doc/book/en/devrepo/datamodel/definition.rst
author Julien Jehannet <julien.jehannet@logilab.fr>
Fri, 03 Dec 2010 13:09:14 +0100
branchstable
changeset 6731 3ea1f7a6311c
parent 6591 b5ed84c53b3f
child 7780 a1d5365fefc1
permissions -rw-r--r--
[book] Notes about literate testing
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4452
5d6dec2c4650 [doc] small fixes on security part
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3811
diff changeset
     1
 .. -*- coding: utf-8 -*-
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
     2
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
     3
.. _datamodel_definition:
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
     4
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
     5
Yams *schema*
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
     6
-------------
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
     7
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
     8
The **schema** is the core piece of a *CubicWeb* instance as it
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
     9
defines and handles the data model. It is based on entity types that
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    10
are either already defined in `Yams`_ and the *CubicWeb* standard
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    11
library; or more specific types defined in cubes. The schema for a
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    12
cube is defined in a `schema` python module or package.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    13
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    14
.. _`Yams`: http://www.logilab.org/project/yams
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    15
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
    16
.. _datamodel_overview:
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
    17
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    18
Overview
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    19
~~~~~~~~
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    20
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    21
The core idea of the yams schema is not far from the classical
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    22
`Entity-relationship`_ model. But while an E/R model (or `logical
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    23
model`) traditionally has to be manually translated to a lower-level
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    24
data description language (such as the SQL `create table`
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    25
sublanguage), also often described as the `physical model`, no such
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    26
step is required with |yams| and |cubicweb|.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    27
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    28
.. _`Entity-relationship`: http://en.wikipedia.org/wiki/Entity-relationship_model
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    29
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    30
This is because in addition to high-level, logical |yams| models, one
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    31
uses the |rql| data manipulation language to query, insert, update and
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    32
delete data. |rql| abstracts as much of the underlying SQL database as
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    33
a |yams| schema abstracts from the physical layout. The vagaries of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    34
SQL are avoided.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    35
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    36
As a bonus point, such abstraction make it quite comfortable to build
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    37
or use different backends to which |rql| queries apply.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    38
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    39
So, as in the E/R formalism, the building blocks are ``entities``
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    40
(:ref:`EntityType`), ``relationships`` (:ref:`RelationType`,
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    41
:ref:`RelationDefinition`) and ``attributes`` (handled like relation
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    42
with |yams|).
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    43
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    44
Let us detail a little the divergences between E/R and |yams|:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    45
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    46
* all relationship are binary which means that to represent a
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    47
  non-binary relationship, one has to use an entity,
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    48
* relationships do not support attributes (yet, see:
5349
023dbeb84cc2 [doc/book] fix wrong (https) url
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5319
diff changeset
    49
  http://www.cubicweb.org/ticket/341318), hence the need to reify it
023dbeb84cc2 [doc/book] fix wrong (https) url
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5319
diff changeset
    50
  as an entity if need arises,
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    51
* all entities have an `eid` attribute (an integer) that is its
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    52
  primary key (but it is possible to declare uniqueness on other
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    53
  attributes)
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    54
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    55
Also |yams| supports the notions of:
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
    56
5400
b7ab099b128a [doc/book] various content fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5394
diff changeset
    57
* entity inheritance (quite experimental yet, and completely
b7ab099b128a [doc/book] various content fixes
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5394
diff changeset
    58
  undocumented),
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    59
* relation type: that is, relationships can be established over a set
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    60
  of couple of entity types (henre the distinction made between
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    61
  `RelationType` and `RelationDefinition` below)
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    62
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    63
Finally |yams| has a few concepts of its own:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    64
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    65
* relationships being oriented and binary, we call the left hand
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    66
  entity type the `subject` and the right hand entity type the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    67
  `object`
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    68
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    69
.. note::
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
    70
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    71
   The |yams| schema is available at run time through the .schema
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    72
   attribute of the `vregistry`.  It's an instance of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    73
   :class:`cubicweb.schema.Schema`, which extends
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    74
   :class:`yams.schema.Schema`.
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
    75
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    76
.. _EntityType:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    77
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    78
Entity type
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    79
~~~~~~~~~~~
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
    80
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
    81
An entity type is an instance of :class:`yams.schema.EntitySchema`. Each entity type has
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
    82
a set of attributes and relations, and some permissions which define who can add, read,
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
    83
update or delete entities of this type.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
    84
6342
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    85
The following built-in types are available: ``String``,
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    86
``Int``, ``Float``, ``Decimal``, ``Boolean``,
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    87
``Date``, ``Datetime``, ``Time``, ``Interval``, ``Byte`` and
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    88
``Password``. They can only be used as attributes of an other entity
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    89
type.
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    90
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    91
There is also a `RichString` kindof type:
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    92
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    93
 .. autoclass:: yams.buildobjs.RichString
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
    94
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    95
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    96
You can find more base entity types in
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    97
:ref:`pre_defined_entity_types`.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    98
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
    99
.. XXX yams inheritance
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   100
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   101
.. _RelationType:
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   102
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   103
Relation type
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   104
~~~~~~~~~~~~~
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   105
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   106
A relation type is an instance of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   107
:class:`yams.schema.RelationSchema`. A relation type is simply a
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   108
semantic definition of a kind of relationship that may occur in an
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   109
application.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   110
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   111
It may be referenced by zero, one or more relation definitions.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   112
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   113
It is important to choose a good name, at least to avoid conflicts
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   114
with some semantically different relation defined in other cubes
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   115
(since there's only a shared name space for these names).
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   116
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   117
A relation type holds the following properties (which are hence shared
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   118
between all relation definitions of that type):
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   119
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   120
* `inlined`: boolean handling the physical optimization for archiving
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   121
  the relation in the subject entity table, instead of creating a specific
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   122
  table for the relation. This applies to relations where cardinality
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   123
  of subject->relation->object is 0..1 (`?`) or 1..1 (`1`) for *all* its relation
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   124
  definitions.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   125
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   126
* `symmetric`: boolean indicating that the relation is symmetrical, which
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   127
  means that `X relation Y` implies `Y relation X`.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   128
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   129
.. _RelationDefinition:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   130
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   131
Relation definition
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   132
~~~~~~~~~~~~~~~~~~~
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   133
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   134
A relation definition is an instance of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   135
:class:`yams.schema.RelationDefinition`. It is a complete triplet
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   136
"<subject entity type> <relation type> <object entity type>".
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   137
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   138
When creating a new instance of that class, the corresponding
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   139
:class:`RelationType` instance is created on the fly if necessary.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   140
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   141
Properties
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   142
``````````
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   143
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   144
The available properties for relation definitions are enumerated
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   145
here. There are several kind of properties, as some relation
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   146
definitions are actually attribute definitions, and other are not.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   147
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   148
Some properties may be completely optional, other may have a default
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   149
value.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   150
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   151
Common properties for attributes and relations:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   152
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   153
* `description`: an unicode string describing an attribute or a
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   154
  relation. By default this string will be used in the editing form of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   155
  the entity, which means that it is supposed to help the end-user and
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   156
  should be flagged by the function `_` to be properly
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   157
  internationalized.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   158
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   159
* `constraints`: a list of conditions/constraints that the relation has to
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   160
  satisfy (c.f. `Constraints`_)
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   161
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   162
* `cardinality`: a two character string specifying the cardinality of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   163
  the relation. The first character defines the cardinality of the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   164
  relation on the subject, and the second on the object. When a
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   165
  relation can have multiple subjects or objects, the cardinality
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   166
  applies to all, not on a one-to-one basis (so it must be
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   167
  consistent...). Default value is '**'. The possible values are
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   168
  inspired from regular expression syntax:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   169
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   170
    * `1`: 1..1
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   171
    * `?`: 0..1
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   172
    * `+`: 1..n
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   173
    * `*`: 0..n
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   174
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   175
Attributes properties:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   176
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   177
* `unique`: boolean indicating if the value of the attribute has to be
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   178
  unique or not within all entities of the same type (false by
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   179
  default)
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   180
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   181
* `indexed`: boolean indicating if an index needs to be created for
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   182
  this attribute in the database (false by default). This is useful
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   183
  only if you know that you will have to run numerous searches on the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   184
  value of this attribute.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   185
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   186
* `default`: default value of the attribute. In case of date types, the values
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   187
  which could be used correspond to the RQL keywords `TODAY` and `NOW`.
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   188
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   189
Properties for `String` attributes:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   190
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   191
* `fulltextindexed`: boolean indicating if the attribute is part of
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   192
  the full text index (false by default) (*applicable on the type
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   193
  `Byte` as well*)
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   194
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   195
* `internationalizable`: boolean indicating if the value of the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   196
  attribute is internationalizable (false by default)
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   197
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   198
Relation properties:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   199
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   200
* `composite`: string indicating that the subject (composite ==
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   201
  'subject') is composed of the objects of the relations. For the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   202
  opposite case (when the object is composed of the subjects of the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   203
  relation), we just set 'object' as value. The composition implies
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   204
  that when the relation is deleted (so when the composite is deleted,
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   205
  at least), the composed are also deleted.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   206
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   207
* `fulltext_container`: string indicating if the value if the full
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   208
  text indexation of the entity on one end of the relation should be
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   209
  used to find the entity on the other end. The possible values are
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   210
  'subject' or 'object'. For instance the use_email relation has that
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   211
  property set to 'subject', since when performing a full text search
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   212
  people want to find the entity using an email address, and not the
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   213
  entity representing the email address.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   214
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   215
Constraints
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   216
```````````
4032
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   217
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   218
By default, the available constraint types are:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   219
4032
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   220
General Constraints
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   221
......................
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   222
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   223
* `SizeConstraint`: allows to specify a minimum and/or maximum size on
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   224
  string (generic case of `maxsize`)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   225
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   226
* `BoundConstraint`: allows to specify a minimum and/or maximum value
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   227
  on numeric types and date
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   228
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   229
.. sourcecode:: python
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   230
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   231
   from yams.constraints import BoundConstraint, TODAY
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   232
   BoundConstraint('<=', TODAY())
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   233
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   234
* `IntervalBoundConstraint`: allows to specify an interval with
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   235
  included values
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   236
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   237
.. sourcecode:: python
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   238
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   239
     class Node(EntityType):
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   240
         latitude = Float(constraints=[IntervalBoundConstraint(-90, +90)])
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   241
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   242
* `UniqueConstraint`: identical to "unique=True"
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   243
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   244
* `StaticVocabularyConstraint`: identical to "vocabulary=(...)"
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   245
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   246
.. XXX Attribute, NOW
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   247
4032
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   248
RQL Based Constraints
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   249
......................
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   250
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   251
RQL based constraints may take three arguments. The first one is the ``WHERE``
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   252
clause of a RQL query used by the constraint. The second argument ``mainvars``
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   253
is the ``Any`` clause of the query. By default this include `S` reserved for the
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   254
subject of the relation and `O` for the object. Additional variables could be
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   255
specified using ``mainvars``. The argument expects a single string with all
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   256
variable's name separated by spaces. The last one, ``msg``, is the error message
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   257
displayed when the constraint fails. As RQLVocabularyConstraint never fails the
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   258
third argument is not available.
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   259
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   260
* `RQLConstraint`: allows to specify a RQL query that has to be satisfied
4032
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   261
  by the subject and/or the object of relation. In this query the variables
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   262
  `S` and `O` are reserved for the relation subject and object entities.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   263
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   264
* `RQLVocabularyConstraint`: similar to the previous type of constraint except
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   265
  that it does not express a "strong" constraint, which means it is only used to
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   266
  restrict the values listed in the drop-down menu of editing form, but it does
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   267
  not prevent another entity to be selected.
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   268
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   269
* `RQLUniqueConstraint`: allows to the specify a RQL query that ensure that an
4032
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   270
  attribute is unique in a specific context. The Query must **never** return more
c3a018efe7c9 Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 3811
diff changeset
   271
  than a single result to be satisfied. In this query the variables `S` is
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   272
  reserved for the relation subject entity. The other variables should be
4040
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   273
  specified with the second constructor argument (mainvars). This constraints
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   274
  should be used when UniqueConstraint doesn't fit. Here is a simple example.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   275
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   276
.. sourcecode:: python
4040
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   277
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   278
    # Check that in the same Workflow each state's name is unique.  Using
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   279
    # UniqueConstraint (or unique=True) here would prevent states in different
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   280
    # workflows to have the same name.
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   281
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   282
    # With: State S, Workflow W, String N ; S state_of W, S name N
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   283
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   284
    RQLUniqueConstraint('S name N, S state_of WF, Y state_of WF, Y name N',
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   285
                        mainvars='Y',
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   286
                        msg=_('workflow already has a state of that name'))
4040
00e2f1ae625d Update generic RQL Based Constraints and RQLUniqueConstraint doc
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 4032
diff changeset
   287
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   288
.. XXX note about how to add new constraint
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   289
4936
a4b772a0d801 Fixed some of the documentation warnings when building the book with sphinx.
Adrien Chauve <adrien.chauve@logilab.fr>
parents: 4744
diff changeset
   290
.. _securitymodel:
a4b772a0d801 Fixed some of the documentation warnings when building the book with sphinx.
Adrien Chauve <adrien.chauve@logilab.fr>
parents: 4744
diff changeset
   291
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   292
The security model
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   293
~~~~~~~~~~~~~~~~~~
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   294
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   295
The security model of `CubicWeb` is based on `Access Control List`.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   296
The main principles are:
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   297
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   298
* users and groups of users
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   299
* a user belongs to at least one group of user
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   300
* permissions (read, update, create, delete)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   301
* permissions are assigned to groups (and not to users)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   302
2175
16d3c37c5d28 [doc] improvements
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2172
diff changeset
   303
For *CubicWeb* in particular:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   304
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   305
* we associate rights at the entities/relations schema level
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   306
6591
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   307
* the default groups are: `managers`, `users` and `guests`
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   308
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   309
* users belong to the `users` group
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   310
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   311
* there is a virtual group called `owners` to which we can associate only
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   312
  `delete` and `update` permissions
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   313
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   314
  * we can not add users to the `owners` group, they are implicitly added to it
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   315
    according to the context of the objects they own
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   316
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   317
  * the permissions of this group are only checked on `update`/`delete` actions
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   318
    if all the other groups the user belongs to do not provide those permissions
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   319
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   320
Setting permissions is done with the attribute `__permissions__` of entities and
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   321
relation definition. The value of this attribute is a dictionary where the keys
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   322
are the access types (action), and the values are the authorized groups or
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   323
expressions.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   324
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   325
For an entity type, the possible actions are `read`, `add`, `update` and
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   326
`delete`.
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   327
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   328
For a relation, the possible actions are `read`, `add`, and `delete`.
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   329
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   330
For an attribute, the possible actions are `read`, and `update`.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   331
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   332
For each access type, a tuple indicates the name of the authorized groups and/or
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   333
one or multiple RQL expressions to satisfy to grant access. The access is
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   334
provided if the user is in one of the listed groups or if one of the RQL condition
4452
5d6dec2c4650 [doc] small fixes on security part
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3811
diff changeset
   335
is satisfied.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   336
6591
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   337
Default permissions
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   338
```````````````````
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   339
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   340
The default permissions for ``EntityType`` are:
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   341
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   342
.. sourcecode:: python
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   343
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   344
   __permissions__ = {
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   345
        'read': ('managers', 'users', 'guests',),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   346
        'update': ('managers', 'owners',),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   347
        'delete': ('managers', 'owners'),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   348
        'add': ('managers', 'users',)
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   349
        }
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   350
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   351
The default permissions for relations are:
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   352
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   353
.. sourcecode:: python
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   354
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   355
   __permissions__ = {'read': ('managers', 'users', 'guests',),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   356
                    'delete': ('managers', 'users'),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   357
                    'add': ('managers', 'users',)}
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   358
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   359
The default permissions for attributes are:
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   360
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   361
.. sourcecode:: python
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   362
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   363
   __permissions__ = {'read': ('managers', 'users', 'guests',),
b5ed84c53b3f [book] complete datamodel definition section with default permissions
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6342
diff changeset
   364
                     'update': ('managers', ERQLExpression('U has_update_permission X')),}
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   365
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   366
The standard user groups
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   367
````````````````````````
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   368
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   369
* `guests`
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   370
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   371
* `users`
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   372
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   373
* `managers`
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   374
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   375
* `owners`: virtual group corresponding to the entity's owner.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   376
  This can only be used for the actions `update` and `delete` of an entity
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   377
  type.
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   378
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   379
It is also possible to use specific groups if they are defined in the precreate
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   380
script of the cube (``migration/precreate.py``). Defining groups in postcreate
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   381
script or later makes them unavailable for security purposes (in this case, an
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   382
`sync_schema_props_perms` command has to be issued in a CubicWeb shell).
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   383
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   384
3283
4f53eb3f1331 more doc
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3144
diff changeset
   385
Use of RQL expression for write permissions
4464
437cc57f7474 fix rest syntax error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4459
diff changeset
   386
```````````````````````````````````````````
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   387
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   388
It is possible to define RQL expression to provide update permission (`add`,
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   389
`delete` and `update`) on entity type / relation definitions. An rql expression
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   390
is a piece of query (corresponds to the WHERE statement of an RQL query), and the
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   391
expression will be considered as satisfied if it returns some results. They can
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   392
not be used in `read` permission.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   393
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   394
To use RQL expression in entity type permission:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   395
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   396
* you have to use the class :class:`~cubicweb.schema.ERQLExpression`
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   397
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   398
* in this expression, the variables `X` and `U` are pre-defined references
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   399
  respectively on the current entity (on which the action is verified) and on the
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   400
  user who send the request
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   401
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   402
For RQL expressions on a relation type, the principles are the same except for
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   403
the following:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   404
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   405
* you have to use the class :class:`~cubicweb.schema.RRQLExpression` instead of
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   406
  :class:`~cubicweb.schema.ERQLExpression`
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   407
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   408
* in the expression, the variables `S`, `O` and `U` are pre-defined references to
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   409
  respectively the subject and the object of the current relation (on which the
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   410
  action is being verified) and the user who executed the query
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   411
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   412
To define security for attributes of an entity (non-final relation), you have to
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   413
use the class :class:`~cubicweb.schema.ERQLExpression` in which `X` represents
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   414
the entity the attribute belongs to.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   415
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   416
It is possible to use in those expression a special relation
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   417
`has_<ACTION>_permission` where the subject is the user (eg 'U') and the object
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   418
is any variable representing an entity (usually 'X' in
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   419
:class:`~cubicweb.schema.ERQLExpression`, 'S' or 'O' in
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   420
:class:`~cubicweb.schema.RRQLExpression`), meaning that the user needs to have
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   421
permission to execute the action <ACTION> on the entities represented by this
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   422
variable. It's recommanded to use this feature whenever possible since it
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   423
simplify greatly complex security definition and upgrade.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   424
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   425
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   426
.. sourcecode:: python
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   427
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   428
  class my_relation(RelationDefinition):
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   429
    __permissions__ = {'read': ('managers', 'users'),
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   430
                       'add': ('managers', RRQLExpression('U has_update_permission S')),
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   431
                       'delete': ('managers', RRQLExpression('U has_update_permission S'))
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   432
		       }
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   433
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   434
In the above example, user will be allowed to add/delete `my_relation` if he has
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   435
the `update` permission on the subject of the relation.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   436
5351
ecf07370e6db [doc/book] a proper note (style)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5349
diff changeset
   437
.. note::
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   438
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   439
  Potentially, the `use of an RQL expression to add an entity or a relation` can
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   440
  cause problems for the user interface, because if the expression uses the
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   441
  entity or the relation to create, we are not able to verify the permissions
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   442
  before we actually added the entity (please note that this is not a problem for
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   443
  the RQL server at all, because the permissions checks are done after the
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   444
  creation). In such case, the permission check methods
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   445
  (CubicWebEntitySchema.check_perm and has_perm) can indicate that the user is
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   446
  not allowed to create this entity while it would obtain the permission.  To
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   447
  compensate this problem, it is usually necessary in such case to use an action
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   448
  that reflects the schema permissions but which check properly the permissions
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   449
  so that it would show up only if possible.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   450
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   451
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   452
Use of RQL expression for reading rights
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   453
````````````````````````````````````````
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   454
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   455
The principles are the same but with the following restrictions:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   456
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   457
* you can not use rql expression for the `read` permission of relations and
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   458
  attributes,
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   459
6148
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   460
* you can not use special `has_<ACTION>_permission` relation in the rql
59c446a813b5 [book] more about has_<action>_permission and enhance a bit security definition section
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6120
diff changeset
   461
  expression.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   462
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   463
6120
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   464
Important notes about write permissions checking
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   465
````````````````````````````````````````````````
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   466
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   467
Write permissions (e.g. 'add', 'update', 'delete') are checked in core hooks.
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   468
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   469
When a permission is checked slightly vary according to if it's an entity or
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   470
relation, and if the relation is an attribute relation or not). It's important to
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   471
understand that since according to when a permission is checked, values returned
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   472
by rql expressions may changes, hence the permission being granted or not.
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   473
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   474
Here are the current rules:
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   475
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   476
1. permission to add/update entity and its attributes are checked:
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   477
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   478
   - on commit if the entity has been added
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   479
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   480
   - in an 'after_update_entity' hook if the entity has been updated. If it fails
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   481
     at this time, it will be retried on commit (hence you get the permission if
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   482
     you have it just after the modification or *at* commit time)
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   483
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   484
2. permission to delete an entity is checked in 'before_delete_entity' hook
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   485
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   486
3. permission to add a relation is checked either:
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   487
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   488
   - in 'before_add_relation' hook if the relation type is in the
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   489
     `BEFORE_ADD_RELATIONS` set
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   490
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   491
   - else at commit time if the relation type is in the `ON_COMMIT_ADD_RELATIONS`
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   492
     set
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   493
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   494
   - else in 'after_add_relation' hook (the default)
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   495
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   496
4. permission to delete a relation is checked in 'before_delete_relation' hook
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   497
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   498
Last but not least, remember queries issued from hooks and operation are by
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   499
default 'unsafe', eg there are no read or write security checks.
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   500
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   501
See :mod:`cubicweb.hooks.security` for more details.
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   502
c000e41316ec [book] some more documentation and cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5953
diff changeset
   503
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   504
.. _yams_example:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   505
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   506
Defining your schema using yams
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   507
-------------------------------
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   508
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   509
Entity type definition
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   510
~~~~~~~~~~~~~~~~~~~~~~
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   511
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   512
An entity type is defined by a Python class which inherits from
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   513
:class:`yams.buildobjs.EntityType`.  The class definition contains the
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   514
description of attributes and relations for the defined entity type.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   515
The class name corresponds to the entity type name. It is expected to
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   516
be defined in the module ``mycube.schema``.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   517
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   518
:Note on schema definition:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   519
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   520
 The code in ``mycube.schema`` is not meant to be executed. The class
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   521
 EntityType mentioned above is different from the EntitySchema class
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   522
 described in the previous chapter. EntityType is a helper class to
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   523
 make Entity definition easier. Yams will process EntityType classes
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   524
 and create EntitySchema instances from these class definitions. Similar
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   525
 manipulation happen for relations.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   526
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   527
When defining a schema using python files, you may use the following shortcuts:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   528
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   529
- `required`: boolean indicating if the attribute is required, ed subject cardinality is '1'
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   530
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   531
- `vocabulary`: specify static possible values of an attribute
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   532
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   533
- `maxsize`: integer providing the maximum size of a string (no limit by default)
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   534
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   535
For example:
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   536
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   537
.. sourcecode:: python
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   538
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   539
  class Person(EntityType):
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   540
    """A person with the properties and the relations necessary for my
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   541
    application"""
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   542
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   543
    last_name = String(required=True, fulltextindexed=True)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   544
    first_name = String(required=True, fulltextindexed=True)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   545
    title = String(vocabulary=('Mr', 'Mrs', 'Miss'))
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   546
    date_of_birth = Date()
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   547
    works_for = SubjectRelation('Company', cardinality='?*')
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   548
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   549
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   550
The entity described above defines three attributes of type String,
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   551
last_name, first_name and title, an attribute of type Date for the date of
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   552
birth and a relation that connects a `Person` to another entity of type
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   553
`Company` through the semantic `works_for`.
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   554
6342
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
   555
efd5ba519263 [book] Talk about RichString in 'Yams schema' section
Stephanie Marcu <stephanie.marcu@logilab.fr>
parents: 6150
diff changeset
   556
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   557
:Naming convention:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   558
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   559
 Entity class names must start with an uppercase letter. The common
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   560
 usage is to use ``CamelCase`` names.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   561
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   562
 Attribute and relation names must start with a lowercase letter. The
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   563
 common usage is to use ``underscore_separated_words``. Attribute and
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   564
 relation names starting with a single underscore are permitted, to
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   565
 denote a somewhat "protected" or "private" attribute.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   566
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   567
 In any case, identifiers starting with "CW" or "cw" are reserved for
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   568
 internal use by the framework.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   569
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   570
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   571
The name of the Python attribute corresponds to the name of the attribute
2175
16d3c37c5d28 [doc] improvements
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2172
diff changeset
   572
or the relation in *CubicWeb* application.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   573
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   574
An attribute is defined in the schema as follows::
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   575
4449
0411dca43e05 fix bad rest
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4446
diff changeset
   576
    attr_name = attr_type(properties)
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   577
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   578
where `attr_type` is one of the type listed above and `properties` is
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   579
a list of the attribute needs to satisfy (see `Properties`_
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   580
for more details).
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   581
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   582
* it is possible to use the attribute `meta` to flag an entity type as a `meta`
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   583
  (e.g. used to describe/categorize other entities)
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   584
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   585
.. XXX the paragraph below needs clarification and / or moving out in
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   586
.. another place
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   587
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   588
*Note*: if you end up with an `if` in the definition of your entity, this probably
4430
0b6a069eb29e le patch added_tips a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4040
diff changeset
   589
means that you need two separate entities that implement the `ITree` interface and
0b6a069eb29e le patch added_tips a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4040
diff changeset
   590
get the result from `.children()` which ever entity is concerned.
0b6a069eb29e le patch added_tips a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4040
diff changeset
   591
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   592
.. Inheritance
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   593
.. ```````````
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   594
.. XXX feed me
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   595
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   596
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   597
Definition of relations
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   598
~~~~~~~~~~~~~~~~~~~~~~~
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   599
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   600
.. XXX add note about defining relation type / definition
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   601
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   602
A relation is defined by a Python class heriting `RelationType`. The name
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   603
of the class corresponds to the name of the type. The class then contains
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   604
a description of the properties of this type of relation, and could as well
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   605
contain a string for the subject and a string for the object. This allows to create
2172
cf8f9180e63e delete-trailing-whitespace
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 1714
diff changeset
   606
new definition of associated relations, (so that the class can have the
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   607
definition properties from the relation) for example ::
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   608
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   609
  class locked_by(RelationType):
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   610
    """relation on all entities indicating that they are locked"""
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   611
    inlined = True
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   612
    cardinality = '?*'
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   613
    subject = '*'
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   614
    object = 'CWUser'
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   615
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   616
If provided, the `subject` and `object` attributes denote the subject
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   617
and object of the various relation definitions related to the relation
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   618
type. Allowed values for these attributes are:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   619
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   620
* a string corresponding to an entity type
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   621
* a tuple of string corresponding to multiple entity types
6150
98642a11aea3 remove some deprecated stuff about relation definition
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6148
diff changeset
   622
* the '*' special string, meaning all types of entities
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   623
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   624
When a relation is not inlined and not symmetrical, and it does not require
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   625
specific permissions, it can be defined using a `SubjectRelation`
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   626
attribute in the EntityType class. The first argument of `SubjectRelation` gives
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   627
the entity type for the object of the relation.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   628
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   629
:Naming convention:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   630
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   631
 Although this way of defining relations uses a Python class, the
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   632
 naming convention defined earlier prevails over the PEP8 conventions
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   633
 used in the framework: relation type class names use
5220
42f854b6083d [doc/book] complete chapter on hooks & ops
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5145
diff changeset
   634
 ``underscore_separated_words``.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   635
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   636
:Historical note:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   637
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   638
   It has been historically possible to use `ObjectRelation` which
5953
af48c527aea7 [doc/book] fix & enhance rql intro chapter
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5400
diff changeset
   639
   defines a relation in the opposite direction. This feature is
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   640
   deprecated and therefore should not be used in newly written code.
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   641
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   642
:Future deprecation note:
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   643
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   644
  In an even more remote future, it is quite possible that the
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   645
  SubjectRelation shortcut will become deprecated, in favor of the
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   646
  RelationType declaration which offers some advantages in the context
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   647
  of reusable cubes.
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   648
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   649
Definition of permissions
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   650
~~~~~~~~~~~~~~~~~~~~~~~~~~
4452
5d6dec2c4650 [doc] small fixes on security part
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3811
diff changeset
   651
The entity type `CWPermission` from the standard library
5d6dec2c4650 [doc] small fixes on security part
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3811
diff changeset
   652
allows to build very complex and dynamic security architectures. The schema of
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   653
this entity type is as follow:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   654
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   655
.. sourcecode:: python
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   656
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   657
    class CWPermission(EntityType):
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   658
        """entity type that may be used to construct some advanced security configuration
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   659
        """
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   660
        name = String(required=True, indexed=True, internationalizable=True, maxsize=100)
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   661
        require_group = SubjectRelation('CWGroup', cardinality='+*',
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   662
                                        description=_('groups to which the permission is granted'))
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   663
        require_state = SubjectRelation('State',
3144
a5deac822a13 Bugfix: message was not written in english
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 2476
diff changeset
   664
                                        description=_("entity's state in which the permission is applicable"))
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   665
        # can be used on any entity
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   666
        require_permission = ObjectRelation('**', cardinality='*1', composite='subject',
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   667
                                            description=_("link a permission to the entity. This "
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   668
                                                          "permission should be used in the security "
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   669
                                                          "definition of the entity's type to be useful."))
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   670
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   671
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   672
Example of configuration:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   673
4437
21f2e01fdd6a update exemples using the 3.6 api and add/fix some sections (schema, vreg, talk about CW_MODE in concepts...). So much to do :'(
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4430
diff changeset
   674
.. sourcecode:: python
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   675
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   676
    class Version(EntityType):
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   677
        """a version is defining the content of a particular project's release"""
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   678
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   679
        __permissions__ = {'read':   ('managers', 'users', 'guests',),
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   680
                           'update': ('managers', 'logilab', 'owners',),
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   681
                           'delete': ('managers', ),
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   682
                           'add':    ('managers', 'logilab',
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   683
                                       ERQLExpression('X version_of PROJ, U in_group G,'
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   684
                                                 'PROJ require_permission P, P name "add_version",'
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   685
                                                 'P require_group G'),)}
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   686
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   687
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   688
    class version_of(RelationType):
4459
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   689
        """link a version to its project. A version is necessarily linked to one and only one project.
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   690
        """
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   691
        __permissions__ = {'read':   ('managers', 'users', 'guests',),
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   692
                           'delete': ('managers', ),
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   693
                           'add':    ('managers', 'logilab',
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   694
                                  RRQLExpression('O require_permission P, P name "add_version",'
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   695
                                                 'U in_group G, P require_group G'),)
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   696
                       }
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   697
        inlined = True
f628abfb3a6c backport stable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4449 4452
diff changeset
   698
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   699
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   700
This configuration indicates that an entity `CWPermission` named
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   701
"add_version" can be associated to a project and provides rights to create
5145
bfa4d775219f added information about the naming conventions in schema.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4936
diff changeset
   702
new versions on this project to specific groups. It is important to notice that:
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   703
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   704
* in such case, we have to protect both the entity type "Version" and the relation
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   705
  associating a version to a project ("version_of")
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   706
3283
4f53eb3f1331 more doc
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 3144
diff changeset
   707
* because of the genericity of the entity type `CWPermission`, we have to execute
1714
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   708
  a unification with the groups and/or the states if necessary in the expression
a721966779be new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff changeset
   709
  ("U in_group G, P require_group G" in the above example)
5319
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   710
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   711
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   712
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   713
Handling schema changes
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   714
~~~~~~~~~~~~~~~~~~~~~~~
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   715
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   716
Also, it should be clear that to properly handle data migration, an
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   717
instance's schema is stored in the database, so the python schema file
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   718
used to defined it is only read when the instance is created or
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   719
upgraded.
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   720
9b1b7020d179 [doc/book] an introduction to yams, layout tweaks
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5220
diff changeset
   721
.. XXX complete me