schemas/__init__.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 20 Jan 2011 09:16:52 +0100
branchstable
changeset 6853 584679872fd7
parent 5424 8ecbcbff9777
child 7780 a1d5365fefc1
permissions -rw-r--r--
[schema] fix CWSource permissions
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     1
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     3
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     4
# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     5
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
     9
# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    10
#
5424
8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5421
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    14
# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    15
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4759
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
4243
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    18
"""some utilities to define schema permissions
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    19
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    20
"""
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    21
__docformat__ = "restructuredtext en"
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    22
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    23
from rql.utils import quote
4754
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    24
from cubicweb.schema import RO_REL_PERMS, RO_ATTR_PERMS, \
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    25
     PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, \
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    26
     ERQLExpression, RRQLExpression
4243
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    27
2502
324ec2056d56 document
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2501
diff changeset
    28
# permissions for "meta" entity type (readable by anyone, can only be
324ec2056d56 document
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2501
diff changeset
    29
# added/deleted by managers)
4754
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    30
META_ETYPE_PERMS = PUB_SYSTEM_ENTITY_PERMS # XXX deprecates
2502
324ec2056d56 document
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2501
diff changeset
    31
# permissions for "meta" relation type (readable by anyone, can only be
324ec2056d56 document
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2501
diff changeset
    32
# added/deleted by managers)
4754
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    33
META_RTYPE_PERMS = PUB_SYSTEM_REL_PERMS # XXX deprecates
2501
fa86d99c2c3a test and fix wf history security
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2141
diff changeset
    34
# permissions for relation type that should only set by hooks using unsafe
fa86d99c2c3a test and fix wf history security
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2141
diff changeset
    35
# execute, readable by anyone
4754
6bf17f810975 [schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4243
diff changeset
    36
HOOKS_RTYPE_PERMS = RO_REL_PERMS # XXX deprecates
4243
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    37
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    38
def _perm(names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    39
    if isinstance(names, (list, tuple)):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    40
        if len(names) == 1:
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    41
            names = quote(names[0])
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    42
        else:
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    43
            names = 'IN (%s)' % (','.join(quote(name) for name in names))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    44
    else:
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    45
        names = quote(names)
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    46
    #return u' require_permission P, P name %s, U in_group G, P require_group G' % names
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    47
    return u' require_permission P, P name %s, U has_group_permission P' % names
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    48
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    49
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    50
def xperm(*names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    51
    return 'X' + _perm(names)
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    52
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    53
def xexpr(*names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    54
    return ERQLExpression(xperm(*names))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    55
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    56
def xrexpr(relation, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    57
    return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names)))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    58
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    59
def xorexpr(relation, etype, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    60
    return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names)))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    61
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    62
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    63
def sexpr(*names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    64
    return RRQLExpression('S' + _perm(names), 'S')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    65
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    66
def restricted_sexpr(restriction, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    67
    rql = '%s, %s' % (restriction, 'S' + _perm(names))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    68
    return RRQLExpression(rql, 'S')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    69
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    70
def restricted_oexpr(restriction, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    71
    rql = '%s, %s' % (restriction, 'O' + _perm(names))
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    72
    return RRQLExpression(rql, 'O')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    73
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    74
def oexpr(*names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    75
    return RRQLExpression('O' + _perm(names), 'O')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    76
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    77
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    78
# def supdate_perm():
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    79
#     return RRQLExpression('U has_update_permission S', 'S')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    80
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    81
# def oupdate_perm():
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    82
#     return RRQLExpression('U has_update_permission O', 'O')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    83
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    84
def relxperm(rel, role, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    85
    assert role in ('subject', 'object')
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    86
    if role == 'subject':
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    87
        zxrel = ', X %s Z' % rel
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    88
    else:
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    89
        zxrel = ', Z %s X' % rel
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    90
    return 'Z' + _perm(names) + zxrel
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    91
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    92
def relxexpr(rel, role, *names):
2621de25d15a backport tracker permission utility functions into the cw.schemas package
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2502
diff changeset
    93
    return ERQLExpression(relxperm(rel, role, *names))