Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[security] use set_operation for relation permission checking operation stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 01 Jul 2010 09:23:39 +0200
branchstable
changeset 5848 b5640328ffad
parent 5847 51636c991fb4
child 5849 9db65b381028
child 5850 fabff2813ee4
[security] use set_operation for relation permission checking operation
hooks/security.py file | annotate | diff | comparison | revisions
server/hook.py file | annotate | diff | comparison | revisions 
--- a/hooks/security.py	Thu Jul 01 08:47:24 2010 +0200
+++ b/hooks/security.py	Thu Jul 01 09:23:39 2010 +0200
@@ -69,10 +69,12 @@
 
 class _CheckRelationPermissionOp(hook.LateOperation):
     def precommit_event(self):
-        rdef = self.rschema.rdef(self.session.describe(self.eidfrom)[0],
-                                 self.session.describe(self.eidto)[0])
-        rdef.check_perm(self.session, self.action,
-                        fromeid=self.eidfrom, toeid=self.eidto)
+        session = self.session
+        for args in session.transaction_data.pop('check_relation_perm_op'):
+            action, rschema, eidfrom, eidto = args
+            rdef = rschema.rdef(session.describe(eidfrom)[0],
+                                session.describe(eidto)[0])
+            rdef.check_perm(session, action, fromeid=eidfrom, toeid=eidto)
 
     def commit_event(self):
         pass
@@ -154,10 +156,9 @@
                 return
             rschema = self._cw.repo.schema[self.rtype]
             if self.rtype in ON_COMMIT_ADD_RELATIONS:
-                _CheckRelationPermissionOp(self._cw, action='add',
-                                           rschema=rschema,
-                                           eidfrom=self.eidfrom,
-                                           eidto=self.eidto)
+                hook.set_operation(self._cw, 'check_relation_perm_op',
+                                   ('add', rschema, self.eidfrom, self.eidto),
+                                   _CheckRelationPermissionOp)
             else:
                 rdef = rschema.rdef(self._cw.describe(self.eidfrom)[0],
                                     self._cw.describe(self.eidto)[0])
--- a/server/hook.py	Thu Jul 01 08:47:24 2010 +0200
+++ b/server/hook.py	Thu Jul 01 09:23:39 2010 +0200
@@ -46,8 +46,8 @@
 `timestamp` attributes, but *their `_cw` attribute is None*.
 
 Session hooks (eg session_open, session_close) have no special attribute.
+"""
 
-"""
 from __future__ import with_statement
 
 __docformat__ = "restructuredtext en"
cubicweb