# HG changeset patch
# User Sylvain Thénault <sylvain.thenault@logilab.fr>
# Date 1479489550 -3600
# Node ID 8758b42d6c72d6e665c5997ba73e51b6eb617907
# Parent  a997e5451737063c4a464455262848a3ca5508d0
[schema/optimization] Ensure read permissions are deactivated when we're checking a permission

When called from a web request, since we *are* checking some permission, read
permissions don't have to be introduced in this query.

We may avoid that since there now more any differences between web and repo
connections, so let's do it.

diff -r a997e5451737 -r 8758b42d6c72 cubicweb/schema.py
--- a/cubicweb/schema.py	Fri Nov 18 18:16:21 2016 +0100
+++ b/cubicweb/schema.py	Fri Nov 18 18:19:10 2016 +0100
@@ -348,7 +348,9 @@
         if keyarg is None:
             kwargs.setdefault('u', _cw.user.eid)
             try:
-                rset = _cw.execute(rql, kwargs, build_descr=True)
+                # ensure security is disabled
+                with getattr(_cw, 'cnx', _cw).security_enabled(read=False):
+                    rset = _cw.execute(rql, kwargs, build_descr=True)
             except NotImplementedError:
                 self.critical('cant check rql expression, unsupported rql %s', rql)
                 if self.eid is not None: