[hooks/security] let's use a connection, not a session
authorJulien Cristau <julien.cristau@logilab.fr>
Tue, 01 Apr 2014 16:28:12 +0200
changeset 9612 24460d4d64bf
parent 9611 ca853478aaa8
child 9613 45370ea9f495
[hooks/security] let's use a connection, not a session
hooks/security.py
--- a/hooks/security.py	Tue Apr 01 16:17:03 2014 +0200
+++ b/hooks/security.py	Tue Apr 01 16:28:12 2014 +0200
@@ -16,7 +16,7 @@
 # You should have received a copy of the GNU Lesser General Public License along
 # with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
 """Security hooks: check permissions to add/delete/update entities according to
-the user connected to a session
+the connected user
 """
 
 __docformat__ = "restructuredtext en"
@@ -31,7 +31,7 @@
 
 
 
-def check_entity_attributes(session, entity, action, editedattrs=None):
+def check_entity_attributes(cnx, entity, action, editedattrs=None):
     eid = entity.eid
     eschema = entity.e_schema
     # ._cw_skip_security_attributes is there to bypass security for attributes
@@ -63,25 +63,25 @@
                 # That means an immutable attribute; as an optimization, avoid
                 # going through check_perm.
                 raise Unauthorized(action, str(rdef))
-            rdef.check_perm(session, action, eid=eid)
+            rdef.check_perm(cnx, action, eid=eid)
 
 
 class CheckEntityPermissionOp(hook.DataOperationMixIn, hook.LateOperation):
     def precommit_event(self):
-        session = self.session
+        cnx = self.cnx
         for eid, action, edited in self.get_data():
-            entity = session.entity_from_eid(eid)
+            entity = cnx.entity_from_eid(eid)
             entity.cw_check_perm(action)
-            check_entity_attributes(session, entity, action, edited)
+            check_entity_attributes(cnx, entity, action, edited)
 
 
 class CheckRelationPermissionOp(hook.DataOperationMixIn, hook.LateOperation):
     def precommit_event(self):
-        session = self.session
+        cnx = self.cnx
         for action, rschema, eidfrom, eidto in self.get_data():
-            rdef = rschema.rdef(session.entity_metas(eidfrom)['type'],
-                                session.entity_metas(eidto)['type'])
-            rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto)
+            rdef = rschema.rdef(cnx.entity_metas(eidfrom)['type'],
+                                cnx.entity_metas(eidto)['type'])
+            rdef.check_perm(cnx, action, fromeid=eidfrom, toeid=eidto)
 
 
 @objectify_predicate