author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Wed, 14 Apr 2010 17:31:41 +0200 | |
changeset 5250 | 1c0eb5f74fd4 |
parent 4759 | af2e6c377c71 |
child 5421 | 8167de96c523 |
permissions | -rw-r--r-- |
4243
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
1 |
"""some utilities to define schema permissions |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
2 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
3 |
:organization: Logilab |
4759 | 4 |
:copyright: 2008-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
4243
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
6 |
""" |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
7 |
__docformat__ = "restructuredtext en" |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
8 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
9 |
from rql.utils import quote |
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
10 |
from cubicweb.schema import RO_REL_PERMS, RO_ATTR_PERMS, \ |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
11 |
PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, \ |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
12 |
ERQLExpression, RRQLExpression |
4243
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
13 |
|
2502 | 14 |
# permissions for "meta" entity type (readable by anyone, can only be |
15 |
# added/deleted by managers) |
|
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
16 |
META_ETYPE_PERMS = PUB_SYSTEM_ENTITY_PERMS # XXX deprecates |
2502 | 17 |
# permissions for "meta" relation type (readable by anyone, can only be |
18 |
# added/deleted by managers) |
|
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
19 |
META_RTYPE_PERMS = PUB_SYSTEM_REL_PERMS # XXX deprecates |
2501
fa86d99c2c3a
test and fix wf history security
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2141
diff
changeset
|
20 |
# permissions for relation type that should only set by hooks using unsafe |
fa86d99c2c3a
test and fix wf history security
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2141
diff
changeset
|
21 |
# execute, readable by anyone |
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4243
diff
changeset
|
22 |
HOOKS_RTYPE_PERMS = RO_REL_PERMS # XXX deprecates |
4243
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
23 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
24 |
def _perm(names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
25 |
if isinstance(names, (list, tuple)): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
26 |
if len(names) == 1: |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
27 |
names = quote(names[0]) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
28 |
else: |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
29 |
names = 'IN (%s)' % (','.join(quote(name) for name in names)) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
30 |
else: |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
31 |
names = quote(names) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
32 |
#return u' require_permission P, P name %s, U in_group G, P require_group G' % names |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
33 |
return u' require_permission P, P name %s, U has_group_permission P' % names |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
34 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
35 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
36 |
def xperm(*names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
37 |
return 'X' + _perm(names) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
38 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
39 |
def xexpr(*names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
40 |
return ERQLExpression(xperm(*names)) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
41 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
42 |
def xrexpr(relation, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
43 |
return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names))) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
44 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
45 |
def xorexpr(relation, etype, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
46 |
return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names))) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
47 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
48 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
49 |
def sexpr(*names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
50 |
return RRQLExpression('S' + _perm(names), 'S') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
51 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
52 |
def restricted_sexpr(restriction, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
53 |
rql = '%s, %s' % (restriction, 'S' + _perm(names)) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
54 |
return RRQLExpression(rql, 'S') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
55 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
56 |
def restricted_oexpr(restriction, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
57 |
rql = '%s, %s' % (restriction, 'O' + _perm(names)) |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
58 |
return RRQLExpression(rql, 'O') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
59 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
60 |
def oexpr(*names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
61 |
return RRQLExpression('O' + _perm(names), 'O') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
62 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
63 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
64 |
# def supdate_perm(): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
65 |
# return RRQLExpression('U has_update_permission S', 'S') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
66 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
67 |
# def oupdate_perm(): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
68 |
# return RRQLExpression('U has_update_permission O', 'O') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
69 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
70 |
def relxperm(rel, role, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
71 |
assert role in ('subject', 'object') |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
72 |
if role == 'subject': |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
73 |
zxrel = ', X %s Z' % rel |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
74 |
else: |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
75 |
zxrel = ', Z %s X' % rel |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
76 |
return 'Z' + _perm(names) + zxrel |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
77 |
|
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
78 |
def relxexpr(rel, role, *names): |
2621de25d15a
backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2502
diff
changeset
|
79 |
return ERQLExpression(relxperm(rel, role, *names)) |