diff -r 5b75fd66c80e -r d7a270f50f54 hooks/security.py
--- a/hooks/security.py	Sun Nov 08 21:53:18 2009 +0100
+++ b/hooks/security.py	Fri Nov 20 19:35:54 2009 +0100
@@ -25,10 +25,10 @@
     for attr in editedattrs:
         if attr in defaults:
             continue
-        rschema = eschema.subjrels[attr]
-        if rschema.final: # non final relation are checked by other hooks
+        rdef = eschema.rdef(attr)
+        if rdef.final: # non final relation are checked by other hooks
             # add/delete should be equivalent (XXX: unify them into 'update' ?)
-            rschema.check_perm(session, 'add', eid)
+            rdef.check_perm(session, 'add', eid=eid)
 
 
 class _CheckEntityPermissionOp(hook.LateOperation):
@@ -43,7 +43,10 @@
 
 class _CheckRelationPermissionOp(hook.LateOperation):
     def precommit_event(self):
-        self.rschema.check_perm(self.session, self.action, self.eidfrom, self.eidto)
+        rdef = self.rschema.rdef(self.session.describe(self.eidfrom)[0],
+                                 self.session.describe(self.eidto)[0])
+        rdef.check_perm(self.session, self.action,
+                        fromeid=self.eidfrom, toeid=self.eidto)
 
     def commit_event(self):
         pass
@@ -95,7 +98,9 @@
             if (self.eidfrom, self.rtype, self.eidto) in nocheck:
                 return
             rschema = self._cw.repo.schema[self.rtype]
-            rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto)
+            rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0],
+                                self._cw.describe(self.eidto)[0])
+            rdef.check_perm(session, 'add', fromeid=self.eidfrom, toeid=self.eidto)
 
 
 class AfterAddRelationSecurityHook(SecurityHook):
@@ -114,17 +119,7 @@
                                            eidfrom=self.eidfrom,
                                            eidto=self.eidto)
             else:
-                rschema.check_perm(self._cw, 'add', self.eidfrom, self.eidto)
-
-
-class BeforeDelRelationSecurityHook(SecurityHook):
-    __regid__ = 'securitybeforedelrelation'
-    events = ('before_delete_relation',)
+                rdef = rschema.rdef(session.describe(self.eidfrom)[0],
+                                    session.describe(self.eidto)[0])
+                rdef.check_perm(session, 'add', fromeid=self.eidfrom, toeid=self.eidto)
 
-    def __call__(self):
-        nocheck = self._cw.transaction_data.get('skip-security', ())
-        if (self.eidfrom, self.rtype, self.eidto) in nocheck:
-            return
-        self._cw.repo.schema[self.rtype].check_perm(self._cw, 'delete',
-                                                       self.eidfrom, self.eidto)
-