# HG changeset patch # User Julien Cristau # Date 1389871265 -3600 # Node ID 6aec72169ee1a6a83900e8960364ee966be610a1 # Parent ce072c9aa5732ca608b94c64cb6859237f7d1d24 Disable security hooks for internal sessions Fixes semantic change introduced in 96dba2efd16d where internal sessions started to check attribute permissions. Closes #3444095 diff -r ce072c9aa573 -r 6aec72169ee1 server/session.py --- a/server/session.py Wed Jan 15 18:20:25 2014 +0100 +++ b/server/session.py Thu Jan 16 12:21:05 2014 +0100 @@ -1437,7 +1437,8 @@ self.user._cw = self # XXX remove when "vreg = user._cw.vreg" hack in entity.py is gone if not safe: self.disable_hook_categories('integrity') - self._tx.ctx_count += 1 + self.disable_hook_categories('security') + self._tx.ctx_count += 1 def __enter__(self): return self diff -r ce072c9aa573 -r 6aec72169ee1 server/test/unittest_session.py --- a/server/test/unittest_session.py Wed Jan 15 18:20:25 2014 +0100 +++ b/server/test/unittest_session.py Thu Jan 16 12:21:05 2014 +0100 @@ -28,11 +28,11 @@ def test_integrity_hooks(self): with self.repo.internal_session() as session: self.assertEqual(HOOKS_ALLOW_ALL, session.hooks_mode) - self.assertEqual(set(('integrity',)), session.disabled_hook_categories) + self.assertEqual(set(('integrity', 'security')), session.disabled_hook_categories) self.assertEqual(set(), session.enabled_hook_categories) session.commit() self.assertEqual(HOOKS_ALLOW_ALL, session.hooks_mode) - self.assertEqual(set(('integrity',)), session.disabled_hook_categories) + self.assertEqual(set(('integrity', 'security')), session.disabled_hook_categories) self.assertEqual(set(), session.enabled_hook_categories) class SessionTC(CubicWebTC):