Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Sep 2014 14:42:00 +0200] rev 9986
Added tag cubicweb-version-3.19.4, cubicweb-debian-version-3.19.4-1, cubicweb-centos-version-3.19.4-1 for changeset c4e740e50fc7
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Sep 2014 14:24:20 +0200] rev 9985
[pkg] 3.19.4
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 18:04:30 +0200] rev 9984
merge 3.18.6 into 3.19
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 17:35:59 +0200] rev 9983
Added tag cubicweb-version-3.18.6, cubicweb-debian-version-3.18.6-1, cubicweb-centos-version-3.18.6-1 for changeset d91501356742
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 15:08:44 +0200] rev 9982
[pkg] 3.18.6
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 28 Jan 2014 15:27:59 +0100] rev 9981
[hooks/security] allow edition of attributes with permissive permissions
If an attribute has more permissive security rules than the entity
type itself, we should be green and not deny action because of an
early global entity permission check (with the more restrictive
rules).
Only if one attribute with the entity-level permission rules is edited
will the global check be performed.
Note:
* the "if action == 'delete'" check at the entry of
check_entity_attributes is a guard for a condition currently not
happening in cubicweb itself (but application hooks could
conceivably call this function with a 'delete' action)
Closes #3489895.