# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1269440521 -3600
# Node ID 221f76e14eea1e5a582ea49be8f1d870818afbd5
# Parent  924f8274a2644c954f6e96367c2b4ebbb89c8e39
don't update dontcheck until everything went fine:

see usage in after_update_entity, where if we got an Unauthorized at
hook time, we will retry and commit time.

diff -r 924f8274a264 -r 221f76e14eea hooks/security.py
--- a/hooks/security.py	Wed Mar 24 15:21:21 2010 +0100
+++ b/hooks/security.py	Wed Mar 24 15:22:01 2010 +0100
@@ -25,15 +25,16 @@
         except AttributeError:
             editedattrs = entity # XXX unexpected
     for attr in editedattrs:
-        try:
-            dontcheck.remove(attr)
+        if attr in dontcheck:
             continue
-        except KeyError:
-            pass
         rdef = eschema.rdef(attr)
         if rdef.final: # non final relation are checked by other hooks
             # add/delete should be equivalent (XXX: unify them into 'update' ?)
             rdef.check_perm(session, 'update', eid=eid)
+    # don't update dontcheck until everything went fine: see usage in
+    # after_update_entity, where if we got an Unauthorized at hook time, we will
+    # retry and commit time
+    dontcheck |= frozenset(editedattrs)
 
 
 class _CheckEntityPermissionOp(hook.LateOperation):