# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1268929070 -3600
# Node ID 7f5b83578fec5dbcce90a430953f5659eb0dc426
# Parent  3143a1258d628215cfcd2b2fc981ee86cdbb7e02
disable security when undoing

diff -r 3143a1258d62 -r 7f5b83578fec server/sources/native.py
--- a/server/sources/native.py	Thu Mar 18 17:14:01 2010 +0100
+++ b/server/sources/native.py	Thu Mar 18 17:17:50 2010 +0100
@@ -35,7 +35,7 @@
 from cubicweb.server.utils import crypt_password
 from cubicweb.server.sqlutils import SQL_PREFIX, SQLAdapterMixIn
 from cubicweb.server.rqlannotation import set_qdata
-from cubicweb.server.session import hooks_control
+from cubicweb.server.session import hooks_control, security_enabled
 from cubicweb.server.sources import AbstractSource, dbg_st_search, dbg_results
 from cubicweb.server.sources.rql2sql import SQLGenerator
 
@@ -752,9 +752,10 @@
         session.mode = 'write'
         errors = []
         with hooks_control(session, session.HOOKS_DENY_ALL, 'integrity'):
-            for action in reversed(self.tx_actions(session, txuuid, False)):
-                undomethod = getattr(self, '_undo_%s' % action.action.lower())
-                errors += undomethod(session, action)
+            with security_enabled(session, read=False):
+                for action in reversed(self.tx_actions(session, txuuid, False)):
+                    undomethod = getattr(self, '_undo_%s' % action.action.lower())
+                    errors += undomethod(session, action)
         # remove the transactions record
         self.doexec(session,
                     "DELETE FROM transactions WHERE tx_uuid='%s'" % txuuid)