# HG changeset patch # User Sylvain Thénault # Date 1347624939 -7200 # Node ID 0d2fb4604265df74c596431b115ea80de42187b1 # Parent 77ea3eed99469840583b72a90dd38a433391e3ed [session] fix arguments default value and promote usage of security_enabled as session method. Closes #2481820 One should use session method rather than direct usage of the context manager of the same name. Fix default argument values for consistency with the context manager: when one omit an argument, meaning is "keep the current value", not "disable security". diff -r 77ea3eed9946 -r 0d2fb4604265 devtools/fake.py --- a/devtools/fake.py Thu Sep 20 14:50:06 2012 +0200 +++ b/devtools/fake.py Fri Sep 14 14:15:39 2012 +0200 @@ -155,6 +155,12 @@ def set_entity_cache(self, entity): pass + def security_enabled(self, read=False, write=False): + class FakeCM(object): + def __enter__(self): pass + def __exit__(self, exctype, exc, traceback): pass + return FakeCM() + # for use with enabled_security context manager read_security = write_security = True def init_security(self, *args): diff -r 77ea3eed9946 -r 0d2fb4604265 devtools/testlib.py --- a/devtools/testlib.py Thu Sep 20 14:50:06 2012 +0200 +++ b/devtools/testlib.py Fri Sep 14 14:15:39 2012 +0200 @@ -47,7 +47,7 @@ from cubicweb import cwconfig, dbapi, devtools, web, server from cubicweb.sobjects import notification from cubicweb.web import Redirect, application -from cubicweb.server.session import Session, security_enabled +from cubicweb.server.session import Session from cubicweb.server.hook import SendMailOp from cubicweb.devtools import SYSTEM_ENTITIES, SYSTEM_RELATIONS, VIEW_VALIDATORS from cubicweb.devtools import BASE_URL, fake, htmlparser, DEFAULT_EMPTY_DB_ID @@ -1050,7 +1050,7 @@ """this method populates the database with `how_many` entities of each possible type. It also inserts random relations between them """ - with security_enabled(self.session, read=False, write=False): + with self.session.security_enabled(read=False, write=False): self._auto_populate(how_many) def _auto_populate(self, how_many): diff -r 77ea3eed9946 -r 0d2fb4604265 entities/test/unittest_wfobjs.py --- a/entities/test/unittest_wfobjs.py Thu Sep 20 14:50:06 2012 +0200 +++ b/entities/test/unittest_wfobjs.py Fri Sep 14 14:15:39 2012 +0200 @@ -20,7 +20,6 @@ from cubicweb import ValidationError from cubicweb.devtools.testlib import CubicWebTC -from cubicweb.server.session import security_enabled def add_wf(self, etype, name=None, default=False): @@ -155,7 +154,7 @@ wf = add_wf(self, 'CWUser') s = wf.add_state(u'foo', initial=True) self.commit() - with security_enabled(self.session, write=False): + with self.session.security_enabled(write=False): with self.assertRaises(ValidationError) as cm: self.session.execute('SET X in_state S WHERE X eid %(x)s, S eid %(s)s', {'x': self.user().eid, 's': s.eid}) diff -r 77ea3eed9946 -r 0d2fb4604265 server/checkintegrity.py --- a/server/checkintegrity.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/checkintegrity.py Fri Sep 14 14:15:39 2012 +0200 @@ -1,4 +1,4 @@ -# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. +# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr # # This file is part of CubicWeb. @@ -32,7 +32,6 @@ from cubicweb.schema import PURE_VIRTUAL_RTYPES, VIRTUAL_RTYPES from cubicweb.server.sqlutils import SQL_PREFIX -from cubicweb.server.session import security_enabled def notify_fixed(fix): if fix: @@ -394,7 +393,7 @@ # yo, launch checks if checks: eids_cache = {} - with security_enabled(session, read=False, write=False): # ensure no read security + with session.security_enabled(read=False, write=False): # ensure no read security for check in checks: check_func = globals()['check_%s' % check] check_func(repo.schema, session, eids_cache, fix=fix) diff -r 77ea3eed9946 -r 0d2fb4604265 server/hook.py --- a/server/hook.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/hook.py Fri Sep 14 14:15:39 2012 +0200 @@ -264,7 +264,6 @@ from cubicweb.cwvreg import CWRegistry, CWRegistryStore from cubicweb.predicates import ExpectedValuePredicate, is_instance from cubicweb.appobject import AppObject -from cubicweb.server.session import security_enabled ENTITIES_HOOKS = set(('before_add_entity', 'after_add_entity', 'before_update_entity', 'after_update_entity', @@ -322,11 +321,11 @@ pruned = self.get_pruned_hooks(session, event, entities, eids_from_to, kwargs) # by default, hooks are executed with security turned off - with security_enabled(session, read=False): + with session.security_enabled(read=False): for _kwargs in _iter_kwargs(entities, eids_from_to, kwargs): hooks = sorted(self.filtered_possible_objects(pruned, session, **_kwargs), key=lambda x: x.order) - with security_enabled(session, write=False): + with session.security_enabled(write=False): for hook in hooks: hook() diff -r 77ea3eed9946 -r 0d2fb4604265 server/querier.py --- a/server/querier.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/querier.py Fri Sep 14 14:15:39 2012 +0200 @@ -42,7 +42,6 @@ from cubicweb.server.rqlannotation import SQLGenAnnotator, set_qdata from cubicweb.server.ssplanner import READ_ONLY_RTYPES, add_types_restriction from cubicweb.server.edition import EditedEntity -from cubicweb.server.session import security_enabled ETYPE_PYOBJ_MAP[Binary] = 'Bytes' @@ -262,7 +261,7 @@ cached = True else: noinvariant = set() - with security_enabled(self.session, read=False): + with self.session.security_enabled(read=False): self._insert_security(union, noinvariant) if key is not None: self.session.transaction_data[key] = (union, self.args) diff -r 77ea3eed9946 -r 0d2fb4604265 server/repository.py --- a/server/repository.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/repository.py Fri Sep 14 14:15:39 2012 +0200 @@ -56,8 +56,7 @@ RepositoryError, UniqueTogetherError, typed_eid, onevent) from cubicweb import cwvreg, schema, server from cubicweb.server import ShuttingDown, utils, hook, pool, querier, sources -from cubicweb.server.session import Session, InternalSession, InternalManager, \ - security_enabled +from cubicweb.server.session import Session, InternalSession, InternalManager from cubicweb.server.ssplanner import EditedEntity NO_CACHE_RELATIONS = set( [('owned_by', 'object'), @@ -109,12 +108,12 @@ # * we don't want read permissions to be applied but we want delete # permission to be checked if card[0] in '1?': - with security_enabled(session, read=False): + with session.security_enabled(read=False): session.execute('DELETE X %s Y WHERE X eid %%(x)s, ' 'NOT Y eid %%(y)s' % rtype, {'x': eidfrom, 'y': eidto}) if card[1] in '1?': - with security_enabled(session, read=False): + with session.security_enabled(read=False): session.execute('DELETE X %s Y WHERE Y eid %%(y)s, ' 'NOT X eid %%(x)s' % rtype, {'x': eidfrom, 'y': eidto}) @@ -1200,7 +1199,7 @@ source = self.sources_by_eid[scleanup] # delete remaining relations: if user can delete the entity, he can # delete all its relations without security checking - with security_enabled(session, read=False, write=False): + with session.security_enabled(read=False, write=False): eid = entity.eid for rschema, _, role in entity.e_schema.relation_definitions(): rtype = rschema.type @@ -1242,7 +1241,7 @@ source = self.sources_by_eid[scleanup] # delete remaining relations: if user can delete the entity, he can # delete all its relations without security checking - with security_enabled(session, read=False, write=False): + with session.security_enabled(read=False, write=False): in_eids = ','.join([str(_e.eid) for _e in entities]) for rschema, _, role in entities[0].e_schema.relation_definitions(): rtype = rschema.type @@ -1355,7 +1354,7 @@ session.update_rel_cache_add(entity.eid, attr, value) rdef = session.rtype_eids_rdef(attr, entity.eid, value) if rdef.cardinality[1] in '1?' and activeintegrity: - with security_enabled(session, read=False): + with session.security_enabled(read=False): session.execute('DELETE X %s Y WHERE Y eid %%(y)s' % attr, {'x': entity.eid, 'y': value}) edited.set_defaults() @@ -1541,7 +1540,7 @@ rdef = session.rtype_eids_rdef(rtype, subjeid, objeid) card = rdef.cardinality if card[0] in '?1': - with security_enabled(session, read=False): + with session.security_enabled(read=False): session.execute('DELETE X %s Y WHERE X eid %%(x)s, ' 'NOT Y eid %%(y)s' % rtype, {'x': subjeid, 'y': objeid}) @@ -1552,7 +1551,7 @@ continue subjects[subjeid] = len(relations_by_rtype[rtype]) - 1 if card[1] in '?1': - with security_enabled(session, read=False): + with session.security_enabled(read=False): session.execute('DELETE X %s Y WHERE Y eid %%(y)s, ' 'NOT X eid %%(x)s' % rtype, {'x': subjeid, 'y': objeid}) diff -r 77ea3eed9946 -r 0d2fb4604265 server/session.py --- a/server/session.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/session.py Fri Sep 14 14:15:39 2012 +0200 @@ -470,7 +470,7 @@ DEFAULT_SECURITY = object() # evaluated to true by design - def security_enabled(self, read=False, write=False): + def security_enabled(self, read=None, write=None): return security_enabled(self, read=read, write=write) def init_security(self, read, write): diff -r 77ea3eed9946 -r 0d2fb4604265 server/ssplanner.py --- a/server/ssplanner.py Thu Sep 20 14:50:06 2012 +0200 +++ b/server/ssplanner.py Fri Sep 14 14:15:39 2012 +0200 @@ -1,4 +1,4 @@ -# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. +# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. # contact http://www.logilab.fr/ -- mailto:contact@logilab.fr # # This file is part of CubicWeb. @@ -27,7 +27,6 @@ from cubicweb import QueryError, typed_eid from cubicweb.schema import VIRTUAL_RTYPES from cubicweb.rqlrewrite import add_types_restriction -from cubicweb.server.session import security_enabled from cubicweb.server.edition import EditedEntity READ_ONLY_RTYPES = set(('eid', 'has_text', 'is', 'is_instance_of', 'identity')) @@ -87,7 +86,7 @@ # the generated select substep if not emited (eg nothing # to be selected) if checkread and eid not in neweids: - with security_enabled(session, read=False): + with session.security_enabled(read=False): eschema(session.describe(eid)[0]).check_perm( session, 'read', eid=eid) eidconsts[lhs.variable] = eid