooks/security] allow edition of attributes with permissive permissions
stable
|
file |
diff |
annotate
|
Tue, 01 Apr 2014 16:28:12 +0200 |
Julien Cristau |
[hooks/security] let's use a connection, not a session
|
file |
diff |
annotate
|
Mon, 17 Feb 2014 15:32:50 +0100 |
Julien Cristau |
merge 3.18.x in 3.19 branch
|
file |
diff |
annotate
|
Fri, 14 Feb 2014 16:10:36 +0100 |
Julien Cristau |
merge 3.17.13
|
file |
diff |
annotate
|
Wed, 12 Feb 2014 18:15:32 +0100 |
Aurelien Campeas |
[hooks/security, devtools/fill] silence yams 0.38.0 warnings
stable
|
file |
diff |
annotate
|
Mon, 27 Jan 2014 16:19:49 +0100 |
Julien Cristau |
merge 3.18.2 into 3.19 branch
|
file |
diff |
annotate
|
Thu, 23 Jan 2014 13:47:28 +0100 |
Sylvain Thénault |
[multi-sources-removal] Drop entities.source column
|
file |
diff |
annotate
|
Tue, 14 Jan 2014 11:14:41 +0100 |
Aurelien Campeas |
[hooks/security] silence yams warning (closes #3440707)
|
file |
diff |
annotate
|
Thu, 16 Jan 2014 13:50:26 +0100 |
Julien Cristau |
[security] Add comment to check_entity_attributes shortcut
|
file |
diff |
annotate
|
Thu, 24 Oct 2013 13:15:53 +0200 |
Aurelien Campeas |
[hooks/security] provide attribute "add" permission
|
file |
diff |
annotate
|
Fri, 04 Oct 2013 17:05:49 +0200 |
Aurelien Campeas |
[hooks/security] Defer entity permission checks to an Operation.
|
file |
diff |
annotate
|
Wed, 03 Jul 2013 14:16:21 +0200 |
Aurelien Campeas |
[hooks/security] Streamline attributes default permission check.
stable
|
file |
diff |
annotate
|
Thu, 16 Feb 2012 14:15:37 +0100 |
Sylvain Thénault |
backport stable
|
file |
diff |
annotate
|
Thu, 16 Feb 2012 14:14:52 +0100 |
Sylvain Thénault |
[spelling] fix dictionnary -> dictionary typo
stable
|
file |
diff |
annotate
|
Mon, 23 Jan 2012 13:25:02 +0100 |
Sylvain Thénault |
[vreg] move base registry implementation to logilab.common. Closes #1916014
|
file |
diff |
annotate
|
Sat, 09 Oct 2010 00:05:50 +0200 |
Sylvain Thénault |
[hook/operation] nicer api to achieve same result as set_operation, as described in #1253630
|
file |
diff |
annotate
|
Wed, 25 Aug 2010 10:29:18 +0200 |
Sylvain Thénault |
[session] cleanup hook / operation / entity edition api
|
file |
diff |
annotate
|
Thu, 01 Jul 2010 17:06:37 +0200 |
Sylvain Thénault |
backport stable
|
file |
diff |
annotate
|
Thu, 01 Jul 2010 09:23:39 +0200 |
Sylvain Thénault |
[security] use set_operation for relation permission checking operation
stable
|
file |
diff |
annotate
|
Mon, 21 Jun 2010 15:34:46 +0200 |
Sylvain Thénault |
backport stable
|
file |
diff |
annotate
|
Mon, 21 Jun 2010 15:32:26 +0200 |
Sylvain Thénault |
[transaction w/ separated web/repo processes] the dbapi should explicitly specify a transaction id to avoid confusion when web server / repository run in separated processes
stable
|
file |
diff |
annotate
|
Mon, 07 Jun 2010 13:31:46 +0200 |
Sylvain Thénault |
[security hooks] fix bad merge
|
file |
diff |
annotate
|
Mon, 07 Jun 2010 13:22:24 +0200 |
Sylvain Thénault |
backport stable
|
file |
diff |
annotate
|
Fri, 04 Jun 2010 13:09:12 +0200 |
Sylvain Thénault |
on entity creation, accept attributes without any update access
stable
|
file |
diff |
annotate
|
Tue, 01 Jun 2010 17:06:41 +0200 |
Pierre-Yves David |
[web test] Add a CubicWebServerTC class to run test with a cw web serveur available.
|
file |
diff |
annotate
|
Thu, 20 May 2010 20:50:00 +0200 |
Sylvain Thénault |
[entity] continue cleanup of Entity/AnyEntity namespace
|
file |
diff |
annotate
|
Fri, 30 Apr 2010 18:24:29 +0200 |
Aurelien Campeas |
[hooks/...] fix previous commit
stable
|
file |
diff |
annotate
|
Fri, 30 Apr 2010 16:39:50 +0200 |
Aurelien Campeas |
[hooks/operations] use set_operations for three ops (huge gains for massive imports)
stable
|
file |
diff |
annotate
|
Wed, 28 Apr 2010 12:15:52 +0200 |
Sylvain Thénault |
replace logilab-common by CubicWeb in disclaimer
oldstable
|
file |
diff |
annotate
|
Wed, 28 Apr 2010 10:06:01 +0200 |
Sylvain Thénault |
proper licensing information (LGPL-2.1). Hope I get it right this time.
stable
|
file |
diff |
annotate
|
Wed, 24 Mar 2010 15:22:01 +0100 |
Sylvain Thénault |
don't update dontcheck until everything went fine:
stable
|
file |
diff |
annotate
|
Mon, 22 Mar 2010 17:58:03 +0100 |
Sylvain Thénault |
fix security issue introduced by 4967:04543ed0bbdc: attributes explicitly set by hooks should not be checked by security hooks
|
file |
diff |
annotate
|
Tue, 09 Mar 2010 08:59:43 +0100 |
Sylvain Thénault |
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
|
file |
diff |
annotate
|
Mon, 15 Feb 2010 15:14:27 +0100 |
Sylvain Thénault |
[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction
stable
|
file |
diff |
annotate
|
Mon, 15 Feb 2010 15:10:25 +0100 |
Sylvain Thénault |
follow yams api change: attributes permissions are now defined for
stable
|
file |
diff |
annotate
|
Mon, 18 Jan 2010 19:21:30 +0100 |
Sylvain Thénault |
backport stable branch
|
file |
diff |
annotate
| base
|
Tue, 22 Dec 2009 19:27:26 +0100 |
Sylvain Thénault |
fix bad merge
|
file |
diff |
annotate
|
Tue, 08 Dec 2009 17:48:06 +0100 |
Sylvain Thénault |
had been involontarly dropped
|
file |
diff |
annotate
|
Mon, 07 Dec 2009 05:09:09 -0800 |
Sandrine Ribeau |
fix bad merge
|
file |
diff |
annotate
|
Fri, 20 Nov 2009 19:35:54 +0100 |
Sylvain Thénault |
backport stable branch (one more time painfully)
|
file |
diff |
annotate
| base
|
Mon, 19 Oct 2009 15:16:41 +0200 |
Sylvain Thénault |
backport stable
|
file |
diff |
annotate
| base
|
Wed, 23 Sep 2009 08:42:52 +0200 |
Sylvain Thénault |
[appobjects] use __regid__ instead of __id__, more explicit
|
file |
diff |
annotate
|
Fri, 21 Aug 2009 16:26:20 +0200 |
Sylvain Thénault |
somewhat painful backport of 3.5 branch, should mostly be ok
|
file |
diff |
annotate
| base
|
Tue, 18 Aug 2009 00:29:19 +0200 |
Sylvain Thénault |
should directly use entity.check_perm now that we've an entity instance
|
file |
diff |
annotate
|
Fri, 14 Aug 2009 14:31:25 +0200 |
Sylvain Thénault |
use ._cw instead of .cw_req
|
file |
diff |
annotate
|
Fri, 14 Aug 2009 09:26:41 +0200 |
Sylvain Thénault |
[hooks] major refactoring:
|
file |
diff |
annotate
| base
|