author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Mon, 11 Jul 2011 09:15:54 +0200 | |
changeset 7639 | 5c9e94a09e97 |
parent 7371 | 233b761201e4 |
child 7780 | a1d5365fefc1 |
permissions | -rw-r--r-- |
7120
e8b6fc55df2d
[cwuser, persistent properties] fix recent set_property implementation on CWUser: for_user is automatically handled for non-managers users (this is seriously debatable though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7110
diff
changeset
|
1 |
# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
5556
9ab2b4c74baf
[entity] introduce a new 'adapters' registry
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
18 |
"""entity classes user and group entities""" |
583
d0c6f5efb837
fix rtags to have correct msgids for bookmarked_by relation
sylvain.thenault@logilab.fr
parents:
0
diff
changeset
|
19 |
|
d0c6f5efb837
fix rtags to have correct msgids for bookmarked_by relation
sylvain.thenault@logilab.fr
parents:
0
diff
changeset
|
20 |
__docformat__ = "restructuredtext en" |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
21 |
|
0 | 22 |
from logilab.common.decorators import cached |
23 |
||
24 |
from cubicweb import Unauthorized |
|
25 |
from cubicweb.entities import AnyEntity, fetch_config |
|
26 |
||
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
27 |
class CWGroup(AnyEntity): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2784
diff
changeset
|
28 |
__regid__ = 'CWGroup' |
0 | 29 |
fetch_attrs, fetch_order = fetch_config(['name']) |
1343
659d3dc42e68
sort on EUser.login/EGroup.name in vocabulary
sylvain.thenault@logilab.fr
parents:
1154
diff
changeset
|
30 |
fetch_unrelated_order = fetch_order |
0 | 31 |
|
7371
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
32 |
def grant_permission(self, entity, pname, plabel=None): |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
33 |
"""grant local `pname` permission on `entity` to this group using |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
34 |
:class:`CWPermission`. |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
35 |
|
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
36 |
If a similar permission already exists, add the group to it, else create |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
37 |
a new one. |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
38 |
""" |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
39 |
if not self._cw.execute( |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
40 |
'SET X require_group G WHERE E eid %(e)s, G eid %(g)s, ' |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
41 |
'E require_permission X, X name %(name)s, X label %(label)s', |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
42 |
{'e': entity.eid, 'g': self.eid, |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
43 |
'name': pname, 'label': plabel}): |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
44 |
self._cw.create_entity('CWPermission', name=pname, label=plabel, |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
45 |
require_group=self, |
233b761201e4
[cwpermission, cwgroup] convenience method on CWGroup to grant a local permission (ie CWPermission) on an entity
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7370
diff
changeset
|
46 |
reverse_require_permission=entity) |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
47 |
|
4246
c95b8c7e5fb2
don't use matching_groups() for is_in_group implementation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
48 |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
49 |
class CWUser(AnyEntity): |
3377
dd9d292b6a6d
use __regid__ instead of id on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2784
diff
changeset
|
50 |
__regid__ = 'CWUser' |
0 | 51 |
fetch_attrs, fetch_order = fetch_config(['login', 'firstname', 'surname']) |
1343
659d3dc42e68
sort on EUser.login/EGroup.name in vocabulary
sylvain.thenault@logilab.fr
parents:
1154
diff
changeset
|
52 |
fetch_unrelated_order = fetch_order |
1553 | 53 |
|
0 | 54 |
# used by repository to check if the user can log in or not |
55 |
AUTHENTICABLE_STATES = ('activated',) |
|
56 |
||
57 |
# low level utilities ##################################################### |
|
58 |
def __init__(self, *args, **kwargs): |
|
59 |
groups = kwargs.pop('groups', None) |
|
60 |
properties = kwargs.pop('properties', None) |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
61 |
super(CWUser, self).__init__(*args, **kwargs) |
0 | 62 |
if groups is not None: |
63 |
self._groups = groups |
|
64 |
if properties is not None: |
|
65 |
self._properties = properties |
|
1553 | 66 |
|
0 | 67 |
@property |
68 |
def groups(self): |
|
69 |
try: |
|
70 |
return self._groups |
|
71 |
except AttributeError: |
|
72 |
self._groups = set(g.name for g in self.in_group) |
|
73 |
return self._groups |
|
1553 | 74 |
|
0 | 75 |
@property |
76 |
def properties(self): |
|
77 |
try: |
|
78 |
return self._properties |
|
79 |
except AttributeError: |
|
80 |
self._properties = dict((p.pkey, p.value) for p in self.reverse_for_user) |
|
81 |
return self._properties |
|
82 |
||
83 |
def property_value(self, key): |
|
84 |
try: |
|
85 |
# properties stored on the user aren't correctly typed |
|
86 |
# (e.g. all values are unicode string) |
|
3380
3be33dc83d8b
use ._cw.vreg instead of vreg on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3378
diff
changeset
|
87 |
return self._cw.vreg.typed_value(key, self.properties[key]) |
0 | 88 |
except KeyError: |
89 |
pass |
|
90 |
except ValueError: |
|
3380
3be33dc83d8b
use ._cw.vreg instead of vreg on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3378
diff
changeset
|
91 |
self.warning('incorrect value for eproperty %s of user %s', |
3be33dc83d8b
use ._cw.vreg instead of vreg on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3378
diff
changeset
|
92 |
key, self.login) |
3be33dc83d8b
use ._cw.vreg instead of vreg on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3378
diff
changeset
|
93 |
return self._cw.vreg.property_value(key) |
1553 | 94 |
|
7110
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
95 |
def set_property(self, pkey, value): |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
96 |
value = unicode(value) |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
97 |
try: |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
98 |
prop = self._cw.execute( |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
99 |
'CWProperty X WHERE X pkey %(k)s, X for_user U, U eid %(u)s', |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
100 |
{'k': pkey, 'u': self.eid}).get_entity(0, 0) |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
101 |
except: |
7120
e8b6fc55df2d
[cwuser, persistent properties] fix recent set_property implementation on CWUser: for_user is automatically handled for non-managers users (this is seriously debatable though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7110
diff
changeset
|
102 |
kwargs = dict(pkey=unicode(pkey), value=value) |
e8b6fc55df2d
[cwuser, persistent properties] fix recent set_property implementation on CWUser: for_user is automatically handled for non-managers users (this is seriously debatable though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7110
diff
changeset
|
103 |
if self.is_in_group('managers'): |
e8b6fc55df2d
[cwuser, persistent properties] fix recent set_property implementation on CWUser: for_user is automatically handled for non-managers users (this is seriously debatable though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7110
diff
changeset
|
104 |
kwargs['for_user'] = self |
e8b6fc55df2d
[cwuser, persistent properties] fix recent set_property implementation on CWUser: for_user is automatically handled for non-managers users (this is seriously debatable though)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7110
diff
changeset
|
105 |
self._cw.create_entity('CWProperty', **kwargs) |
7110
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
106 |
else: |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
107 |
prop.set_attributes(value=value) |
73b3e0e095d3
[cwprops] add set_property method on CWUser instances, to ease setting of user specific properties
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5556
diff
changeset
|
108 |
|
0 | 109 |
def matching_groups(self, groups): |
110 |
"""return the number of the given group(s) in which the user is |
|
111 |
||
112 |
:type groups: str or iterable(str) |
|
113 |
:param groups: a group name or an iterable on group names |
|
114 |
""" |
|
115 |
if isinstance(groups, basestring): |
|
116 |
groups = frozenset((groups,)) |
|
117 |
elif isinstance(groups, (tuple, list)): |
|
118 |
groups = frozenset(groups) |
|
4246
c95b8c7e5fb2
don't use matching_groups() for is_in_group implementation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4212
diff
changeset
|
119 |
return len(groups & self.groups) # XXX return the resulting set instead of its size |
0 | 120 |
|
121 |
def is_in_group(self, group): |
|
122 |
"""convience / shortcut method to test if the user belongs to `group` |
|
123 |
""" |
|
4402
360c532070f5
[entities] fix CWUser.is_in_group implementation
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
4246
diff
changeset
|
124 |
return group in self.groups |
0 | 125 |
|
590 | 126 |
def is_anonymous(self): |
127 |
""" checks if user is an anonymous user""" |
|
128 |
#FIXME on the web-side anonymous user is detected according |
|
129 |
# to config['anonymous-user'], we don't have this info on |
|
1553 | 130 |
# the server side. |
590 | 131 |
return self.groups == frozenset(('guests', )) |
132 |
||
0 | 133 |
def owns(self, eid): |
134 |
try: |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4436
diff
changeset
|
135 |
return self._cw.execute( |
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4436
diff
changeset
|
136 |
'Any X WHERE X eid %(x)s, X owned_by U, U eid %(u)s', |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
137 |
{'x': eid, 'u': self.eid}) |
0 | 138 |
except Unauthorized: |
139 |
return False |
|
140 |
owns = cached(owns, keyarg=1) |
|
141 |
||
142 |
def has_permission(self, pname, contexteid=None): |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
143 |
rql = 'Any P WHERE P is CWPermission, U eid %(u)s, U in_group G, '\ |
0 | 144 |
'P name %(pname)s, P require_group G' |
145 |
kwargs = {'pname': pname, 'u': self.eid} |
|
146 |
if contexteid is not None: |
|
147 |
rql += ', X require_permission P, X eid %(x)s' |
|
148 |
kwargs['x'] = contexteid |
|
149 |
try: |
|
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
150 |
return self._cw.execute(rql, kwargs) |
0 | 151 |
except Unauthorized: |
152 |
return False |
|
1553 | 153 |
|
0 | 154 |
# presentation utilities ################################################## |
1553 | 155 |
|
0 | 156 |
def name(self): |
157 |
"""construct a name using firstname / surname or login if not defined""" |
|
1553 | 158 |
|
0 | 159 |
if self.firstname and self.surname: |
3378
2f25f701301d
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3377
diff
changeset
|
160 |
return self._cw._('%(firstname)s %(surname)s') % { |
0 | 161 |
'firstname': self.firstname, 'surname' : self.surname} |
162 |
if self.firstname: |
|
163 |
return self.firstname |
|
164 |
return self.login |
|
165 |
||
166 |
def dc_title(self): |
|
167 |
return self.login |
|
168 |
||
169 |
dc_long_title = name |
|
170 |
||
171 |
from logilab.common.deprecation import class_renamed |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
172 |
EUser = class_renamed('EUser', CWUser) |
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1343
diff
changeset
|
173 |
EGroup = class_renamed('EGroup', CWGroup) |