Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix cardinality integrity and security when setting use_email/primary_email 3.5
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Wed, 16 Sep 2009 16:35:24 +0200
branch3.5
changeset 3248 db09803df8b2
parent 3247 a6243d9585ba
child 3249 280080eadb22
fix cardinality integrity and security when setting use_email/primary_email
sobjects/email.py file | annotate | diff | comparison | revisions 
--- a/sobjects/email.py	Wed Sep 16 16:34:34 2009 +0200
+++ b/sobjects/email.py	Wed Sep 16 16:35:24 2009 +0200
@@ -9,6 +9,7 @@
 
 from cubicweb.server.hooksmanager import Hook
 from cubicweb.server.pool import PreCommitOperation
+from cubicweb.server.repository import ensure_card_respected
 
 class SetUseEmailRelationOp(PreCommitOperation):
     """delay this operation to commit to avoid conflict with a late rql query
@@ -26,6 +27,11 @@
     def precommit_event(self):
         session = self.session
         if self.condition():
+            # we've to handle cardinaly by ourselves since we're using unsafe_execute
+            # but use session.execute and not session.unsafe_execute to check we
+            # can change the relation
+            ensure_card_respected(session.execute, session,
+                                  self.fromeid, self.rtype, self.toeid)
             session.unsafe_execute(
                 'SET X %s Y WHERE X eid %%(x)s, Y eid %%(y)s' % self.rtype,
                 {'x': self.fromeid, 'y': self.toeid}, 'x')
cubicweb