cubicweb: doc/book/en/tutorials/advanced/index.rst@7f89e01d5a6f (annotated)

5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	1	.. _advanced_tutorial:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	2
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	3	Building a photo gallery with CubicWeb
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	4	======================================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	5
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	6	Desired features
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	7	----------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	8
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	9	* basically a photo gallery
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	10
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	11	* photo stored on the file system and displayed dynamically through a web interface
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	12
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	13	* navigation through folder (album), tags, geographical zone, people on the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	14	picture... using facets
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	15
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	16	* advanced security (not everyone can see everything). More on this later.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	17
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	18
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	19	Cube creation and schema definition
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	20	-----------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	21
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	22	.. _adv_tuto_create_new_cube:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	23
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	24	Step 1: creating a new cube for my web site
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	25	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	26
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	27	One note about my development environment: I wanted to use the packaged
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	28	version of CubicWeb and cubes while keeping my cube in my user
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	29	directory, let's say `~src/cubes`. I achieve this by setting the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	30	following environment variables::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	31
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	32	CW_CUBES_PATH=~/src/cubes
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	33	CW_MODE=user
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	34
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	35	I can now create the cube which will hold custom code for this web
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	36	site using::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	37
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	38	cubicweb-ctl newcube --directory=~/src/cubes sytweb
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	39
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	40
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	41	.. _adv_tuto_assemble_cubes:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	42
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	43	Step 2: pick building blocks into existing cubes
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	44	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	45
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	46	Almost everything I want to handle in my web-site is somehow already modelized in
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	47	existing cubes that I'll extend for my need. So I'll pick the following cubes:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	48
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	49	* `folder`, containing the `Folder` entity type, which will be used as
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	50	both 'album' and a way to map file system folders. Entities are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	51	added to a given folder using the `filed_under` relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	52
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	53	* `file`, containing `File` and `Image` entity types, gallery view,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	54	and a file system import utility.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	55
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	56	* `zone`, containing the `Zone` entity type for hierarchical geographical
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	57	zones. Entities (including sub-zones) are added to a given zone using the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	58	`situated_in` relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	59
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	60	* `person`, containing the `Person` entity type plus some basic views.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	61
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	62	* `comment`, providing a full commenting system allowing one to comment entity types
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	63	supporting the `comments` relation by adding a `Comment` entity.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	64
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	65	* `tag`, providing a full tagging system as an easy and powerful way to classify
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	66	entities supporting the `tags` relation by linking the to `Tag` entities. This
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	67	will allows navigation into a large number of picture.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	68
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	69	Ok, now I'll tell my cube requires all this by editing cubes/sytweb/__pkginfo__.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	70
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	71	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	72
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	73	__depends_cubes__ = {'file': '>= 1.2.0',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	74	'folder': '>= 1.1.0',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	75	'person': '>= 1.2.0',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	76	'comment': '>= 1.2.0',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	77	'tag': '>= 1.2.0',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	78	'zone': None,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	79	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	80	__depends__ = {'cubicweb': '>= 3.5.10',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	81	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	82	for key,value in __depends_cubes__.items():
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	83	__depends__['cubicweb-'+key] = value
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	84	__use__ = tuple(__depends_cubes__)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	85
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	86	Notice that you can express minimal version of the cube that should be used,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	87	`None` meaning whatever version available.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	88
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	89	Step 3: glue everything together in my cube's schema
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	90	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	91
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	92	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	93
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	94	from yams.buildobjs import RelationDefinition
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	95
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	96	class comments(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	97	subject = 'Comment'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	98	object = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	99	cardinality = '1*'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	100	composite = 'object'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	101
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	102	class tags(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	103	subject = 'Tag'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	104	object = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	105
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	106	class filed_under(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	107	subject = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	108	object = 'Folder'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	109
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	110	class situated_in(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	111	subject = 'Image'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	112	object = 'Zone'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	113
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	114	class displayed_on(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	115	subject = 'Person'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	116	object = 'Image'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	117
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	118
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	119	This schema:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	120
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	121	* allows to comment and tag on `File` and `Image` entity types by adding the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	122	`comments` and `tags` relations. This should be all we've to do for this
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	123	feature since the related cubes provide 'pluggable section' which are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	124	automatically displayed on the primary view of entity types supporting the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	125	relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	126
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	127	* adds a `situated_in` relation definition so that image entities can be
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	128	geolocalized.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	129
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	130	* add a new relation `displayed_on` relation telling who can be seen on a
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	131	picture.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	132
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	133	This schema will probably have to evolve as time goes (for security handling at
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	134	least), but since the possibility to let a schema evolve is one of CubicWeb's
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	135	features (and goals), we won't worry about it for now and see that later when needed.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	136
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	137
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	138	Step 4: creating the instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	139	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	140
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	141	Now that I have a schema, I want to create an instance. To
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	142	do so using this new 'sytweb' cube, I run::
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	143
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	144	cubicweb-ctl create sytweb sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	145
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	146	Hint: if you get an error while the database is initialized, you can
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	147	avoid having to answer the questions again by running::
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	148
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	149	cubicweb-ctl db-create sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	150
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	151	This will use your already configured instance and start directly from the create
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	152	database step, thus skipping questions asked by the 'create' command.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	153
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	154	Once the instance and database are fully initialized, run ::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	155
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	156	cubicweb-ctl start sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	157
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	158	to start the instance, check you can connect on it, etc...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	159
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	160
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	161	Security, testing and migration
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	162	-------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	163
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	164	This part will cover various topics:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	165
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	166	* configuring security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	167	* migrating existing instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	168	* writing some unit tests
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	169
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	170	Here is the ``read`` security model I want:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	171
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	172	* folders, files, images and comments should have one of the following visibility:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	173	- ``public``, everyone can see it
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	174	- ``authenticated``, only authenticated users can see it
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	175	- ``restricted``, only a subset of authenticated users can see it
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	176	* managers (e.g. me) can see everything
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	177	* only authenticated users can see people
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	178	* everyone can see classifier entities, such as tag and zone
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	179
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	180	Also, unless explicitly specified, the visibility of an image should be the same as
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	181	its parent folder, as well as visibility of a comment should be the same as the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	182	commented entity. If there is no parent entity, the default visibility is
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	183	``authenticated``.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	184
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	185	Regarding write security, that's much easier:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	186	* anonymous can't write anything
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	187	* authenticated users can only add comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	188	* managers will add the remaining stuff
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	189
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	190	Now, let's implement that!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	191
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	192	Proper security in CubicWeb is done at the schema level, so you don't have to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	193	bother with it in views: users will only see what they can see automatically.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	194
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	195	.. _adv_tuto_security:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	196
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	197	Step 1: configuring security into the schema
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	198	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	199
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	200	In schema, you can grant access according to groups, or to some RQL expressions:
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	201	users get access if the expression returns some results. To implement the read
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	202	security defined earlier, groups are not enough, we'll need some RQL expression. Here
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	203	is the idea:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	204
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	205	* add a `visibility` attribute on Folder, Image and Comment, which may be one of
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	206	the value explained above
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	207
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	208	* add a `may_be_read_by` relation from Folder, Image and Comment to users,
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	209	which will define who can see the entity
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	210
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	211	* security propagation will be done in hook.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	212
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	213	So the first thing to do is to modify my cube's schema.py to define those
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	214	relations:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	215
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	216	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	217
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	218	from yams.constraints import StaticVocabularyConstraint
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	219
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	220	class visibility(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	221	subject = ('Folder', 'File', 'Image', 'Comment')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	222	object = 'String'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	223	constraints = [StaticVocabularyConstraint(('public', 'authenticated',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	224	'restricted', 'parent'))]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	225	default = 'parent'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	226	cardinality = '11' # required
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	227
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	228	class may_be_read_by(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	229	subject = ('Folder', 'File', 'Image', 'Comment',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	230	object = 'CWUser'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	231
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	232	We can note the following points:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	233
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	234	* we've added a new `visibility` attribute to folder, file, image and comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	235	using a `RelationDefinition`
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	236
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	237	* `cardinality = '11'` means this attribute is required. This is usually hidden
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	238	under the `required` argument given to the `String` constructor, but we can
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	239	rely on this here (same thing for StaticVocabularyConstraint, which is usually
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	240	hidden by the `vocabulary` argument)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	241
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	242	* the `parent` possible value will be used for visibility propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	243
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	244	Now, we should be able to define security rules in the schema, based on these new
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	245	attribute and relation. Here is the code to add to schema.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	246
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	247	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	248
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	249	from cubicweb.schema import ERQLExpression
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	250
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	251	VISIBILITY_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	252	'read': ('managers',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	253	ERQLExpression('X visibility "public"'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	254	ERQLExpression('X may_be_read_by U')),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	255	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	256	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	257	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	258	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	259	AUTH_ONLY_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	260	'read': ('managers', 'users'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	261	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	262	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	263	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	264	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	265	CLASSIFIERS_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	266	'read': ('managers', 'users', 'guests'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	267	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	268	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	269	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	270	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	271
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	272	from cubes.folder.schema import Folder
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	273	from cubes.file.schema import File, Image
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	274	from cubes.comment.schema import Comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	275	from cubes.person.schema import Person
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	276	from cubes.zone.schema import Zone
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	277	from cubes.tag.schema import Tag
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	278
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	279	Folder.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	280	File.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	281	Image.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	282	Comment.__permissions__ = VISIBILITY_PERMISSIONS.copy()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	283	Comment.__permissions__['add'] = ('managers', 'users',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	284	Person.__permissions__ = AUTH_ONLY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	285	Zone.__permissions__ = CLASSIFIERS_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	286	Tag.__permissions__ = CLASSIFIERS_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	287
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	288	What's important in there:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	289
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	290	* `VISIBILITY_PERMISSIONS` provides read access to managers group, if
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	291	`visibility` attribute's value is 'public', or if user (designed by the 'U'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	292	variable in the expression) is linked to the entity (the 'X' variable) through
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	293	the `may_read` permission
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	294
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	295	* we modify permissions of the entity types we use by importing them and
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	296	modifying their `__permissions__` attribute
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	297
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	298	* notice the `.copy()`: we only want to modify 'add' permission for `Comment`,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	299	not for all entity types using `VISIBILITY_PERMISSIONS`!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	300
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	301	* the remaining part of the security model is done using regular groups:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	302
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	303	- `users` is the group to which all authenticated users will belong
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	304	- `guests` is the group of anonymous users
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	305
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	306
5259 61505346e28f [doc/book] add a ref from hooks to adv tutorial Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 5253 diff changeset	307	.. _adv_tuto_security_propagation:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	308
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	309	Step 2: security propagation in hooks
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	310	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	311
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	312	To fullfill the requirements, we have to implement::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	313
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	314	Also, unless explicity specified, visibility of an image should be the same as
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	315	its parent folder, as well as visibility of a comment should be the same as the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	316	commented entity.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	317
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	318	This kind of `active` rule will be done using CubicWeb's hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	319	system. Hooks are triggered on database event such as addition of new
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	320	entity or relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	321
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	322	The tricky part of the requirement is in unless explicitly specified, notably
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	323	because when the entity is added, we don't know yet its 'parent'
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	324	entity (e.g. Folder of an Image, Image commented by a Comment). To handle such things,
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	325	CubicWeb provides `Operation`, which allow to schedule things to do at commit time.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	326
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	327	In our case we will:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	328
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	329	* on entity creation, schedule an operation that will set default visibility
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	330
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	331	* when a "parent" relation is added, propagate parent's visibility unless the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	332	child already has a visibility set
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	333
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	334	Here is the code in cube's hooks.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	335
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	336	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	337
6152 6824f8b61098 use is_instance in a number of places (esp. documentation) rather than the deprecated implements Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5608 diff changeset	338	from cubicweb.selectors import is_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	339	from cubicweb.server import hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	340
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	341	class SetVisibilityOp(hook.Operation):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	342	def precommit_event(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	343	for eid in self.session.transaction_data.pop('pending_visibility'):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	344	entity = self.session.entity_from_eid(eid)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	345	if entity.visibility == 'parent':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	346	entity.set_attributes(visibility=u'authenticated')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	347
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	348	class SetVisibilityHook(hook.Hook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	349	__regid__ = 'sytweb.setvisibility'
6152 6824f8b61098 use is_instance in a number of places (esp. documentation) rather than the deprecated implements Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5608 diff changeset	350	__select__ = hook.Hook.__select__ & is_instance('Folder', 'File', 'Image', 'Comment')
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	351	events = ('after_add_entity',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	352	def __call__(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	353	hook.set_operation(self._cw, 'pending_visibility', self.entity.eid,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	354	SetVisibilityOp)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	355
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	356	class SetParentVisibilityHook(hook.Hook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	357	__regid__ = 'sytweb.setparentvisibility'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	358	__select__ = hook.Hook.__select__ & hook.match_rtype('filed_under', 'comments')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	359	events = ('after_add_relation',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	360
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	361	def __call__(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	362	parent = self._cw.entity_from_eid(self.eidto)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	363	child = self._cw.entity_from_eid(self.eidfrom)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	364	if child.visibility == 'parent':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	365	child.set_attributes(visibility=parent.visibility)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	366
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	367	Notice:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	368
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	369	* hooks are application objects, hence have selectors that should match entity or
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	370	relation types to which the hook applies. To match a relation type, we use the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	371	hook specific `match_rtype` selector.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	372
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	373	* usage of `set_operation`: instead of adding an operation for each added entity,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	374	set_operation allows to create a single one and to store entity's eids to be
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	375	processed in session's transaction data. This is a good pratice to avoid heavy
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	376	operations manipulation cost when creating a lot of entities in the same
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	377	transaction.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	378
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	379	* the `precommit_event` method of the operation will be called at transaction's
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	380	commit time.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	381
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	382	* in a hook, `self._cw` is the repository session, not a web request as usually
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	383	in views
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	384
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	385	* according to hook's event, you have access to different attributes on the hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	386	instance. Here:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	387
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	388	- `self.entity` is the newly added entity on 'after_add_entity' events
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	389
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	390	- `self.eidfrom` / `self.eidto` are the eid of the subject / object entity on
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	391	'after_add_relatiohn' events (you may also get the relation type using
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	392	`self.rtype`)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	393
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	394	The `parent` visibility value is used to tell "propagate using parent security"
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	395	because we want that attribute to be required, so we can't use None value else
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	396	we'll get an error before we get any chance to propagate...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	397
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	398	Now, we also want to propagate the `may_be_read_by` relation. Fortunately,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	399	CubicWeb provides some base hook classes for such things, so we only have to add
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	400	the following code to hooks.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	401
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	402	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	403
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	404	# relations where the "parent" entity is the subject
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	405	S_RELS = set()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	406	# relations where the "parent" entity is the object
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	407	O_RELS = set(('filed_under', 'comments',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	408
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	409	class AddEntitySecurityPropagationHook(hook.PropagateSubjectRelationHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	410	"""propagate permissions when new entity are added"""
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	411	__regid__ = 'sytweb.addentity_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	412	__select__ = (hook.PropagateSubjectRelationHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	413	& hook.match_rtype_sets(S_RELS, O_RELS))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	414	main_rtype = 'may_be_read_by'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	415	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	416	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	417
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	418	class AddPermissionSecurityPropagationHook(hook.PropagateSubjectRelationAddHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	419	"""propagate permissions when new entity are added"""
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	420	__regid__ = 'sytweb.addperm_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	421	__select__ = (hook.PropagateSubjectRelationAddHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	422	& hook.match_rtype('may_be_read_by',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	423	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	424	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	425
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	426	class DelPermissionSecurityPropagationHook(hook.PropagateSubjectRelationDelHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	427	__regid__ = 'sytweb.delperm_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	428	__select__ = (hook.PropagateSubjectRelationDelHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	429	& hook.match_rtype('may_be_read_by',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	430	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	431	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	432
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	433	* the `AddEntitySecurityPropagationHook` will propagate the relation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	434	when `filed_under` or `comments` relations are added
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	435
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	436	- the `S_RELS` and `O_RELS` set as well as the `match_rtype_sets` selector are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	437	used here so that if my cube is used by another one, it'll be able to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	438	configure security propagation by simply adding relation to one of the two
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	439	sets.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	440
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	441	* the two others will propagate permissions changes on parent entities to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	442	children entities
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	443
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	444
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	445	.. _adv_tuto_tesing_security:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	446
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	447	Step 3: testing our security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	448	~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	449
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	450	Security is tricky. Writing some tests for it is a very good idea. You should
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	451	even write them first, as Test Driven Development recommends!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	452
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	453	Here is a small test case that will check the basis of our security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	454	model, in test/unittest_sytweb.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	455
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	456	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	457
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	458	from cubicweb.devtools.testlib import CubicWebTC
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	459	from cubicweb import Binary
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	460
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	461	class SecurityTC(CubicWebTC):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	462
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	463	def test_visibility_propagation(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	464	# create a user for later security checks
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	465	toto = self.create_user('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	466	# init some data using the default manager connection
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	467	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	468	folder = req.create_entity('Folder',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	469	name=u'restricted',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	470	visibility=u'restricted')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	471	photo1 = req.create_entity('Image',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	472	data_name=u'photo1.jpg',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	473	data=Binary('xxx'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	474	filed_under=folder)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	475	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	476	photo1.clear_all_caches() # good practice, avoid request cache effects
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	477	# visibility propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	478	self.assertEquals(photo1.visibility, 'restricted')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	479	# unless explicitly specified
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	480	photo2 = req.create_entity('Image',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	481	data_name=u'photo2.jpg',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	482	data=Binary('xxx'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	483	visibility=u'public',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	484	filed_under=folder)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	485	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	486	self.assertEquals(photo2.visibility, 'public')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	487	# test security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	488	self.login('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	489	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	490	self.assertEquals(len(req.execute('Image X')), 1) # only the public one
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	491	self.assertEquals(len(req.execute('Folder X')), 0) # restricted...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	492	# may_be_read_by propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	493	self.restore_connection()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	494	folder.set_relations(may_be_read_by=toto)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	495	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	496	photo1.clear_all_caches()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	497	self.failUnless(photo1.may_be_read_by)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	498	# test security with permissions
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	499	self.login('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	500	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	501	self.assertEquals(len(req.execute('Image X')), 2) # now toto has access to photo2
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	502	self.assertEquals(len(req.execute('Folder X')), 1) # and to restricted folder
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	503
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	504	if __name__ == '__main__':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	505	from logilab.common.testlib import unittest_main
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	506	unittest_main()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	507
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	508	It's not complete, but show most things you'll want to do in tests: adding some
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	509	content, creating users and connecting as them in the test, etc...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	510
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	511	To run it type:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	512
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	513	.. sourcecode:: bash
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	514
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	515	$ pytest unittest_sytweb.py
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	516	======================== unittest_sytweb.py ========================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	517	-> creating tables [....................]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	518	-> inserting default user and default groups.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	519	-> storing the schema in the database [....................]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	520	-> database for instance data initialized.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	521	.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	522	----------------------------------------------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	523	Ran 1 test in 22.547s
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	524
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	525	OK
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	526
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	527
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	528	The first execution is taking time, since it creates a sqlite database for the
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	529	test instance. The second one will be much quicker:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	530
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	531	.. sourcecode:: bash
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	532
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	533	$ pytest unittest_sytweb.py
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	534	======================== unittest_sytweb.py ========================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	535	.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	536	----------------------------------------------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	537	Ran 1 test in 2.662s
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	538
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	539	OK
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	540
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	541	If you do some changes in your schema, you'll have to force regeneration of that
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	542	database. You do that by removing the tmpdb files before running the test: ::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	543
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	544	$ rm tmpdb*
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	545
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	546
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	547	.. Note::
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	548	pytest is a very convenient utility used to control test execution. It is available from the `logilab-common`_ package.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	549
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	550	.. _`logilab-common`: http://www.logilab.org/project/logilab-common
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	551
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	552	.. _adv_tuto_migration_script:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	553
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	554	Step 4: writing the migration script and migrating the instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	555	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	556
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	557	Prior to those changes, I created an instance, feeded it with some data, so I
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	558	don't want to create a new one, but to migrate the existing one. Let's see how to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	559	do that.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	560
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	561	Migration commands should be put in the cube's migration directory, in a
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	562	file named file:`<X.Y.Z>_Any.py` ('Any' being there mostly for historical reason).
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	563
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	564	Here I'll create a migration/0.2.0_Any.py file containing the following
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	565	instructions:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	566
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	567	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	568
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	569	add_relation_type('may_be_read_by')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	570	add_relation_type('visibility')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	571	sync_schema_props_perms()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	572
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	573	Then I update the version number in cube's __pkginfo__.py to 0.2.0. And
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	574	that's it! Those instructions will:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	575
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	576	* update the instance's schema by adding our two new relations and update the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	577	underlying database tables accordingly (the two first instructions)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	578
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	579	* update schema's permissions definition (the last instruction)
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	580
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	581
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	582	To migrate my instance I simply type::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	583
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	584	cubicweb-ctl upgrade sytweb
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	585
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	586	I'll then be asked some questions to do the migration step by step. You should say
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	587	YES when it asks if a backup of your database should be done, so you can get back
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	588	to initial state if anything goes wrong...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	589

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Wed, 12 Jan 2011 14:57:31 +0100
branch	stable
changeset 6811	7f89e01d5a6f
parent 6152	6824f8b61098
child 6830	7a19a4f65573
permissions	-rw-r--r--