# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1269434453 -3600
# Node ID 3bf481cf51cba6f494d9e21dd2ac4cd6f827b07e
# Parent  0e6dca27422c313069699324361524224b54c622
[security] don't add attribute into skip_security if already in edited_attributes, else we may accidentaly skip a desired security check

diff -r 0e6dca27422c -r 3bf481cf51cb entity.py
--- a/entity.py	Wed Mar 24 11:15:57 2010 +0100
+++ b/entity.py	Wed Mar 24 13:40:53 2010 +0100
@@ -249,7 +249,10 @@
             self.eid = value
         else:
             super(Entity, self).__setitem__(attr, value)
-            if hasattr(self, 'edited_attributes'):
+            # don't add attribute into skip_security if already in edited
+            # attributes, else we may accidentaly skip a desired security check
+            if hasattr(self, 'edited_attributes') and \
+                   attr not in self.edited_attributes:
                 self.edited_attributes.add(attr)
                 self.skip_security_attributes.add(attr)
 
@@ -276,7 +279,10 @@
     def setdefault(self, attr, default):
         """override setdefault to update self.edited_attributes"""
         super(Entity, self).setdefault(attr, default)
-        if hasattr(self, 'edited_attributes'):
+        # don't add attribute into skip_security if already in edited
+        # attributes, else we may accidentaly skip a desired security check
+        if hasattr(self, 'edited_attributes') and \
+               attr not in self.edited_attributes:
             self.edited_attributes.add(attr)
             self.skip_security_attributes.add(attr)