author | Adrien Di Mascio <Adrien.DiMascio@logilab.fr> |
Mon, 16 Feb 2009 14:08:16 +0100 | |
branch | tls-sprint |
changeset 628 | 3a6f28a1ea21 |
parent 627 | 36ade1128af7 |
child 629 | 59b6542f5729 |
permissions | -rw-r--r-- |
0 | 1 |
"""core CubicWeb schema, but not necessary at bootstrap time |
2 |
||
3 |
:organization: Logilab |
|
4 |
:copyright: 2001-2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
6 |
""" |
|
7 |
__docformat__ = "restructuredtext en" |
|
8 |
||
9 |
from cubicweb.schema import format_constraint |
|
10 |
||
11 |
||
12 |
class EUser(RestrictedEntityType): |
|
13 |
"""define a CubicWeb user""" |
|
14 |
permissions = { |
|
15 |
'read': ('managers', 'users', ERQLExpression('X identity U')), |
|
16 |
'add': ('managers',), |
|
17 |
'delete': ('managers',), |
|
18 |
'update': ('managers', ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),), |
|
19 |
} |
|
20 |
||
21 |
login = String(required=True, unique=True, maxsize=64, |
|
22 |
description=_('unique identifier used to connect to the application')) |
|
23 |
upassword = Password(required=True) # password is a reserved word for mysql |
|
24 |
firstname = String(maxsize=64) |
|
25 |
surname = String(maxsize=64) |
|
26 |
last_login_time = Datetime(description=_('last connection date')) |
|
27 |
# allowing an email to be the primary email of multiple entities is necessary for |
|
28 |
# test at least :-/ |
|
29 |
primary_email = SubjectRelation('EmailAddress', cardinality='??', |
|
30 |
description=_('email address to use for notification')) |
|
31 |
use_email = SubjectRelation('EmailAddress', cardinality='*?', composite='subject') |
|
32 |
||
33 |
in_group = SubjectRelation('EGroup', cardinality='+*', |
|
34 |
constraints=[RQLConstraint('NOT O name "owners"')], |
|
35 |
description=_('groups grant permissions to the user')) |
|
36 |
in_state = SubjectRelation('State', cardinality='1*', |
|
37 |
# XXX automatize this |
|
38 |
constraints=[RQLConstraint('S is ET, O state_of ET')], |
|
39 |
description=_('account state')) |
|
40 |
wf_info_for = ObjectRelation('TrInfo', cardinality='1*', composite='object') |
|
41 |
||
42 |
||
43 |
class EmailAddress(MetaEntityType): |
|
44 |
"""an electronic mail address associated to a short alias""" |
|
45 |
permissions = { |
|
46 |
'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P |
|
47 |
'add': ('managers', 'users',), |
|
48 |
'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
|
49 |
'update': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
|
50 |
} |
|
51 |
||
52 |
alias = String(fulltextindexed=True, maxsize=56) |
|
53 |
address = String(required=True, fulltextindexed=True, |
|
54 |
indexed=True, unique=True, maxsize=128) |
|
55 |
canonical = Boolean(default=False, |
|
56 |
description=_('when multiple addresses are equivalent \ |
|
57 |
(such as python-projects@logilab.org and python-projects@lists.logilab.org), set this \ |
|
58 |
to true on one of them which is the preferred form.')) |
|
59 |
identical_to = SubjectRelation('EmailAddress') |
|
60 |
||
61 |
class use_email(RelationType): |
|
62 |
"""""" |
|
63 |
permissions = { |
|
64 |
'read': ('managers', 'users', 'guests',), |
|
65 |
'add': ('managers', RRQLExpression('U has_update_permission S'),), |
|
66 |
'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
|
67 |
} |
|
68 |
fulltext_container = 'subject' |
|
69 |
||
70 |
class primary_email(RelationType): |
|
71 |
"""the prefered email""" |
|
72 |
permissions = use_email.permissions |
|
73 |
||
74 |
class identical_to(RelationType): |
|
75 |
"""identical_to""" |
|
76 |
symetric = True |
|
77 |
permissions = { |
|
78 |
'read': ('managers', 'users', 'guests',), |
|
79 |
# XXX should have update permissions on both subject and object, |
|
80 |
# though by doing this we will probably have no way to add |
|
81 |
# this relation in the web ui. The easiest way to acheive this |
|
82 |
# is probably to be able to have "U has_update_permission O" as |
|
83 |
# RQLConstraint of the relation definition, though this is not yet |
|
84 |
# possible |
|
85 |
'add': ('managers', RRQLExpression('U has_update_permission S'),), |
|
86 |
'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
|
87 |
} |
|
88 |
||
89 |
class in_group(MetaRelationType): |
|
90 |
"""core relation indicating a user's groups""" |
|
91 |
meta = False |
|
92 |
||
93 |
class owned_by(MetaRelationType): |
|
94 |
"""core relation indicating owners of an entity. This relation |
|
95 |
implicitly put the owner into the owners group for the entity |
|
96 |
""" |
|
97 |
permissions = { |
|
98 |
'read': ('managers', 'users', 'guests'), |
|
99 |
'add': ('managers', RRQLExpression('S owned_by U'),), |
|
100 |
'delete': ('managers', RRQLExpression('S owned_by U'),), |
|
101 |
} |
|
102 |
# 0..n cardinality for entities created by internal session (no attached user) |
|
103 |
# and to support later deletion of a user which has created some entities |
|
104 |
cardinality = '**' |
|
105 |
subject = '**' |
|
106 |
object = 'EUser' |
|
107 |
||
108 |
class created_by(MetaRelationType): |
|
109 |
"""core relation indicating the original creator of an entity""" |
|
110 |
permissions = { |
|
111 |
'read': ('managers', 'users', 'guests'), |
|
112 |
'add': ('managers',), |
|
113 |
'delete': ('managers',), |
|
114 |
} |
|
115 |
# 0..1 cardinality for entities created by internal session (no attached user) |
|
116 |
# and to support later deletion of a user which has created some entities |
|
117 |
cardinality = '?*' |
|
118 |
subject = '**' |
|
119 |
object = 'EUser' |
|
120 |
||
121 |
||
122 |
class creation_date(MetaAttributeRelationType): |
|
123 |
"""creation time of an entity""" |
|
124 |
cardinality = '11' |
|
125 |
subject = '**' |
|
126 |
object = 'Datetime' |
|
127 |
||
128 |
class modification_date(MetaAttributeRelationType): |
|
129 |
"""latest modification time of an entity""" |
|
130 |
cardinality = '11' |
|
131 |
subject = '**' |
|
132 |
object = 'Datetime' |
|
133 |
||
134 |
class EProperty(EntityType): |
|
135 |
"""used for cubicweb configuration. Once a property has been created you |
|
136 |
can't change the key. |
|
137 |
""" |
|
138 |
permissions = { |
|
139 |
'read': ('managers', 'users', 'guests'), |
|
140 |
'add': ('managers', 'users',), |
|
141 |
'update': ('managers', 'owners',), |
|
142 |
'delete': ('managers', 'owners',), |
|
143 |
} |
|
144 |
meta = True |
|
145 |
# key is a reserved word for mysql |
|
146 |
pkey = String(required=True, internationalizable=True, maxsize=256, |
|
147 |
description=_('defines what\'s the property is applied for. ' |
|
148 |
'You must select this first to be able to set ' |
|
149 |
'value')) |
|
150 |
value = String(internationalizable=True, maxsize=256) |
|
151 |
||
152 |
for_user = SubjectRelation('EUser', cardinality='?*', composite='object', |
|
153 |
description=_('user for which this property is ' |
|
154 |
'applying. If this relation is not ' |
|
155 |
'set, the property is considered as' |
|
156 |
' a global property')) |
|
157 |
||
158 |
||
159 |
class for_user(MetaRelationType): |
|
160 |
"""link a property to the user which want this property customization. Unless |
|
161 |
you're a site manager, this relation will be handled automatically. |
|
162 |
""" |
|
163 |
permissions = { |
|
164 |
'read': ('managers', 'users', 'guests'), |
|
165 |
'add': ('managers',), |
|
166 |
'delete': ('managers',), |
|
167 |
} |
|
168 |
inlined = True |
|
169 |
||
170 |
||
171 |
class EPermission(MetaEntityType): |
|
172 |
"""entity type that may be used to construct some advanced security configuration |
|
173 |
""" |
|
174 |
name = String(required=True, indexed=True, internationalizable=True, maxsize=100, |
|
175 |
description=_('name or identifier of the permission')) |
|
176 |
label = String(required=True, internationalizable=True, maxsize=100, |
|
177 |
description=_('distinct label to distinguate between other permission entity of the same name')) |
|
178 |
require_group = SubjectRelation('EGroup', |
|
179 |
description=_('groups to which the permission is granted')) |
|
180 |
||
181 |
# explicitly add X require_permission EPermission for each entity that should have |
|
182 |
# configurable security |
|
183 |
class require_permission(RelationType): |
|
184 |
"""link a permission to the entity. This permission should be used in the |
|
185 |
security definition of the entity's type to be useful. |
|
186 |
""" |
|
187 |
permissions = { |
|
188 |
'read': ('managers', 'users', 'guests'), |
|
189 |
'add': ('managers',), |
|
190 |
'delete': ('managers',), |
|
191 |
} |
|
192 |
||
193 |
class require_group(MetaRelationType): |
|
194 |
"""used to grant a permission to a group""" |
|
195 |
permissions = { |
|
196 |
'read': ('managers', 'users', 'guests'), |
|
197 |
'add': ('managers',), |
|
198 |
'delete': ('managers',), |
|
199 |
} |
|
200 |
||
201 |
||
202 |
class see_also(RelationType): |
|
203 |
"""generic relation to link one entity to another""" |
|
204 |
symetric = True |
|
205 |
||
59
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
206 |
class ECache(MetaEntityType): |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
207 |
"""a simple cache entity characterized by a name and |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
208 |
a validity date. |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
209 |
|
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
210 |
The target application is responsible for updating timestamp |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
211 |
when necessary to invalidate the cache (typically in hooks). |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
212 |
|
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
213 |
Also, checkout the AppRsetObject.get_cache() method. |
9660bd221553
ECache should be a meta entity
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
6
diff
changeset
|
214 |
""" |
6
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
215 |
permissions = { |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
216 |
'read': ('managers', 'users', 'guests'), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
217 |
'add': ('managers',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
218 |
'update': ('managers', 'users',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
219 |
'delete': ('managers',), |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
220 |
} |
29ab115b9fcb
change permissions for Ecache
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents:
0
diff
changeset
|
221 |
|
0 | 222 |
name = String(required=True, unique=True, indexed=True, |
223 |
description=_('name of the cache')) |
|
224 |
timestamp = Datetime(default='NOW') |