Disable security hooks for internal sessions
Fixes semantic change introduced in 96dba2efd16d where internal sessions
started to check attribute permissions.
Closes #3444095
--- a/server/session.py Wed Jan 15 18:20:25 2014 +0100
+++ b/server/session.py Thu Jan 16 12:21:05 2014 +0100
@@ -1437,7 +1437,8 @@
self.user._cw = self # XXX remove when "vreg = user._cw.vreg" hack in entity.py is gone
if not safe:
self.disable_hook_categories('integrity')
- self._tx.ctx_count += 1
+ self.disable_hook_categories('security')
+ self._tx.ctx_count += 1
def __enter__(self):
return self
--- a/server/test/unittest_session.py Wed Jan 15 18:20:25 2014 +0100
+++ b/server/test/unittest_session.py Thu Jan 16 12:21:05 2014 +0100
@@ -28,11 +28,11 @@
def test_integrity_hooks(self):
with self.repo.internal_session() as session:
self.assertEqual(HOOKS_ALLOW_ALL, session.hooks_mode)
- self.assertEqual(set(('integrity',)), session.disabled_hook_categories)
+ self.assertEqual(set(('integrity', 'security')), session.disabled_hook_categories)
self.assertEqual(set(), session.enabled_hook_categories)
session.commit()
self.assertEqual(HOOKS_ALLOW_ALL, session.hooks_mode)
- self.assertEqual(set(('integrity',)), session.disabled_hook_categories)
+ self.assertEqual(set(('integrity', 'security')), session.disabled_hook_categories)
self.assertEqual(set(), session.enabled_hook_categories)
class SessionTC(CubicWebTC):