.. -*- coding: utf-8 -*-

Yams *schema*

-------------

The **schema** is the core piece of a *CubicWeb* instance as it defines

the handled data model. It is based on entity types that are either already

defined in the *CubicWeb* standard library; or more specific types defined

in cubes. The schema for a cube is defined in a :file:schema.py file or in

one or more Python files under the :file:`schema` directory (python package).

At this point, it is important to make clear the difference between

*relation type* and *relation definition*: a *relation type* is only a relation

name with potentially other additional properties (see below), whereas a

*relation definition* is a complete triplet

"<subject entity type> <relation type> <object entity type>".

Also, it should be clear that to properly handle data migration, an

instance's schema

is stored in the database, so the python schema file used to defined it is only read

when the instance is created or upgraded.

The following built-in types are available: `String`, `Int`, `Float`,

`Decimal`, `Boolean`, `Date`, `Datetime`, `Time`, `Interval`, `Byte`

and `Password`.

You'll also have access to :ref:`base CubicWeb entity types <CWBaseEntityTypes>`.

The instance schema is accessible through the .schema attribute of the

`vregistry`.  It's an instance of :class:`cubicweb.schema.Schema`, which

extends :class:`yams.schema.Schema`.

:note:

  In previous yams versions, almost all classes where available without

  any import, but the should now be explicitly imported.

Entity type

~~~~~~~~~~~

An entity type is an instance of :class:`yams.schema.EntitySchema`. Each entity type has

a set of attributes and relations, and some permissions which define who can add, read,

update or delete entities of this type.

XXX yams inheritance

Relation type

~~~~~~~~~~~~~

A relation type is an instance of :class:`yams.schema.RelationSchema`. A relation type is simply

a semantic definition of a kind of relationship that may occur in an application.

It is important to choose a good name, at least to avoid conflicts with some semantically

different relation defined in other cubes (since we've no name space yet).

A relation type holds the following properties (which are hence shared between all

relation definitions of that type):

* `inlined`: boolean handling the physical optimization for archiving

  the relation in the subject entity table, instead of creating a specific

  table for the relation. This applies to relations where cardinality

  of subject->relation->object is 0..1 (`?`) or 1..1 (`1`) for *all* its relation

  definitions.

* `symmetric`: boolean indicating that the relation is symmetrical, which

  means that `X relation Y` implies `Y relation X`.

Relation definition

~~~~~~~~~~~~~~~~~~~

A relation definition is an instance of :class:`yams.schema.RelationDefinition`. It is a complete triplet

"<subject entity type> <relation type> <object entity type>".

When creating a new instance of that class, the corresponding

:class:`RelationType` instance is created on the fly if necessary.

Properties

``````````

* Optional properties for attributes and relations:

  - `description`: a string describing an attribute or a relation. By default

    this string will be used in the editing form of the entity, which means

    that it is supposed to help the end-user and should be flagged by the

    function `_` to be properly internationalized.

  - `constraints`: a list of conditions/constraints that the relation has to

    satisfy (c.f. `Constraints`_)

  - `cardinality`: a two character string specifying the cardinality of the

    relation. The first character defines the cardinality of the relation on

    the subject, and the second on the object. When a relation can have

    multiple subjects or objects, the cardinality applies to all,

    not on a one-to-one basis (so it must be consistent...). The possible

    values are inspired from regular expression syntax:

    * `1`: 1..1

    * `?`: 0..1

    * `+`: 1..n

    * `*`: 0..n

* optional properties for attributes:

  - `unique`: boolean indicating if the value of the attribute has to be unique

    or not within all entities of the same type (false by default)

  - `indexed`: boolean indicating if an index needs to be created for this

    attribute in the database (false by default). This is useful only if

    you know that you will have to run numerous searches on the value of this

    attribute.

  - `default`: default value of the attribute. In case of date types, the values

    which could be used correspond to the RQL keywords `TODAY` and `NOW`.

* optional properties for type `String` attributes:

  - `fulltextindexed`: boolean indicating if the attribute is part of

    the full text index (false by default) (*applicable on the type `Byte`

    as well*)

  - `internationalizable`: boolean indicating if the value of the attribute

    is internationalizable (false by default)

* optional properties for relations:

  - `composite`: string indicating that the subject (composite == 'subject')

    is composed of the objects of the relations. For the opposite case (when

    the object is composed of the subjects of the relation), we just set

    'object' as value. The composition implies that when the relation

    is deleted (so when the composite is deleted, at least), the composed are also deleted.

  - `fulltext_container`: string indicating if the value if the full text

    indexation of the entity on one end of the relation should be used

    to find the entity on the other end. The possible values are

    'subject' or 'object'. For instance the use_email relation has

    that property set to 'subject', since when performing a full text

    search people want to find the entity using an email address, and not

    the entity representing the email address.

Constraints

```````````

By default, the available constraint types are:

General Constraints

......................

* `SizeConstraint`: allows to specify a minimum and/or maximum size on

  string (generic case of `maxsize`)

* `UniqueConstraint`: identical to "unique=True"

* `StaticVocabularyConstraint`: identical to "vocabulary=(...)"

RQL Based Constraints

......................

RQL based constraints may take three arguments. The first one is the ``WHERE``

clause of a RQL query used by the constraint. The second argument ``mainvars``

is the ``Any`` clause of the query. By default this include `S` reserved for the

subject of the relation and `O` for the object. Additional variables could be

specified using ``mainvars``. The argument expects a single string with all

variable's name separated by spaces. The last one, ``msg``, is the error message

displayed when the constraint fails. As RQLVocabularyConstraint never fails the

third argument is not available.

* `RQLConstraint`: allows to specify a RQL query that has to be satisfied

  by the subject and/or the object of relation. In this query the variables

  `S` and `O` are reserved for the relation subject and object entities.

* `RQLVocabularyConstraint`: similar to the previous type of constraint except

  that it does not express a "strong" constraint, which means it is only used to

  restrict the values listed in the drop-down menu of editing form, but it does

  not prevent another entity to be selected.

* `RQLUniqueConstraint`: allows to the specify a RQL query that ensure that an

  attribute is unique in a specific context. The Query must **never** return more

  than a single result to be satisfied. In this query the variables `S` is

  reserved for the relation subject entity. The other variables should be

  specified with the second constructor argument (mainvars). This constraints

  should be used when UniqueConstraint doesn't fit. Here is a simple example ::

    # Check that in the same Workflow each state's name is unique.  Using

    # UniqueConstraint (or unique=True) here would prevent states in different

    # workflows to have the same name.

    # With: State S, Workflow W, String N ; S state_of W, S name N

    RQLUniqueConstraint('S name N, S state_of WF, Y state_of WF, Y name N',

                        mainvars='Y',

                        msg=_('workflow already have a state of that name'))

XXX note about how to add new constraint

.. _securitymodel:

The security model

~~~~~~~~~~~~~~~~~~

The security model of `CubicWeb` is based on `Access Control List`.

The main principles are:

* users and groups of users

* a user belongs to at least one group of user

* permissions (read, update, create, delete)

* permissions are assigned to groups (and not to users)

For *CubicWeb* in particular:

* we associate rights at the entities/relations schema level

* for each entity, we distinguish four kinds of permissions: `read`,

  `add`, `update` and `delete`

* for each relation, we distinguish three kinds of permissions: `read`,

  `add` and `delete` (it is not possible to `modify` a relation)

* the default groups are: `administrators`, `users` and `guests`

* by default, users belong to the `users` group

* there is a virtual group called `owners` to which we

  can associate only `delete` and `update` permissions

  * we can not add users to the `Owners` group, they are

    implicitly added to it according to the context of the objects

    they own

  * the permissions of this group are only checked on `update`/`delete`

    actions if all the other groups the user belongs to do not provide

    those permissions

Setting permissions is done with the attribute `__permissions__` of entities and

relation types. The value of this attribute is a dictionary where the keys are the access types

(action), and the values are the authorized groups or expressions.

For an entity type, the possible actions are `read`, `add`, `update` and

`delete`.

For a relation type, the possible actions are `read`, `add`, and `delete`.

For each access type, a tuple indicates the name of the authorized groups and/or

one or multiple RQL expressions to satisfy to grant access. The access is

provided if the user is in one of the listed groups or if one of the RQL condition

is satisfied.

The standard user groups

````````````````````````

* `guests`

* `users`

* `managers`

* `owners`: virtual group corresponding to the entity's owner.

  This can only be used for the actions `update` and `delete` of an entity

  type.

It is also possible to use specific groups if they are defined in the

precreate script of the cube (``migration/precreate.py``). Defining groups in

postcreate script or later makes them unavailable for security

purposes (in this case, an `sync_schema_props_perms` command has to

be issued in a CubicWeb shell).

Use of RQL expression for write permissions

```````````````````````````````````````````

It is possible to define RQL expression to provide update permission

(`add`, `delete` and `update`) on relation and entity types.

RQL expression for entity type permission:

* you have to use the class `ERQLExpression`

* the used expression corresponds to the WHERE statement of an RQL query

* in this expression, the variables `X` and `U` are pre-defined references

  respectively on the current entity (on which the action is verified) and

  on the user who send the request

* it is possible to use, in this expression, a special relation

  "has_<ACTION>_permission" where the subject is the user and the

  object is any variable, meaning that the user needs to have

  permission to execute the action <ACTION> on the entities related

  to this variable

For RQL expressions on a relation type, the principles are the same except

for the following:

* you have to use the class `RRQLExpression` in the case of a non-final relation

* in the expression, the variables `S`, `O` and `U` are pre-defined references

  to respectively the subject and the object of the current relation (on

  which the action is being verified) and the user who executed the query

* we can also define rights over attributes of an entity (non-final relation),

  knowing that:

  - to define RQL expression, we have to use the class `ERQLExpression`

    in which `X` represents the entity the attribute belongs to

  - the permissions `add` and `delete` are equivalent. Only `add`/`read`

    are actually taken in consideration.

:Note on the use of RQL expression for `add` permission:

  Potentially, the use of an RQL expression to add an entity or a

  relation can cause problems for the user interface, because if the

  expression uses the entity or the relation to create, then we are

  not able to verify the permissions before we actually add the entity

  (please note that this is not a problem for the RQL server at all,

  because the permissions checks are done after the creation). In such

  case, the permission check methods (CubicWebEntitySchema.check_perm

  and has_perm) can indicate that the user is not allowed to create

  this entity but can obtain the permission.

  To compensate this problem, it is usually necessary, for such case,

  to use an action that reflects the schema permissions but which enables

  to check properly the permissions so that it would show up if necessary.

Use of RQL expression for reading rights

````````````````````````````````````````

The principles are the same but with the following restrictions:

* we can not use `RRQLExpression` on relation types for reading

* special relations "has_<ACTION>_permission" can not be used

Defining your schema using yams

-------------------------------

Entity type definition

~~~~~~~~~~~~~~~~~~~~~~

An entity type is defined by a Python class which inherits from

:class:`yams.buildobjs.EntityType`.  The class definition contains the

description of attributes and relations for the defined entity type.

The class name corresponds to the entity type name. It is expected to

be defined in the module ``mycube.schema``.

:Note on schema definition:

 The code in ``mycube.schema`` is not meant to be executed. The class

 EntityType mentioned above is different from the EntitySchema class

 described in the previous chapter. EntityType is a helper class to

 make Entity definition easier. Yams will process EntityType classes

 and create EntitySchema instances from these class definitions. Similar

 manipulation happen for relations.

When defining a schema using python files, you may use the following shortcuts:

- `required`: boolean indicating if the attribute is required, ed subject cardinality is '1'

- `vocabulary`: specify static possible values of an attribute

- `maxsize`: integer providing the maximum size of a string (no limit by default)

For example:

.. sourcecode:: python

  class Person(EntityType):

    """A person with the properties and the relations necessary for my

    application"""

    last_name = String(required=True, fulltextindexed=True)

    first_name = String(required=True, fulltextindexed=True)

    title = String(vocabulary=('Mr', 'Mrs', 'Miss'))

    date_of_birth = Date()

    works_for = SubjectRelation('Company', cardinality='?*')

The entity described above defines three attributes of type String,

last_name, first_name and title, an attribute of type Date for the date of

birth and a relation that connects a `Person` to another entity of type

`Company` through the semantic `works_for`.

:Naming convention:

 Entity class names must start with an uppercase letter. The common

 usage is to use ``CamelCase`` names.

 Attribute and relation names must start with a lowercase letter. The

 common usage is to use ``underscore_separated_words``. Attribute and

 relation names starting with a single underscore are permitted, to

 denote a somewhat "protected" or "private" attribute.

 In any case, identifiers starting with "CW" or "cw" are reserved for

 internal use by the framework.

The name of the Python attribute corresponds to the name of the attribute

or the relation in *CubicWeb* application.

An attribute is defined in the schema as follows::

    attr_name = attr_type(properties)

where `attr_type` is one of the type listed above and `properties` is

a list of the attribute needs to satisfy (see `Properties`_

for more details).

* it is possible to use the attribute `meta` to flag an entity type as a `meta`

  (e.g. used to describe/categorize other entities)

.. XXX the paragraph below needs clarification and / or moving out in

.. another place

*Note*: if you end up with an `if` in the definition of your entity, this probably

means that you need two separate entities that implement the `ITree` interface and

get the result from `.children()` which ever entity is concerned.

Inheritance

```````````

XXX feed me

Definition of relations

~~~~~~~~~~~~~~~~~~~~~~~

XXX add note about defining relation type / definition

A relation is defined by a Python class heriting `RelationType`. The name

of the class corresponds to the name of the type. The class then contains

a description of the properties of this type of relation, and could as well

contain a string for the subject and a string for the object. This allows to create

new definition of associated relations, (so that the class can have the

definition properties from the relation) for example ::

  class locked_by(RelationType):

    """relation on all entities indicating that they are locked"""

    inlined = True

    cardinality = '?*'

    subject = '*'

    object = 'CWUser'

If provided, the `subject` and `object` attributes denote the subject

and object of the various relation definitions related to the relation

type. Allowed values for these attributes are:

* a string corresponding to an entity type

* a tuple of string corresponding to multiple entity types

* special string such as follows:

  - "**": all types of entities

  - "*": all types of non-meta entities

  - "@": all types of meta entities but not system entities (e.g. used for

    the basic schema description)