Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add note about running repository / client code stable
authorSylvain Thénault <sylvain.thenault@logilab.fr>
Tue, 06 Apr 2010 10:10:47 +0200
branchstable
changeset 5146 fe56baf63ecb
parent 5145 bfa4d775219f
child 5147 70181998897f
add note about running repository / client code
doc/book/en/intro/concepts/index.rst file | annotate | diff | comparison | revisions 
--- a/doc/book/en/intro/concepts/index.rst	Mon Apr 05 09:06:16 2010 +0200
+++ b/doc/book/en/intro/concepts/index.rst	Tue Apr 06 10:10:47 2010 +0200
@@ -95,11 +95,15 @@
 It is common to run the web engine and the repository in the same process (see
 instances of type all-in-one above), but this is not a requirement. A repository
 can be set up to be accessed remotely using Pyro (`Python Remote Objects`_) and
-act as a server.
+act as a server. However, it's important to know if code you're writing is
+executed on the repository side, on our client side (the web engine being a
+client for instance): you don't have the same abilities on both side. On the
+repository side, you can for instance by-pass security checks, which isn't
+possible from client code.
 
 Some logic can be attached to events that happen in the repository, like
 creation of entities, deletion of relations, etc. This is used for example to
-send email notifications when the state of an object changes. See `Hooks` below.
+send email notifications when the state of an object changes. See :ref:`HookIntro` below.
 
 .. [1] not to be confused with a Mercurial repository or a Debian repository.
 .. _`Python Remote Objects`: http://pyro.sourceforge.net/
@@ -248,7 +252,7 @@
 
 The repository exposes a `db-api`_ like api but using the RQL instead of SQL.
 
-You basically get a connection using :ref:`cubicweb.dbapi.connect` , then
+You basically get a connection using :func:`cubicweb.dbapi.connect` , then
 get a cursor to call its `execute` method which will return result set for the
 given rql query.
 
@@ -322,7 +326,8 @@
 
 Hooks are also application objects registered on events such as after/before
 add/update/delete on entities/relations, server startup or shutdown, etc. As all
-appobjects, they have a selector defining when they should be called or not.
+application objects, they have a selector defining when they should be called or
+not.
 
 `Operations` may be instantiated by hooks to do further processing at different
 steps of the transaction's commit / rollback, which usually can not be done
@@ -331,5 +336,8 @@
 Hooks and operation are an essential building block of any moderately complicated
 cubicweb application.
 
-
+.. Note:
+   RQL queries executed in hooks and operations are *unsafe* by default, e.g. the
+   read and write security is deactivated unless explicitly asked.
+  
 .. |cubicweb| replace:: *CubicWeb*
cubicweb