diff -r a6b084ea4c5b -r 0033aa71e077 server/repository.py --- a/server/repository.py Tue Apr 22 14:43:11 2014 +0200 +++ b/server/repository.py Thu Apr 10 11:04:13 2014 +0200 @@ -606,11 +606,10 @@ This is a public method, not requiring a session id. """ with self.internal_cnx() as cnx: - with cnx.ensure_cnx_set: - # don't use cnx.execute, we don't want rset.req set - return self.querier.execute(cnx, 'Any K,V WHERE P is CWProperty,' - 'P pkey K, P value V, NOT P for_user U', - build_descr=False) + # don't use cnx.execute, we don't want rset.req set + return self.querier.execute(cnx, 'Any K,V WHERE P is CWProperty,' + 'P pkey K, P value V, NOT P for_user U', + build_descr=False) # XXX protect this method: anonymous should be allowed and registration # plugged @@ -620,35 +619,34 @@ registration on public web site. """ with self.internal_cnx() as cnx: - with cnx.ensure_cnx_set: - # for consistency, keep same error as unique check hook (although not required) - errmsg = cnx._('the value "%s" is already used, use another one') - if (cnx.execute('CWUser X WHERE X login %(login)s', {'login': login}, - build_descr=False) - or cnx.execute('CWUser X WHERE X use_email C, C address %(login)s', - {'login': login}, build_descr=False)): - qname = role_name('login', 'subject') - raise ValidationError(None, {qname: errmsg % login}) - # we have to create the user - user = self.vreg['etypes'].etype_class('CWUser')(cnx) - if isinstance(password, unicode): - # password should *always* be utf8 encoded - password = password.encode('UTF8') - kwargs['login'] = login - kwargs['upassword'] = password - self.glob_add_entity(cnx, EditedEntity(user, **kwargs)) - cnx.execute('SET X in_group G WHERE X eid %(x)s, G name "users"', - {'x': user.eid}) - if email or '@' in login: - d = {'login': login, 'email': email or login} - if cnx.execute('EmailAddress X WHERE X address %(email)s', d, - build_descr=False): - qname = role_name('address', 'subject') - raise ValidationError(None, {qname: errmsg % d['email']}) - cnx.execute('INSERT EmailAddress X: X address %(email)s, ' - 'U primary_email X, U use_email X ' - 'WHERE U login %(login)s', d, build_descr=False) - cnx.commit() + # for consistency, keep same error as unique check hook (although not required) + errmsg = cnx._('the value "%s" is already used, use another one') + if (cnx.execute('CWUser X WHERE X login %(login)s', {'login': login}, + build_descr=False) + or cnx.execute('CWUser X WHERE X use_email C, C address %(login)s', + {'login': login}, build_descr=False)): + qname = role_name('login', 'subject') + raise ValidationError(None, {qname: errmsg % login}) + # we have to create the user + user = self.vreg['etypes'].etype_class('CWUser')(cnx) + if isinstance(password, unicode): + # password should *always* be utf8 encoded + password = password.encode('UTF8') + kwargs['login'] = login + kwargs['upassword'] = password + self.glob_add_entity(cnx, EditedEntity(user, **kwargs)) + cnx.execute('SET X in_group G WHERE X eid %(x)s, G name "users"', + {'x': user.eid}) + if email or '@' in login: + d = {'login': login, 'email': email or login} + if cnx.execute('EmailAddress X WHERE X address %(email)s', d, + build_descr=False): + qname = role_name('address', 'subject') + raise ValidationError(None, {qname: errmsg % d['email']}) + cnx.execute('INSERT EmailAddress X: X address %(email)s, ' + 'U primary_email X, U use_email X ' + 'WHERE U login %(login)s', d, build_descr=False) + cnx.commit() return True def find_users(self, fetch_attrs, **query_attrs): @@ -950,8 +948,11 @@ """ with InternalSession(self) as session: with session.new_cnx() as cnx: + # equivalent to cnx.security_enabled(False, False) because + # InternalSession gives full read access with cnx.allow_all_hooks_but('security'): - yield cnx + with cnx.ensure_cnx_set: + yield cnx def _get_session(self, sessionid, setcnxset=False, txid=None,