cubicweb: changeset 4990:3bf481cf51cb

summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help

--- a/entity.py	Wed Mar 24 11:15:57 2010 +0100
+++ b/entity.py	Wed Mar 24 13:40:53 2010 +0100
@@ -249,7 +249,10 @@
             self.eid = value
         else:
             super(Entity, self).__setitem__(attr, value)
-            if hasattr(self, 'edited_attributes'):
+            # don't add attribute into skip_security if already in edited
+            # attributes, else we may accidentaly skip a desired security check
+            if hasattr(self, 'edited_attributes') and \
+                   attr not in self.edited_attributes:
                 self.edited_attributes.add(attr)
                 self.skip_security_attributes.add(attr)
 
@@ -276,7 +279,10 @@
     def setdefault(self, attr, default):
         """override setdefault to update self.edited_attributes"""
         super(Entity, self).setdefault(attr, default)
-        if hasattr(self, 'edited_attributes'):
+        # don't add attribute into skip_security if already in edited
+        # attributes, else we may accidentaly skip a desired security check
+        if hasattr(self, 'edited_attributes') and \
+               attr not in self.edited_attributes:
             self.edited_attributes.add(attr)
             self.skip_security_attributes.add(attr)

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Wed, 24 Mar 2010 13:40:53 +0100
branch	stable
changeset 4990	3bf481cf51cb
parent 4989	0e6dca27422c
child 4991	16f0cec3d008