# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1266953026 -3600
# Node ID 6f8b925a29f4c5753f4ecbd98a5457ff3e3ce9aa
# Parent  0288f8e5460cc3da5c67b6e6d0cc22168f9a42b1
auto-delete relation with single cardinality using execute, not unsafe_execute, so permissions are correctly checked

diff -r 0288f8e5460c -r 6f8b925a29f4 server/repository.py
--- a/server/repository.py	Tue Feb 23 20:22:40 2010 +0100
+++ b/server/repository.py	Tue Feb 23 20:23:46 2010 +0100
@@ -113,14 +113,17 @@
     # the web interface but may occurs during test or dbapi connection (though
     # not expected for this).  So: don't do it, we pretend to ensure repository
     # consistency.
+    #
+    # also, we must not use unsafe_execute since we want the delete permission
+    # to be checked when some existing relation is deleted
     if card[0] in '1?':
         rschema = session.repo.schema.rschema(rtype)
         if not rschema.inlined: # inlined relations will be implicitly deleted
-            session.unsafe_execute('DELETE X %s Y WHERE X eid %%(x)s, NOT Y eid %%(y)s' % rtype,
-                                   {'x': eidfrom, 'y': eidto}, 'x')
+            session.execute('DELETE X %s Y WHERE X eid %%(x)s, NOT Y eid %%(y)s' % rtype,
+                            {'x': eidfrom, 'y': eidto}, 'x')
     if card[1] in '1?':
-        session.unsafe_execute('DELETE X %s Y WHERE NOT X eid %%(x)s, Y eid %%(y)s' % rtype,
-                               {'x': eidfrom, 'y': eidto}, 'y')
+        session.execute('DELETE X %s Y WHERE NOT X eid %%(x)s, Y eid %%(y)s' % rtype,
+                        {'x': eidfrom, 'y': eidto}, 'y')
 
 
 class Repository(object):
diff -r 0288f8e5460c -r 6f8b925a29f4 sobjects/test/unittest_email.py
--- a/sobjects/test/unittest_email.py	Tue Feb 23 20:22:40 2010 +0100
+++ b/sobjects/test/unittest_email.py	Tue Feb 23 20:23:46 2010 +0100
@@ -46,10 +46,10 @@
         self.commit()
         cnx = self.login('toto')
         cu = cnx.cursor()
-        cu.execute('SET U primary_email E WHERE E eid %(e)s, U login "toto"',
-                   {'e': email1})
-        self.assertRaises(Unauthorized, cnx.commit)
-
+        self.assertRaises(Unauthorized,
+                          cu.execute, 'SET U primary_email E WHERE E eid %(e)s, U login "toto"',
+                          {'e': email1})
+        cnx.close()
 
 if __name__ == '__main__':
     from logilab.common.testlib import unittest_main