[wip] Implements security_ctx as permanent rql args

This approach to security_ctx inject the security_ctx variables directly into the rql args just before executing the request.

The big advantage of this approach is its simplicity.

Related to #4919855

authorChristophe de Vienne <christophe@unlish.com>
changeset49f4689f5878
branchdefault
phasedraft
hiddenyes
parent revision#a0a11be5a9cb [schema] set permissions that do not allow edition on computed relation. Closes #4903918
child revision<not specified>
files modified by this revision
server/querier.py
server/session.py
# HG changeset patch
# User Christophe de Vienne <christophe@unlish.com>
# Date 1424081263 -3600
# Mon Feb 16 11:07:43 2015 +0100
# Node ID 49f4689f5878f1198b37ae5487ce716996a2265c
# Parent a0a11be5a9cb982e2d95eceb33ee043c5cc336ee
[wip] Implements security_ctx as permanent rql args

This approach to security_ctx inject the security_ctx variables directly into
the rql args just before executing the request.

The big advantage of this approach is its simplicity.

Related to #4919855

diff --git a/server/querier.py b/server/querier.py
@@ -536,11 +536,24 @@
1          'Any X WHERE X eid 123'!)
2          """
3          if server.DEBUG & (server.DBG_RQL | server.DBG_SQL):
4              if server.DEBUG & (server.DBG_MORE | server.DBG_SQL):
5                  print '*'*80
6 -            print 'querier input', repr(rql), repr(args)
7 +            print (
8 +                'querier input', repr(rql), repr(args), repr(cnx.security_ctx))
9 +        # inject the security context in the args
10 +        if args is not None:
11 +            for key in args:
12 +                if key.starts_with('ctx_'):
13 +                    raise ValueError('Security context variables cannot be '
14 +                                     'passed as regular arguments.')
15 +        if cnx.security_ctx:
16 +            if args is None:
17 +                args = {}
18 +            args.update({
19 +                'ctx_' + k: v for k, v in cnx.security_ctx.items()})
20 +
21          # parse the query and binds variables
22          cachekey = (rql,)
23          try:
24              if args:
25                  # search for named args in query which are eids (hence
diff --git a/server/session.py b/server/session.py
@@ -501,10 +501,11 @@
26 
27 
28          ### security control attributes
29          self._read_security = DEFAULT_SECURITY # handled by a property
30          self.write_security = DEFAULT_SECURITY
31 +        self.security_ctx = {}
32 
33          # undo control
34          config = session.repo.config
35          if config.creating or config.repairing or session.is_internal_session:
36              self.undo_actions = False