cubicweb: schemas/__init__.py@40a49f4350a5 (annotated)

7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	1	# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
5421 8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	2	# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	3	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	4	# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	5	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	6	# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	7	# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	8	# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	9	# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	10	#
5424 8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 5421 diff changeset	11	# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421 8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	12	# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	13	# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	14	# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	15	#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	16	# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time. Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4759 diff changeset	17	# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	18	"""some utilities to define schema permissions
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	19
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	20	"""
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	21	__docformat__ = "restructuredtext en"
2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	22
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	23	from rql.utils import quote
4754 6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	24	from cubicweb.schema import RO_REL_PERMS, RO_ATTR_PERMS, \
6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	25	PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, \
6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	26	ERQLExpression, RRQLExpression
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	27
2502 324ec2056d56 document Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2501 diff changeset	28	# permissions for "meta" entity type (readable by anyone, can only be
324ec2056d56 document Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2501 diff changeset	29	# added/deleted by managers)
4754 6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	30	META_ETYPE_PERMS = PUB_SYSTEM_ENTITY_PERMS # XXX deprecates
2502 324ec2056d56 document Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2501 diff changeset	31	# permissions for "meta" relation type (readable by anyone, can only be
324ec2056d56 document Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2501 diff changeset	32	# added/deleted by managers)
4754 6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	33	META_RTYPE_PERMS = PUB_SYSTEM_REL_PERMS # XXX deprecates
2501 fa86d99c2c3a test and fix wf history security Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2141 diff changeset	34	# permissions for relation type that should only set by hooks using unsafe
fa86d99c2c3a test and fix wf history security Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2141 diff changeset	35	# execute, readable by anyone
4754 6bf17f810975 [schema] new constants for permissions definitions Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 4243 diff changeset	36	HOOKS_RTYPE_PERMS = RO_REL_PERMS # XXX deprecates
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	37
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	38	def _perm(names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	39	if isinstance(names, (list, tuple)):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	40	if len(names) == 1:
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	41	names = quote(names[0])
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	42	else:
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	43	names = 'IN (%s)' % (','.join(quote(name) for name in names))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	44	else:
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	45	names = quote(names)
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	46	#return u' require_permission P, P name %s, U in_group G, P require_group G' % names
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	47	return u' require_permission P, P name %s, U has_group_permission P' % names
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	48
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	49
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	50	def xperm(*names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	51	return 'X' + _perm(names)
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	52
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	53	def xexpr(*names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	54	return ERQLExpression(xperm(*names))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	55
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	56	def xrexpr(relation, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	57	return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names)))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	58
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	59	def xorexpr(relation, etype, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	60	return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names)))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	61
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	62
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	63	def sexpr(*names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	64	return RRQLExpression('S' + _perm(names), 'S')
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	65
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	66	def restricted_sexpr(restriction, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	67	rql = '%s, %s' % (restriction, 'S' + _perm(names))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	68	return RRQLExpression(rql, 'S')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	69
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	70	def restricted_oexpr(restriction, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	71	rql = '%s, %s' % (restriction, 'O' + _perm(names))
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	72	return RRQLExpression(rql, 'O')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	73
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	74	def oexpr(*names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	75	return RRQLExpression('O' + _perm(names), 'O')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	76
4243 2621de25d15a backport tracker permission utility functions into the cw.schemas package Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 2502 diff changeset	77
7782 40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	78	# def supdate_perm():
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	79	# return RRQLExpression('U has_update_permission S', 'S')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	80
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	81	# def oupdate_perm():
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	82	# return RRQLExpression('U has_update_permission O', 'O')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	83
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	84	def relxperm(rel, role, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	85	assert role in ('subject', 'object')
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	86	if role == 'subject':
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	87	zxrel = ', X %s Z' % rel
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	88	else:
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	89	zxrel = ', Z %s X' % rel
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	90	return 'Z' + _perm(names) + zxrel
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	91
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	92	def relxexpr(rel, role, *names):
40a49f4350a5 backout 7780:a1d5365fefc1 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 7780 diff changeset	93	return ERQLExpression(relxperm(rel, role, *names))

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Tue, 13 Sep 2011 15:40:06 +0200
branch	stable
changeset 7782	40a49f4350a5
parent 7780	a1d5365fefc1
child 7797	a71618a75b53
permissions	-rw-r--r--