Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
disable security when undoing
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 18 Mar 2010 17:17:50 +0100
changeset 4943 7f5b83578fec
parent 4940 3143a1258d62
child 4944 65533aee8d0a
disable security when undoing
server/sources/native.py file | annotate | diff | comparison | revisions 
--- a/server/sources/native.py	Thu Mar 18 17:14:01 2010 +0100
+++ b/server/sources/native.py	Thu Mar 18 17:17:50 2010 +0100
@@ -35,7 +35,7 @@
 from cubicweb.server.utils import crypt_password
 from cubicweb.server.sqlutils import SQL_PREFIX, SQLAdapterMixIn
 from cubicweb.server.rqlannotation import set_qdata
-from cubicweb.server.session import hooks_control
+from cubicweb.server.session import hooks_control, security_enabled
 from cubicweb.server.sources import AbstractSource, dbg_st_search, dbg_results
 from cubicweb.server.sources.rql2sql import SQLGenerator
 
@@ -752,9 +752,10 @@
         session.mode = 'write'
         errors = []
         with hooks_control(session, session.HOOKS_DENY_ALL, 'integrity'):
-            for action in reversed(self.tx_actions(session, txuuid, False)):
-                undomethod = getattr(self, '_undo_%s' % action.action.lower())
-                errors += undomethod(session, action)
+            with security_enabled(session, read=False):
+                for action in reversed(self.tx_actions(session, txuuid, False)):
+                    undomethod = getattr(self, '_undo_%s' % action.action.lower())
+                    errors += undomethod(session, action)
         # remove the transactions record
         self.doexec(session,
                     "DELETE FROM transactions WHERE tx_uuid='%s'" % txuuid)
cubicweb