diff -r b8287e54b528 -r 8bc6eac1fac1 hooks/security.py
--- a/hooks/security.py	Wed Aug 25 10:29:07 2010 +0200
+++ b/hooks/security.py	Wed Aug 25 10:29:18 2010 +0200
@@ -31,12 +31,9 @@
     eschema = entity.e_schema
     # ._cw_skip_security_attributes is there to bypass security for attributes
     # set by hooks by modifying the entity's dictionnary
-    dontcheck = entity._cw_skip_security_attributes
     if editedattrs is None:
-        try:
-            editedattrs = entity.edited_attributes
-        except AttributeError:
-            editedattrs = entity # XXX unexpected
+        editedattrs = entity.cw_edited
+    dontcheck = editedattrs.skip_security
     for attr in editedattrs:
         if attr in dontcheck:
             continue
@@ -46,10 +43,6 @@
             if creation and not rdef.permissions.get('update'):
                 continue
             rdef.check_perm(session, 'update', eid=eid)
-    # don't update dontcheck until everything went fine: see usage in
-    # after_update_entity, where if we got an Unauthorized at hook time, we will
-    # retry and commit time
-    dontcheck |= frozenset(editedattrs)
 
 
 class _CheckEntityPermissionOp(hook.LateOperation):
@@ -57,15 +50,12 @@
         #print 'CheckEntityPermissionOp', self.session.user, self.entity, self.action
         session = self.session
         for values in session.transaction_data.pop('check_entity_perm_op'):
-            entity = session.entity_from_eid(values[0])
-            action = values[1]
+            eid, action, edited = values
+            entity = session.entity_from_eid(eid)
             entity.cw_check_perm(action)
-            check_entity_attributes(session, entity, values[2:],
+            check_entity_attributes(session, entity, edited,
                                     creation=self.creation)
 
-    def commit_event(self):
-        pass
-
 
 class _CheckRelationPermissionOp(hook.LateOperation):
     def precommit_event(self):
@@ -76,9 +66,6 @@
                                 session.describe(eidto)[0])
             rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto)
 
-    def commit_event(self):
-        pass
-
 
 @objectify_selector
 @lltrace
@@ -99,7 +86,7 @@
 
     def __call__(self):
         hook.set_operation(self._cw, 'check_entity_perm_op',
-                           (self.entity.eid, 'add') + tuple(self.entity.edited_attributes),
+                           (self.entity.eid, 'add', self.entity.cw_edited),
                            _CheckEntityPermissionOp, creation=True)
 
 
@@ -115,10 +102,10 @@
         except Unauthorized:
             self.entity._cw_clear_local_perm_cache('update')
             # save back editedattrs in case the entity is reedited later in the
-            # same transaction, which will lead to edited_attributes being
+            # same transaction, which will lead to cw_edited being
             # overwritten
             hook.set_operation(self._cw, 'check_entity_perm_op',
-                               (self.entity.eid, 'update') + tuple(self.entity.edited_attributes),
+                               (self.entity.eid, 'update', self.entity.cw_edited),
                                _CheckEntityPermissionOp, creation=False)