Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[schema/optimization] Ensure read permissions are deactivated when we're checking a permission
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Fri, 18 Nov 2016 18:19:10 +0100
changeset 11873 8758b42d6c72
parent 11872 a997e5451737
child 11874 ea1d92b677b5
[schema/optimization] Ensure read permissions are deactivated when we're checking a permission When called from a web request, since we *are* checking some permission, read permissions don't have to be introduced in this query. We may avoid that since there now more any differences between web and repo connections, so let's do it.
cubicweb/schema.py file | annotate | diff | comparison | revisions 
--- a/cubicweb/schema.py	Fri Nov 18 18:16:21 2016 +0100
+++ b/cubicweb/schema.py	Fri Nov 18 18:19:10 2016 +0100
@@ -348,7 +348,9 @@
         if keyarg is None:
             kwargs.setdefault('u', _cw.user.eid)
             try:
-                rset = _cw.execute(rql, kwargs, build_descr=True)
+                # ensure security is disabled
+                with getattr(_cw, 'cnx', _cw).security_enabled(read=False):
+                    rset = _cw.execute(rql, kwargs, build_descr=True)
             except NotImplementedError:
                 self.critical('cant check rql expression, unsupported rql %s', rql)
                 if self.eid is not None:
cubicweb