author | Laure Bourgois <Laure.Bourgois@logilab.fr> |
Mon, 23 Feb 2009 14:54:55 +0100 | |
changeset 925 | 84e823429f06 |
parent 301 | e47150482ac1 |
child 1159 | 16a426d214ae |
permissions | -rw-r--r-- |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
1 |
.. -*- coding: utf-8 -*- |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
2 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
3 |
Entity type definition |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
4 |
---------------------- |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
5 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
6 |
An entity type is defined by a Python class which inherits `EntityType`. The |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
7 |
class name correponds to the type name. Then the content of the class contains |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
8 |
the description of attributes and relations for the defined entity type, |
229
767ff7f5d5a7
[doc] Replace all : s/by example/for example/
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
171
diff
changeset
|
9 |
for example :: |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
10 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
11 |
class Personne(EntityType): |
301 | 12 |
"""A person with the properties and the relations necessary for my |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
13 |
application""" |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
14 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
15 |
last_name = String(required=True, fulltextindexed=True) |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
16 |
first_name = String(required=True, fulltextindexed=True) |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
17 |
title = String(vocabulary=('M', 'Mme', 'Mlle')) |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
18 |
date_of_birth = Date() |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
19 |
works_for = SubjectRelation('Company', cardinality='?*') |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
20 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
21 |
* the name of the Python attribute corresponds to the name of the attribute |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
22 |
or the relation in `CubicWeb` application. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
23 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
24 |
* all built-in types are available : `String`, `Int`, `Float`, |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
25 |
`Boolean`, `Date`, `Datetime`, `Time`, `Byte`. |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
26 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
27 |
* each entity type has at least the following meta-relations : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
28 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
29 |
- `eid` (`Int`) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
30 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
31 |
- `creation_date` (`Datetime`) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
32 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
33 |
- `modification_date` (`Datetime`) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
34 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
35 |
- `created_by` (`EUser`) (which user created the entity) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
36 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
37 |
- `owned_by` (`EUser`) (who does the entity belongs to, by default the |
301 | 38 |
creator but not necessary and it could have multiple owners) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
39 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
40 |
- `is` (`EEType`) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
41 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
42 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
43 |
* it is also possible to define relations of type object by using `ObjectRelation` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
44 |
instead of `SubjectRelation` |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
45 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
46 |
* the first argument of `SubjectRelation` and `ObjectRelation` gives respectively |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
47 |
the object/subject entity type of the relation. This could be : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
48 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
49 |
* a string corresponding to an entity type |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
50 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
51 |
* a tuple of string correponding to multiple entities types |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
52 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
53 |
* special string such as follows : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
54 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
55 |
- "**" : all types of entities |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
56 |
- "*" : all types of non-meta entities |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
57 |
- "@" : all types of meta entities but not system entities (e.g. used for |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
58 |
the basic schema description) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
59 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
60 |
* it is possible to use the attribute `meta` to flag an entity type as a `meta` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
61 |
(e.g. used to describe/categorize other entities) |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
62 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
63 |
* optional properties for attributes and relations : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
64 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
65 |
- `description` : string describing an attribute or a relation. By default |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
66 |
this string will be used in the editing form of the entity, which means |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
67 |
that it is supposed to help the end-user and should be flagged by the |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
68 |
function `_` to be properly internationalized. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
69 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
70 |
- `constraints` : list of conditions/constraints that the relation needs to |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
71 |
satisfy (c.f. `Contraints`_) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
72 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
73 |
- `cardinality` : two characters string which specify the cardinality of the |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
74 |
relation. The first character defines the cardinality of the relation on |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
75 |
the subject, the second on the object of the relation. When a relation |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
76 |
has multiple possible subjects or objects, the cardinality applies to all |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
77 |
and not on a one to one basis (so it must be consistent...). The possible |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
78 |
values are inspired from regular expressions syntax : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
79 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
80 |
* `1`: 1..1 |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
81 |
* `?`: 0..1 |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
82 |
* `+`: 1..n |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
83 |
* `*`: 0..n |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
84 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
85 |
- `meta` : boolean indicating that the relation is a meta-relation (false by |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
86 |
default) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
87 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
88 |
* optionnal properties for attributes : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
89 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
90 |
- `required` : boolean indicating if the attribute is required (false by default) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
91 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
92 |
- `unique` : boolean indicating if the value of the attribute has to be unique |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
93 |
or not within all entities of the same type (false by default) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
94 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
95 |
- `indexed` : boolean indicating if an index needs to be created for this |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
96 |
attribute in the database (false by default). This is usefull only if |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
97 |
you know that you will have to run numerous searches on the value of this |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
98 |
attribute. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
99 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
100 |
- `default` : default value of the attribute. In case of date types, the values |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
101 |
which could be used correpond to the RQL keywords `TODAY` and `NOW`. |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
102 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
103 |
- `vocabulary` : specify static possible values of an attribute |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
104 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
105 |
* optionnal properties of type `String` : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
106 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
107 |
- `fulltextindexed` : boolean indicating if the attribute is part of |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
108 |
the full text index (false by default) (*applicable on the type `Byte` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
109 |
as well*) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
110 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
111 |
- `internationalizable` : boolean indicating if the value of the attribute |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
112 |
is internationalizable (false by default) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
113 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
114 |
- `maxsize` : integer providing the maximum size of the string (no limit by default) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
115 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
116 |
* optionnal properties for relations : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
117 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
118 |
- `composite` : string indicating that the subject (composite == 'subject') |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
119 |
is composed of the objects of the relations. For the opposite case (when |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
120 |
the object is composed of the subjects of the relation), we just need |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
121 |
to set 'object' as the value. The composition implies that when the relation |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
122 |
is deleted (so when the composite is deleted), the composed are also deleted. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
123 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
124 |
Contraints |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
125 |
`````````` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
126 |
By default, the available constraints types are : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
127 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
128 |
* `SizeConstraint` : allows to specify a minimum and/or maximum size on |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
129 |
string (generic case of `maxsize`) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
130 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
131 |
* `BoundConstraint` : allows to specify a minimum and/or maximum value on |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
132 |
numeric types |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
133 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
134 |
* `UniqueConstraint` : identical to "unique=True" |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
135 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
136 |
* `StaticVocabularyConstraint` : identical to "vocabulary=(...)" |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
137 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
138 |
* `RQLConstraint` : allows to specify a RQL query that needs to be satisfied |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
139 |
by the subject and/or the object of the relation. In this query the variables |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
140 |
`S` and `O` are reserved for the entities subject and object of the |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
141 |
relation. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
142 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
143 |
* `RQLVocabularyConstraint` : similar to the previous type of constraint except |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
144 |
that it does not express a "strong" constraint, which means it is only used to |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
145 |
restrict the values listed in the drop-down menu of editing form, but it does |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
146 |
not prevent another entity to be selected |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
147 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
148 |
|
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
149 |
Relation definition |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
150 |
------------------- |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
151 |
|
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
152 |
XXX add note about defining relation type / definition |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
153 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
154 |
A relation is defined by a Python class heriting `RelationType`. The name |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
155 |
of the class corresponds to the name of the type. The class then contains |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
156 |
a description of the properties of this type of relation, and could as well |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
157 |
contains a string for the subject and a string for the object. This allows to create |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
158 |
new definition of associated relations, (so that the class can have the |
229
767ff7f5d5a7
[doc] Replace all : s/by example/for example/
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
171
diff
changeset
|
159 |
definition properties from the relation) for example :: |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
160 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
161 |
class locked_by(RelationType): |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
162 |
"""relation on all entities indicating that they are locked""" |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
163 |
inlined = True |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
164 |
cardinality = '?*' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
165 |
subject = '*' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
166 |
object = 'EUser' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
167 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
168 |
In addition to the permissions, the properties of the relation types |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
169 |
(shared also by all definition of relation of this type) are : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
170 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
171 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
172 |
* `inlined` : boolean handling the physical optimization for archiving |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
173 |
the relation in the subject entity table, instead of creating a specific |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
174 |
table for the relation. This applies to the relation when the cardinality |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
175 |
of subject->relation->object is 0..1 (`?`) or 1..1 (`1`) |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
176 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
177 |
* `symetric` : boolean indication that the relation is symetrical, which |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
178 |
means `X relation Y` implies `Y relation X` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
179 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
180 |
In the case of simultaneous relations definitions, `subject` and `object` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
181 |
can both be equal to the value of the first argument of `SubjectRelation` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
182 |
and `ObjectRelation`. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
183 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
184 |
When a relation is not inlined and not symetrical, and it does not require |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
185 |
specific permissions, its definition (by using `SubjectRelation` and |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
186 |
`ObjectRelation`) is all we need. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
187 |
|
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
188 |
|
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
189 |
The security model |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
190 |
------------------ |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
191 |
|
128
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
192 |
The security model of `cubicWeb` is based on `Access Control List`. |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
193 |
The main principles are: |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
194 |
|
128
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
195 |
* users and groups of users |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
196 |
* a user belongs to at least one group of user |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
197 |
* permissions (read, update, create, delete) |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
198 |
* permissions are assigned to groups (and not to users) |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
199 |
|
128
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
200 |
For `CubicWeb` in particular: |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
201 |
|
128
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
202 |
* we associate rights at the enttities/relations schema level |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
203 |
* for each entity, we distinguish four kind of permissions: read, |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
204 |
add, update and delete |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
205 |
* for each relation, we distinguish three king of permissions: read, |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
206 |
add and delete (we can not modify a relation) |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
207 |
* the basic groups are: Administrators, Users and Guests |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
208 |
* by default, users belongs to the group Users |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
209 |
* there is a virtual group called `Owners users` to which we |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
210 |
can associate only deletion and update permissions |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
211 |
* we can not add users to the `Owners users` group, they are |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
212 |
implicetely added to it according to the context of the objects |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
213 |
they own |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
214 |
* the permissions of this group are only be checked on update/deletion |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
215 |
actions if all the other groups the user belongs does not provide |
40edb9347b1b
[doc] Translation of security model section.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
127
diff
changeset
|
216 |
those permissions |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
217 |
|
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
218 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
219 |
Permissions definition |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
220 |
`````````````````````` |
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
221 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
222 |
Define permissions is set through to the attribute `permissions` of entities and |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
223 |
relations types. It defines a dictionnary where the keys are the access types |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
224 |
(action), and the values are the authorized groups or expressions. |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
225 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
226 |
For an entity type, the possible actions are `read`, `add`, `update` and |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
227 |
`delete`. |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
228 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
229 |
For a relation type, the possible actions are `read`, `add`, and `delete`. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
230 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
231 |
For each access type, a tuple indicates the name of the authorized groups and/or |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
232 |
one or multiple RQL expressions to satisfy to grant access. The access is |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
233 |
provided once the user is in the listed groups or one of the RQL condition is |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
234 |
satisfied. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
235 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
236 |
The standard groups are : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
237 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
238 |
* `guests` |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
239 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
240 |
* `users` |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
241 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
242 |
* `managers` |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
243 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
244 |
* `owners` : virtual group corresponding to the entity's owner. |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
245 |
This can only be used for the actions `update` and `delete` of an entity |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
246 |
type. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
247 |
|
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
248 |
It is also possible to use specific groups if they are defined in the precreate |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
249 |
of the cube (``migration/precreate.py``). |
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
250 |
|
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
251 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
252 |
Use of RQL expression for writing rights |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
253 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
254 |
It is possible to define RQL expression to provide update permission |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
255 |
(`add`, `delete` and `update`) on relation and entity types. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
256 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
257 |
RQL expression for entity type permission : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
258 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
259 |
* you have to use the class `ERQLExpression` |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
260 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
261 |
* the used expression corresponds to the WHERE statement of an RQL query |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
262 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
263 |
* in this expression, the variables X and U are pre-defined references |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
264 |
respectively on the current entity (on which the action is verified) and |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
265 |
on the user who send the request |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
266 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
267 |
* it is possible to use, in this expression, a special relation |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
268 |
"has_<ACTION>_permission" where the subject is the user and the |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
269 |
object is a any variable, meaning that the user needs to have |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
270 |
permission to execute the action <ACTION> on the entities related |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
271 |
to this variable |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
272 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
273 |
For RQL expressions on a relation type, the principles are the same except |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
274 |
for the following : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
275 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
276 |
* you have to use the class `RQLExpression` in the case of a non-final relation |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
277 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
278 |
* in the expression, the variables S, O and U are pre-defined references |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
279 |
to respectively the subject and the object of the current relation (on |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
280 |
which the action is being verified) and the user who executed the query |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
281 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
282 |
* we can also defined rights on attributes of an entity (non-final relation), |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
283 |
knowing that : |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
284 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
285 |
- to defines RQL expression, we have to use the class `ERQLExpression` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
286 |
in which X represents the entity the attribute belongs to |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
287 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
288 |
- the permissions `add` and `delete` are equivalent. Only `add`/`read` |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
289 |
are actually taken in consideration. |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
290 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
291 |
In addition to that the entity type `EPermission` from the standard library |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
292 |
allow to build very complex and dynamic security architecture. The schema of |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
293 |
this entity type is as follow : :: |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
294 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
295 |
class EPermission(MetaEntityType): |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
296 |
"""entity type that may be used to construct some advanced security configuration |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
297 |
""" |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
298 |
name = String(required=True, indexed=True, internationalizable=True, maxsize=100) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
299 |
require_group = SubjectRelation('EGroup', cardinality='+*', |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
300 |
description=_('groups to which the permission is granted')) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
301 |
require_state = SubjectRelation('State', |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
302 |
description=_("entity'state in which the permission is applyable")) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
303 |
# can be used on any entity |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
304 |
require_permission = ObjectRelation('**', cardinality='*1', composite='subject', |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
305 |
description=_("link a permission to the entity. This " |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
306 |
"permission should be used in the security " |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
307 |
"definition of the entity's type to be useful.")) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
308 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
309 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
310 |
Example of configuration :: |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
311 |
|
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
312 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
313 |
... |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
314 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
315 |
class Version(EntityType): |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
316 |
"""a version is defining the content of a particular project's release""" |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
317 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
318 |
permissions = {'read': ('managers', 'users', 'guests',), |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
319 |
'update': ('managers', 'logilab', 'owners',), |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
320 |
'delete': ('managers', ), |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
321 |
'add': ('managers', 'logilab', |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
322 |
ERQLExpression('X version_of PROJ, U in_group G,' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
323 |
'PROJ require_permission P, P name "add_version",' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
324 |
'P require_group G'),)} |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
325 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
326 |
... |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
327 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
328 |
class version_of(RelationType): |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
329 |
"""link a version to its project. A version is necessarily linked to one and only one project. |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
330 |
""" |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
331 |
permissions = {'read': ('managers', 'users', 'guests',), |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
332 |
'delete': ('managers', ), |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
333 |
'add': ('managers', 'logilab', |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
334 |
RRQLExpression('O require_permission P, P name "add_version",' |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
335 |
'U in_group G, P require_group G'),) |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
336 |
} |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
337 |
inlined = True |
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
338 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
339 |
This configuration indicates that an entity `EPermission` named |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
340 |
"add_version" can be associated to a project and provides rights to create |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
341 |
new versions on this project to specific groups. It is important to notice that : |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
342 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
343 |
* in such case, we have to protect both the entity type "Version" and the relation |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
344 |
associating a version to a project ("version_of") |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
345 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
346 |
* because of the genricity of the entity type `EPermission`, we have to execute |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
347 |
a unification with the groups and/or the states if necessary in the expression |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
348 |
("U in_group G, P require_group G" in the above example) |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
349 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
350 |
Use of RQL expression for reading rights |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
351 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
352 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
353 |
The principles are the same but with the following restrictions : |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
354 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
355 |
* we can not use `RRQLExpression` on relation types for reading |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
356 |
|
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
357 |
* special relations "has_<ACTION>_permission" can not be used |
93
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
358 |
|
9c919a47e140
[doc] total file reorganisation - phase 1 complete
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
diff
changeset
|
359 |
|
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
360 |
Note on the use of RQL expression for `add` permission |
122
ac5ea13f8945
merged into the security definition section
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
101
diff
changeset
|
361 |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
101
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
362 |
Potentially, the use of an RQL expression to add an entity or a relation |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
363 |
can cause problems for the user interface, because if the expression uses |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
364 |
the entity or the relation to create, then we are not able to verify the |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
365 |
permissions before we actually add the entity (please note that this is |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
366 |
not a problem for the RQL server at all, because the permissions checks are |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
367 |
done after the creation). In such case, the permission check methods |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
368 |
(check_perm, has_perm) can indicate that the user is not allowed to create |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
369 |
this entity but can obtain the permission. |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
370 |
To compensate this problem, it is usually necessary, for such case, |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
371 |
to use an action that reflects the schema permissions but which enables |
c9138325b89f
[doc] Initial translation for data model chapter.
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
93
diff
changeset
|
372 |
to check properly the permissions so that it would show up if necessary. |
171
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
373 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
374 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
375 |
Updating your application with your new schema |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
376 |
`````````````````````````````````````````````` |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
377 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
378 |
You have to get a shell on your application :: |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
379 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
380 |
cubicweb-ctl shell moninstance |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
381 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
382 |
and type :: |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
383 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
384 |
add_entity_type('Personne') |
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
385 |
|
c7d6a465b951
updates done to documentation after following instructions for a new cube
Arthur Lutz <arthur.lutz@logilab.fr>
parents:
128
diff
changeset
|
386 |
And restart your application! |