[session] fix arguments default value and promote usage of security_enabled as session method. Closes #2481820
One should use session method rather than direct usage of the context manager
of the same name.
Fix default argument values for consistency with the context manager: when one
omit an argument, meaning is "keep the current value", not "disable security".
--- a/devtools/fake.py Thu Sep 20 14:50:06 2012 +0200
+++ b/devtools/fake.py Fri Sep 14 14:15:39 2012 +0200
@@ -155,6 +155,12 @@
def set_entity_cache(self, entity):
pass
+ def security_enabled(self, read=False, write=False):
+ class FakeCM(object):
+ def __enter__(self): pass
+ def __exit__(self, exctype, exc, traceback): pass
+ return FakeCM()
+
# for use with enabled_security context manager
read_security = write_security = True
def init_security(self, *args):
--- a/devtools/testlib.py Thu Sep 20 14:50:06 2012 +0200
+++ b/devtools/testlib.py Fri Sep 14 14:15:39 2012 +0200
@@ -47,7 +47,7 @@
from cubicweb import cwconfig, dbapi, devtools, web, server
from cubicweb.sobjects import notification
from cubicweb.web import Redirect, application
-from cubicweb.server.session import Session, security_enabled
+from cubicweb.server.session import Session
from cubicweb.server.hook import SendMailOp
from cubicweb.devtools import SYSTEM_ENTITIES, SYSTEM_RELATIONS, VIEW_VALIDATORS
from cubicweb.devtools import BASE_URL, fake, htmlparser, DEFAULT_EMPTY_DB_ID
@@ -1050,7 +1050,7 @@
"""this method populates the database with `how_many` entities
of each possible type. It also inserts random relations between them
"""
- with security_enabled(self.session, read=False, write=False):
+ with self.session.security_enabled(read=False, write=False):
self._auto_populate(how_many)
def _auto_populate(self, how_many):
--- a/entities/test/unittest_wfobjs.py Thu Sep 20 14:50:06 2012 +0200
+++ b/entities/test/unittest_wfobjs.py Fri Sep 14 14:15:39 2012 +0200
@@ -20,7 +20,6 @@
from cubicweb import ValidationError
from cubicweb.devtools.testlib import CubicWebTC
-from cubicweb.server.session import security_enabled
def add_wf(self, etype, name=None, default=False):
@@ -155,7 +154,7 @@
wf = add_wf(self, 'CWUser')
s = wf.add_state(u'foo', initial=True)
self.commit()
- with security_enabled(self.session, write=False):
+ with self.session.security_enabled(write=False):
with self.assertRaises(ValidationError) as cm:
self.session.execute('SET X in_state S WHERE X eid %(x)s, S eid %(s)s',
{'x': self.user().eid, 's': s.eid})
--- a/server/checkintegrity.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/checkintegrity.py Fri Sep 14 14:15:39 2012 +0200
@@ -1,4 +1,4 @@
-# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
#
# This file is part of CubicWeb.
@@ -32,7 +32,6 @@
from cubicweb.schema import PURE_VIRTUAL_RTYPES, VIRTUAL_RTYPES
from cubicweb.server.sqlutils import SQL_PREFIX
-from cubicweb.server.session import security_enabled
def notify_fixed(fix):
if fix:
@@ -394,7 +393,7 @@
# yo, launch checks
if checks:
eids_cache = {}
- with security_enabled(session, read=False, write=False): # ensure no read security
+ with session.security_enabled(read=False, write=False): # ensure no read security
for check in checks:
check_func = globals()['check_%s' % check]
check_func(repo.schema, session, eids_cache, fix=fix)
--- a/server/hook.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/hook.py Fri Sep 14 14:15:39 2012 +0200
@@ -264,7 +264,6 @@
from cubicweb.cwvreg import CWRegistry, CWRegistryStore
from cubicweb.predicates import ExpectedValuePredicate, is_instance
from cubicweb.appobject import AppObject
-from cubicweb.server.session import security_enabled
ENTITIES_HOOKS = set(('before_add_entity', 'after_add_entity',
'before_update_entity', 'after_update_entity',
@@ -322,11 +321,11 @@
pruned = self.get_pruned_hooks(session, event,
entities, eids_from_to, kwargs)
# by default, hooks are executed with security turned off
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
for _kwargs in _iter_kwargs(entities, eids_from_to, kwargs):
hooks = sorted(self.filtered_possible_objects(pruned, session, **_kwargs),
key=lambda x: x.order)
- with security_enabled(session, write=False):
+ with session.security_enabled(write=False):
for hook in hooks:
hook()
--- a/server/querier.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/querier.py Fri Sep 14 14:15:39 2012 +0200
@@ -42,7 +42,6 @@
from cubicweb.server.rqlannotation import SQLGenAnnotator, set_qdata
from cubicweb.server.ssplanner import READ_ONLY_RTYPES, add_types_restriction
from cubicweb.server.edition import EditedEntity
-from cubicweb.server.session import security_enabled
ETYPE_PYOBJ_MAP[Binary] = 'Bytes'
@@ -262,7 +261,7 @@
cached = True
else:
noinvariant = set()
- with security_enabled(self.session, read=False):
+ with self.session.security_enabled(read=False):
self._insert_security(union, noinvariant)
if key is not None:
self.session.transaction_data[key] = (union, self.args)
--- a/server/repository.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/repository.py Fri Sep 14 14:15:39 2012 +0200
@@ -56,8 +56,7 @@
RepositoryError, UniqueTogetherError, typed_eid, onevent)
from cubicweb import cwvreg, schema, server
from cubicweb.server import ShuttingDown, utils, hook, pool, querier, sources
-from cubicweb.server.session import Session, InternalSession, InternalManager, \
- security_enabled
+from cubicweb.server.session import Session, InternalSession, InternalManager
from cubicweb.server.ssplanner import EditedEntity
NO_CACHE_RELATIONS = set( [('owned_by', 'object'),
@@ -109,12 +108,12 @@
# * we don't want read permissions to be applied but we want delete
# permission to be checked
if card[0] in '1?':
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
session.execute('DELETE X %s Y WHERE X eid %%(x)s, '
'NOT Y eid %%(y)s' % rtype,
{'x': eidfrom, 'y': eidto})
if card[1] in '1?':
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
session.execute('DELETE X %s Y WHERE Y eid %%(y)s, '
'NOT X eid %%(x)s' % rtype,
{'x': eidfrom, 'y': eidto})
@@ -1200,7 +1199,7 @@
source = self.sources_by_eid[scleanup]
# delete remaining relations: if user can delete the entity, he can
# delete all its relations without security checking
- with security_enabled(session, read=False, write=False):
+ with session.security_enabled(read=False, write=False):
eid = entity.eid
for rschema, _, role in entity.e_schema.relation_definitions():
rtype = rschema.type
@@ -1242,7 +1241,7 @@
source = self.sources_by_eid[scleanup]
# delete remaining relations: if user can delete the entity, he can
# delete all its relations without security checking
- with security_enabled(session, read=False, write=False):
+ with session.security_enabled(read=False, write=False):
in_eids = ','.join([str(_e.eid) for _e in entities])
for rschema, _, role in entities[0].e_schema.relation_definitions():
rtype = rschema.type
@@ -1355,7 +1354,7 @@
session.update_rel_cache_add(entity.eid, attr, value)
rdef = session.rtype_eids_rdef(attr, entity.eid, value)
if rdef.cardinality[1] in '1?' and activeintegrity:
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
session.execute('DELETE X %s Y WHERE Y eid %%(y)s' % attr,
{'x': entity.eid, 'y': value})
edited.set_defaults()
@@ -1541,7 +1540,7 @@
rdef = session.rtype_eids_rdef(rtype, subjeid, objeid)
card = rdef.cardinality
if card[0] in '?1':
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
session.execute('DELETE X %s Y WHERE X eid %%(x)s, '
'NOT Y eid %%(y)s' % rtype,
{'x': subjeid, 'y': objeid})
@@ -1552,7 +1551,7 @@
continue
subjects[subjeid] = len(relations_by_rtype[rtype]) - 1
if card[1] in '?1':
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
session.execute('DELETE X %s Y WHERE Y eid %%(y)s, '
'NOT X eid %%(x)s' % rtype,
{'x': subjeid, 'y': objeid})
--- a/server/session.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/session.py Fri Sep 14 14:15:39 2012 +0200
@@ -470,7 +470,7 @@
DEFAULT_SECURITY = object() # evaluated to true by design
- def security_enabled(self, read=False, write=False):
+ def security_enabled(self, read=None, write=None):
return security_enabled(self, read=read, write=write)
def init_security(self, read, write):
--- a/server/ssplanner.py Thu Sep 20 14:50:06 2012 +0200
+++ b/server/ssplanner.py Fri Sep 14 14:15:39 2012 +0200
@@ -1,4 +1,4 @@
-# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
#
# This file is part of CubicWeb.
@@ -27,7 +27,6 @@
from cubicweb import QueryError, typed_eid
from cubicweb.schema import VIRTUAL_RTYPES
from cubicweb.rqlrewrite import add_types_restriction
-from cubicweb.server.session import security_enabled
from cubicweb.server.edition import EditedEntity
READ_ONLY_RTYPES = set(('eid', 'has_text', 'is', 'is_instance_of', 'identity'))
@@ -87,7 +86,7 @@
# the generated select substep if not emited (eg nothing
# to be selected)
if checkread and eid not in neweids:
- with security_enabled(session, read=False):
+ with session.security_enabled(read=False):
eschema(session.describe(eid)[0]).check_perm(
session, 'read', eid=eid)
eidconsts[lhs.variable] = eid