# HG changeset patch # User Sylvain Thénault # Date 1266434532 -3600 # Node ID f4254586e8670016664b09ebdc0c5222726f72d4 # Parent 412a9f1f5fd0f54fd3ca2f1fce16055f815cd58f [security] allow to call .check on rql expression with a user eid specified diff -r 412a9f1f5fd0 -r f4254586e867 schema.py --- a/schema.py Wed Feb 17 16:42:52 2010 +0100 +++ b/schema.py Wed Feb 17 20:22:12 2010 +0100 @@ -806,9 +806,8 @@ # on the server side, use unsafe_execute, but this is not available # on the client side (session is actually a request) execute = getattr(session, 'unsafe_execute', session.execute) - # XXX what if 'u' in kwargs + kwargs.setdefault('u', session.user.eid) cachekey = kwargs.keys() - kwargs['u'] = session.user.eid try: rset = execute(rql, kwargs, cachekey, build_descr=True) except NotImplementedError: @@ -872,15 +871,15 @@ rql += ', U eid %(u)s' return rql - def check(self, session, eid=None, creating=False): + def check(self, session, eid=None, creating=False, **kwargs): if 'X' in self.rqlst.defined_vars: if eid is None: if creating: - return self._check(session, creating=True) + return self._check(session, creating=True, **kwargs) return False assert creating == False - return self._check(session, x=eid) - return self._check(session) + return self._check(session, x=eid, **kwargs) + return self._check(session, **kwargs) class RRQLExpression(RQLExpression):