--- a/common/entity.py Tue Jan 27 13:05:38 2009 +0100
+++ b/common/entity.py Tue Jan 27 13:58:17 2009 +0100
@@ -391,6 +391,10 @@
res['source'] = self.req.source_defs()[res['source']]
return res
+ def clear_local_perm_cache(self, action):
+ for rqlexpr in self.e_schema.get_rqlexprs(action):
+ self.req.local_perm_cache.pop((rqlexpr.eid, (('x', self.eid),)), None)
+
def check_perm(self, action):
self.e_schema.check_perm(self.req, action, self.eid)
--- a/server/securityhooks.py Tue Jan 27 13:05:38 2009 +0100
+++ b/server/securityhooks.py Tue Jan 27 13:58:17 2009 +0100
@@ -54,6 +54,7 @@
entity.check_perm('update')
check_entity_attributes(session, entity)
except Unauthorized:
+ entity.clear_local_perm_cache('update')
CheckEntityPermissionOp(session, entity=entity, action='update')
def before_del_entity(session, eid):