author | sylvain.thenault@logilab.fr |
Wed, 15 Apr 2009 17:23:48 +0200 | |
branch | tls-sprint |
changeset 1365 | 39a3bc7899d5 |
parent 1303 | 62be4ece4552 |
child 1398 | 5fe84a5f7035 |
permissions | -rw-r--r-- |
0 | 1 |
"""core CubicWeb schema, but not necessary at bootstrap time |
2 |
||
3 |
:organization: Logilab |
|
1303 | 4 |
:copyright: 2001-2009 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
0 | 5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
6 |
""" |
|
7 |
__docformat__ = "restructuredtext en" |
|
8 |
||
9 |
from cubicweb.schema import format_constraint |
|
10 |
||
11 |
||
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
12 |
class EUser(WorkflowableEntityType): |
0 | 13 |
"""define a CubicWeb user""" |
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
14 |
meta = True # XXX backported from old times, shouldn't be there anymore |
0 | 15 |
permissions = { |
16 |
'read': ('managers', 'users', ERQLExpression('X identity U')), |
|
17 |
'add': ('managers',), |
|
18 |
'delete': ('managers',), |
|
19 |
'update': ('managers', ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),), |
|
20 |
} |
|
21 |
||
22 |
login = String(required=True, unique=True, maxsize=64, |
|
23 |
description=_('unique identifier used to connect to the application')) |
|
24 |
upassword = Password(required=True) # password is a reserved word for mysql |
|
25 |
firstname = String(maxsize=64) |
|
26 |
surname = String(maxsize=64) |
|
27 |
last_login_time = Datetime(description=_('last connection date')) |
|
28 |
# allowing an email to be the primary email of multiple entities is necessary for |
|
29 |
# test at least :-/ |
|
30 |
primary_email = SubjectRelation('EmailAddress', cardinality='??', |
|
31 |
description=_('email address to use for notification')) |
|
32 |
use_email = SubjectRelation('EmailAddress', cardinality='*?', composite='subject') |
|
33 |
||
34 |
in_group = SubjectRelation('EGroup', cardinality='+*', |
|
35 |
constraints=[RQLConstraint('NOT O name "owners"')], |
|
36 |
description=_('groups grant permissions to the user')) |
|
37 |
||
38 |
||
39 |
class EmailAddress(MetaEntityType): |
|
40 |
"""an electronic mail address associated to a short alias""" |
|
41 |
permissions = { |
|
42 |
'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P |
|
43 |
'add': ('managers', 'users',), |
|
44 |
'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
|
45 |
'update': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
|
46 |
} |
|
47 |
||
48 |
alias = String(fulltextindexed=True, maxsize=56) |
|
49 |
address = String(required=True, fulltextindexed=True, |
|
50 |
indexed=True, unique=True, maxsize=128) |
|
51 |
canonical = Boolean(default=False, |
|
52 |
description=_('when multiple addresses are equivalent \ |
|
53 |
(such as python-projects@logilab.org and python-projects@lists.logilab.org), set this \ |
|
54 |
to true on one of them which is the preferred form.')) |
|
55 |
identical_to = SubjectRelation('EmailAddress') |
|
56 |
||
57 |
class use_email(RelationType): |
|
58 |
"""""" |
|
59 |
permissions = { |
|
60 |
'read': ('managers', 'users', 'guests',), |
|
61 |
'add': ('managers', RRQLExpression('U has_update_permission S'),), |
|
62 |
'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
|
63 |
} |
|
64 |
fulltext_container = 'subject' |
|
65 |
||
66 |
class primary_email(RelationType): |
|
67 |
"""the prefered email""" |
|
68 |
permissions = use_email.permissions |
|
69 |
||
70 |
class identical_to(RelationType): |
|
71 |
"""identical_to""" |
|
72 |
symetric = True |
|
73 |
permissions = { |
|
74 |
'read': ('managers', 'users', 'guests',), |
|
75 |
# XXX should have update permissions on both subject and object, |
|
76 |
# though by doing this we will probably have no way to add |
|
77 |
# this relation in the web ui. The easiest way to acheive this |
|
78 |
# is probably to be able to have "U has_update_permission O" as |
|
79 |
# RQLConstraint of the relation definition, though this is not yet |
|
80 |
# possible |
|
81 |
'add': ('managers', RRQLExpression('U has_update_permission S'),), |
|
82 |
'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
|
83 |
} |
|
84 |
||
85 |
class in_group(MetaRelationType): |
|
86 |
"""core relation indicating a user's groups""" |
|
87 |
meta = False |
|
88 |
||
89 |
class owned_by(MetaRelationType): |
|
90 |
"""core relation indicating owners of an entity. This relation |
|
91 |
implicitly put the owner into the owners group for the entity |
|
92 |
""" |
|
93 |
permissions = { |
|
94 |
'read': ('managers', 'users', 'guests'), |
|
95 |
'add': ('managers', RRQLExpression('S owned_by U'),), |
|
96 |
'delete': ('managers', RRQLExpression('S owned_by U'),), |
|
97 |
} |
|
98 |
# 0..n cardinality for entities created by internal session (no attached user) |
|
99 |
# and to support later deletion of a user which has created some entities |
|
100 |
cardinality = '**' |
|
101 |
subject = '**' |
|
102 |
object = 'EUser' |
|
103 |
||
104 |
class created_by(MetaRelationType): |
|
105 |
"""core relation indicating the original creator of an entity""" |
|
106 |
permissions = { |
|
107 |
'read': ('managers', 'users', 'guests'), |
|
108 |
'add': ('managers',), |
|
109 |
'delete': ('managers',), |
|
110 |
} |
|
111 |
# 0..1 cardinality for entities created by internal session (no attached user) |
|
112 |
# and to support later deletion of a user which has created some entities |
|
113 |
cardinality = '?*' |
|
114 |
subject = '**' |
|
115 |
object = 'EUser' |
|
116 |
||
117 |
||
118 |
class creation_date(MetaAttributeRelationType): |
|
119 |
"""creation time of an entity""" |
|
120 |
cardinality = '11' |
|
121 |
subject = '**' |
|
122 |
object = 'Datetime' |
|
123 |
||
124 |
class modification_date(MetaAttributeRelationType): |
|
125 |
"""latest modification time of an entity""" |
|
126 |
cardinality = '11' |
|
127 |
subject = '**' |
|
128 |
object = 'Datetime' |
|
129 |
||
130 |
class EProperty(EntityType): |
|
131 |
"""used for cubicweb configuration. Once a property has been created you |
|
132 |
can't change the key. |
|
133 |
""" |
|
134 |
permissions = { |
|
135 |
'read': ('managers', 'users', 'guests'), |
|
136 |
'add': ('managers', 'users',), |
|
137 |
'update': ('managers', 'owners',), |
|
138 |
'delete': ('managers', 'owners',), |
|
139 |
} |
|
140 |
meta = True |
|
141 |
# key is a reserved word for mysql |
|
142 |
pkey = String(required=True, internationalizable=True, maxsize=256, |
|
143 |
description=_('defines what\'s the property is applied for. ' |
|
144 |
'You must select this first to be able to set ' |
|
145 |
'value')) |
|
146 |
value = String(internationalizable=True, maxsize=256) |
|
147 |
||
148 |
for_user = SubjectRelation('EUser', cardinality='?*', composite='object', |
|
149 |
description=_('user for which this property is ' |
|
150 |
'applying. If this relation is not ' |
|
151 |
'set, the property is considered as' |
|
152 |
' a global property')) |
|
153 |
||
154 |
||
155 |
class for_user(MetaRelationType): |
|
156 |
"""link a property to the user which want this property customization. Unless |
|
157 |
you're a site manager, this relation will be handled automatically. |
|
158 |
""" |
|
159 |
permissions = { |
|
160 |
'read': ('managers', 'users', 'guests'), |
|
161 |
'add': ('managers',), |
|
162 |
'delete': ('managers',), |
|
163 |
} |
|
164 |
inlined = True |
|
165 |
||
166 |
||
167 |
class EPermission(MetaEntityType): |
|
168 |
"""entity type that may be used to construct some advanced security configuration |
|
169 |
""" |
|
170 |
name = String(required=True, indexed=True, internationalizable=True, maxsize=100, |
|
171 |
description=_('name or identifier of the permission')) |
|
172 |
label = String(required=True, internationalizable=True, maxsize=100, |
|
173 |
description=_('distinct label to distinguate between other permission entity of the same name')) |
|
174 |
require_group = SubjectRelation('EGroup', |
|
175 |
description=_('groups to which the permission is granted')) |
|
176 |
||
177 |
# explicitly add X require_permission EPermission for each entity that should have |
|
178 |
# configurable security |
|
179 |
class require_permission(RelationType): |
|
180 |
"""link a permission to the entity. This permission should be used in the |
|
181 |
security definition of the entity's type to be useful. |
|
182 |
""" |
|
183 |
permissions = { |
|
184 |
'read': ('managers', 'users', 'guests'), |
|
185 |
'add': ('managers',), |
|
186 |
'delete': ('managers',), |
|
187 |
} |
|
188 |
||
189 |
class require_group(MetaRelationType): |
|
190 |
"""used to grant a permission to a group""" |
|
191 |
permissions = { |
|
192 |
'read': ('managers', 'users', 'guests'), |
|
193 |
'add': ('managers',), |
|
194 |
'delete': ('managers',), |
|
195 |
} |
|
196 |
||
197 |
||
198 |
class see_also(RelationType): |
|
199 |
"""generic relation to link one entity to another""" |
|
200 |
symetric = True |
|
201 |
||
59
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
202 |
class ECache(MetaEntityType): |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
203 |
"""a simple cache entity characterized by a name and |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
204 |
a validity date. |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
205 |
|
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
206 |
The target application is responsible for updating timestamp |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
207 |
when necessary to invalidate the cache (typically in hooks). |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
208 |
|
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
209 |
Also, checkout the AppRsetObject.get_cache() method. |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
210 |
""" |
6
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
211 |
permissions = { |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
212 |
'read': ('managers', 'users', 'guests'), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
213 |
'add': ('managers',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
214 |
'update': ('managers', 'users',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
215 |
'delete': ('managers',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
216 |
} |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
217 |
|
0 | 218 |
name = String(required=True, unique=True, indexed=True, |
219 |
description=_('name of the cache')) |
|
220 |
timestamp = Datetime(default='NOW') |