[security] consider any rql expression refering to X while X is being created as satisfied
--- a/schema.py Wed Jun 09 14:31:12 2010 +0200
+++ b/schema.py Wed Jun 09 14:44:45 2010 +0200
@@ -845,11 +845,9 @@
except KeyError:
pass
rql, has_perm_defs, keyarg = self.transform_has_permission()
- if creating:
- # when creating an entity, consider has_*_permission satisfied
- if has_perm_defs:
- return True
- return False
+ # when creating an entity, expression related to X satisfied
+ if creating and 'X' in self.rqlst.defined_vars:
+ return True
if keyarg is None:
kwargs.setdefault('u', session.user.eid)
try: