hooks/security.py
Tue, 21 Jul 2015 18:17:31 +0200 Julien Cristau [hook] remove assumption about entity cache vs cw_edited
Tue, 21 Jul 2015 18:09:12 +0200 Julien Cristau [hook] don't open-code Connection.entity_cache
Mon, 15 Jun 2015 10:49:33 +0200 Sylvain Thénault when some inlined relation is set using cw_edited, its security shouldn't be checked.
Thu, 22 Jan 2015 17:18:20 +0100 Julien Cristau merge 3.18.8 into 3.19 branch
Wed, 21 Jan 2015 15:58:33 +0100 Julien Cristau [security] Test case and fix for an INSERT security hole stable
Wed, 17 Dec 2014 10:55:53 +0100 Aurelien Campeas [security] check attributes: dispatch on the "add" action if entity was just created
Wed, 24 Sep 2014 18:04:30 +0200 Julien Cristau merge 3.18.6 into 3.19
Tue, 28 Jan 2014 15:27:59 +0100 Aurelien Campeas [hooks/security] allow edition of attributes with permissive permissions stable
Tue, 01 Apr 2014 16:28:12 +0200 Julien Cristau [hooks/security] let's use a connection, not a session
Mon, 17 Feb 2014 15:32:50 +0100 Julien Cristau merge 3.18.x in 3.19 branch
Fri, 14 Feb 2014 16:10:36 +0100 Julien Cristau merge 3.17.13
Wed, 12 Feb 2014 18:15:32 +0100 Aurelien Campeas [hooks/security, devtools/fill] silence yams 0.38.0 warnings stable
Mon, 27 Jan 2014 16:19:49 +0100 Julien Cristau merge 3.18.2 into 3.19 branch
Thu, 23 Jan 2014 13:47:28 +0100 Sylvain Thénault [multi-sources-removal] Drop entities.source column
Tue, 14 Jan 2014 11:14:41 +0100 Aurelien Campeas [hooks/security] silence yams warning (closes #3440707)
Thu, 16 Jan 2014 13:50:26 +0100 Julien Cristau [security] Add comment to check_entity_attributes shortcut
Thu, 24 Oct 2013 13:15:53 +0200 Aurelien Campeas [hooks/security] provide attribute "add" permission
Fri, 04 Oct 2013 17:05:49 +0200 Aurelien Campeas [hooks/security] Defer entity permission checks to an Operation.
Wed, 03 Jul 2013 14:16:21 +0200 Aurelien Campeas [hooks/security] Streamline attributes default permission check. stable
Thu, 16 Feb 2012 14:15:37 +0100 Sylvain Thénault backport stable
Thu, 16 Feb 2012 14:14:52 +0100 Sylvain Thénault [spelling] fix dictionnary -> dictionary typo stable
Mon, 23 Jan 2012 13:25:02 +0100 Sylvain Thénault [vreg] move base registry implementation to logilab.common. Closes #1916014
Sat, 09 Oct 2010 00:05:50 +0200 Sylvain Thénault [hook/operation] nicer api to achieve same result as set_operation, as described in #1253630
Wed, 25 Aug 2010 10:29:18 +0200 Sylvain Thénault [session] cleanup hook / operation / entity edition api
Thu, 01 Jul 2010 17:06:37 +0200 Sylvain Thénault backport stable
Thu, 01 Jul 2010 09:23:39 +0200 Sylvain Thénault [security] use set_operation for relation permission checking operation stable
Mon, 21 Jun 2010 15:34:46 +0200 Sylvain Thénault backport stable
Mon, 21 Jun 2010 15:32:26 +0200 Sylvain Thénault [transaction w/ separated web/repo processes] the dbapi should explicitly specify a transaction id to avoid confusion when web server / repository run in separated processes stable
Mon, 07 Jun 2010 13:31:46 +0200 Sylvain Thénault [security hooks] fix bad merge
Mon, 07 Jun 2010 13:22:24 +0200 Sylvain Thénault backport stable
Fri, 04 Jun 2010 13:09:12 +0200 Sylvain Thénault on entity creation, accept attributes without any update access stable
Tue, 01 Jun 2010 17:06:41 +0200 Pierre-Yves David [web test] Add a CubicWebServerTC class to run test with a cw web serveur available.
Thu, 20 May 2010 20:50:00 +0200 Sylvain Thénault [entity] continue cleanup of Entity/AnyEntity namespace
Fri, 30 Apr 2010 18:24:29 +0200 Aurelien Campeas [hooks/...] fix previous commit stable
Fri, 30 Apr 2010 16:39:50 +0200 Aurelien Campeas [hooks/operations] use set_operations for three ops (huge gains for massive imports) stable
Wed, 28 Apr 2010 12:15:52 +0200 Sylvain Thénault replace logilab-common by CubicWeb in disclaimer oldstable
Wed, 28 Apr 2010 10:06:01 +0200 Sylvain Thénault proper licensing information (LGPL-2.1). Hope I get it right this time. stable
Wed, 24 Mar 2010 15:22:01 +0100 Sylvain Thénault don't update dontcheck until everything went fine: stable
Mon, 22 Mar 2010 17:58:03 +0100 Sylvain Thénault fix security issue introduced by 4967:04543ed0bbdc: attributes explicitly set by hooks should not be checked by security hooks
Tue, 09 Mar 2010 08:59:43 +0100 Sylvain Thénault [repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Mon, 15 Feb 2010 15:14:27 +0100 Sylvain Thénault [security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction stable
Mon, 15 Feb 2010 15:10:25 +0100 Sylvain Thénault follow yams api change: attributes permissions are now defined for stable
Mon, 18 Jan 2010 19:21:30 +0100 Sylvain Thénault backport stable branch
Tue, 22 Dec 2009 19:27:26 +0100 Sylvain Thénault fix bad merge
Tue, 08 Dec 2009 17:48:06 +0100 Sylvain Thénault had been involontarly dropped
Mon, 07 Dec 2009 05:09:09 -0800 Sandrine Ribeau fix bad merge
Fri, 20 Nov 2009 19:35:54 +0100 Sylvain Thénault backport stable branch (one more time painfully)
Mon, 19 Oct 2009 15:16:41 +0200 Sylvain Thénault backport stable
Wed, 23 Sep 2009 08:42:52 +0200 Sylvain Thénault [appobjects] use __regid__ instead of __id__, more explicit
Fri, 21 Aug 2009 16:26:20 +0200 Sylvain Thénault somewhat painful backport of 3.5 branch, should mostly be ok
Tue, 18 Aug 2009 00:29:19 +0200 Sylvain Thénault should directly use entity.check_perm now that we've an entity instance
Fri, 14 Aug 2009 14:31:25 +0200 Sylvain Thénault use ._cw instead of .cw_req
Fri, 14 Aug 2009 09:26:41 +0200 Sylvain Thénault [hooks] major refactoring:
less more (0) tip