cubicweb: doc/book/en/tutorials/advanced/index.rst@8fe4b003c1bc (annotated)

5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	1	.. _advanced_tutorial:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	2
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	3	Building a photo gallery with CubicWeb
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	4	======================================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	5
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	6	Desired features
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	7	----------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	8
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	9	* basically a photo gallery
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	10
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	11	* photo stored on the file system and displayed dynamically through a web interface
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	12
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	13	* navigation through folder (album), tags, geographical zone, people on the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	14	picture... using facets
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	15
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	16	* advanced security (not everyone can see everything). More on this later.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	17
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	18
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	19	Cube creation and schema definition
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	20	-----------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	21
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	22	.. _adv_tuto_create_new_cube:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	23
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	24	Step 1: creating a new cube for my web site
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	25	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	26
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	27	One note about my development environment: I wanted to use the packaged
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	28	version of CubicWeb and cubes while keeping my cube in my user
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	29	directory, let's say `~src/cubes`. I achieve this by setting the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	30	following environment variables::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	31
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	32	CW_CUBES_PATH=~/src/cubes
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	33	CW_MODE=user
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	34
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	35	I can now create the cube which will hold custom code for this web
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	36	site using::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	37
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	38	cubicweb-ctl newcube --directory=~/src/cubes sytweb
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	39
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	40
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	41	.. _adv_tuto_assemble_cubes:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	42
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	43	Step 2: pick building blocks into existing cubes
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	44	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	45
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	46	Almost everything I want to handle in my web-site is somehow already modelized in
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	47	existing cubes that I'll extend for my need. So I'll pick the following cubes:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	48
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	49	* `folder`, containing the `Folder` entity type, which will be used as
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	50	both 'album' and a way to map file system folders. Entities are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	51	added to a given folder using the `filed_under` relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	52
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	53	* `file`, containing `File` and `Image` entity types, gallery view,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	54	and a file system import utility.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	55
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	56	* `zone`, containing the `Zone` entity type for hierarchical geographical
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	57	zones. Entities (including sub-zones) are added to a given zone using the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	58	`situated_in` relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	59
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	60	* `person`, containing the `Person` entity type plus some basic views.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	61
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	62	* `comment`, providing a full commenting system allowing one to comment entity types
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	63	supporting the `comments` relation by adding a `Comment` entity.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	64
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	65	* `tag`, providing a full tagging system as an easy and powerful way to classify
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	66	entities supporting the `tags` relation by linking the to `Tag` entities. This
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	67	will allows navigation into a large number of picture.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	68
6833 8fe4b003c1bc [doc] some ReST syntax fixes Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6832 diff changeset	69	Ok, now I'll tell my cube requires all this by editing :file:`cubes/sytweb/__pkginfo__.py`:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	70
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	71	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	72
6832 f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	73	__depends__ = {'cubicweb': '>= 3.8.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	74	'cubicweb-file': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	75	'cubicweb-folder': '>= 1.1.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	76	'cubicweb-person': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	77	'cubicweb-comment': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	78	'cubicweb-tag': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	79	'cubicweb-zone': None}
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	80
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	81	Notice that you can express minimal version of the cube that should be used,
6832 f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	82	`None` meaning whatever version available. All packages starting with 'cubicweb-'
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	83	will be recognized as being cube, not bare python packages. You can still specify
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	84	this explicitly using instead the `__depends_cubes__` dictionary which should
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	85	contains cube's name without the prefix. So the example below would be written
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	86	as:
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	87
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	88	.. sourcecode:: python
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	89
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	90	__depends__ = {'cubicweb': '>= 3.8.0'}
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	91	__depends_cubes__ = {'file': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	92	'folder': '>= 1.1.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	93	'person': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	94	'comment': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	95	'tag': '>= 1.2.0',
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	96	'zone': None}
f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	97
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	98
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	99	Step 3: glue everything together in my cube's schema
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	100	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	101
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	102	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	103
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	104	from yams.buildobjs import RelationDefinition
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	105
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	106	class comments(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	107	subject = 'Comment'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	108	object = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	109	cardinality = '1*'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	110	composite = 'object'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	111
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	112	class tags(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	113	subject = 'Tag'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	114	object = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	115
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	116	class filed_under(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	117	subject = ('File', 'Image')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	118	object = 'Folder'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	119
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	120	class situated_in(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	121	subject = 'Image'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	122	object = 'Zone'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	123
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	124	class displayed_on(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	125	subject = 'Person'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	126	object = 'Image'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	127
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	128
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	129	This schema:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	130
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	131	* allows to comment and tag on `File` and `Image` entity types by adding the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	132	`comments` and `tags` relations. This should be all we've to do for this
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	133	feature since the related cubes provide 'pluggable section' which are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	134	automatically displayed on the primary view of entity types supporting the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	135	relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	136
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	137	* adds a `situated_in` relation definition so that image entities can be
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	138	geolocalized.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	139
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	140	* add a new relation `displayed_on` relation telling who can be seen on a
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	141	picture.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	142
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	143	This schema will probably have to evolve as time goes (for security handling at
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	144	least), but since the possibility to let a schema evolve is one of CubicWeb's
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	145	features (and goals), we won't worry about it for now and see that later when needed.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	146
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	147
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	148	Step 4: creating the instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	149	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	150
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	151	Now that I have a schema, I want to create an instance. To
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	152	do so using this new 'sytweb' cube, I run::
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	153
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	154	cubicweb-ctl create sytweb sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	155
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	156	Hint: if you get an error while the database is initialized, you can
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	157	avoid having to answer the questions again by running::
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	158
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	159	cubicweb-ctl db-create sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	160
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	161	This will use your already configured instance and start directly from the create
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	162	database step, thus skipping questions asked by the 'create' command.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	163
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	164	Once the instance and database are fully initialized, run ::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	165
5350 49c065ae225e [doc] replace c-c with cubicweb-ctl Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5259 diff changeset	166	cubicweb-ctl start sytweb_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	167
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	168	to start the instance, check you can connect on it, etc...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	169
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	170
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	171	Security, testing and migration
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	172	-------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	173
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	174	This part will cover various topics:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	175
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	176	* configuring security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	177	* migrating existing instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	178	* writing some unit tests
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	179
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	180	Here is the ``read`` security model I want:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	181
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	182	* folders, files, images and comments should have one of the following visibility:
6833 8fe4b003c1bc [doc] some ReST syntax fixes Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6832 diff changeset	183
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	184	- ``public``, everyone can see it
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	185	- ``authenticated``, only authenticated users can see it
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	186	- ``restricted``, only a subset of authenticated users can see it
6833 8fe4b003c1bc [doc] some ReST syntax fixes Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6832 diff changeset	187
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	188	* managers (e.g. me) can see everything
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	189	* only authenticated users can see people
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	190	* everyone can see classifier entities, such as tag and zone
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	191
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	192	Also, unless explicitly specified, the visibility of an image should be the same as
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	193	its parent folder, as well as visibility of a comment should be the same as the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	194	commented entity. If there is no parent entity, the default visibility is
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	195	``authenticated``.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	196
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	197	Regarding write security, that's much easier:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	198	* anonymous can't write anything
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	199	* authenticated users can only add comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	200	* managers will add the remaining stuff
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	201
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	202	Now, let's implement that!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	203
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	204	Proper security in CubicWeb is done at the schema level, so you don't have to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	205	bother with it in views: users will only see what they can see automatically.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	206
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	207	.. _adv_tuto_security:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	208
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	209	Step 1: configuring security into the schema
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	210	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	211
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	212	In schema, you can grant access according to groups, or to some RQL expressions:
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	213	users get access if the expression returns some results. To implement the read
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	214	security defined earlier, groups are not enough, we'll need some RQL expression. Here
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	215	is the idea:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	216
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	217	* add a `visibility` attribute on Folder, Image and Comment, which may be one of
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	218	the value explained above
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	219
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	220	* add a `may_be_read_by` relation from Folder, Image and Comment to users,
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	221	which will define who can see the entity
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	222
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	223	* security propagation will be done in hook.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	224
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	225	So the first thing to do is to modify my cube's schema.py to define those
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	226	relations:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	227
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	228	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	229
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	230	from yams.constraints import StaticVocabularyConstraint
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	231
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	232	class visibility(RelationDefinition):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	233	subject = ('Folder', 'File', 'Image', 'Comment')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	234	object = 'String'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	235	constraints = [StaticVocabularyConstraint(('public', 'authenticated',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	236	'restricted', 'parent'))]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	237	default = 'parent'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	238	cardinality = '11' # required
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	239
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	240	class may_be_read_by(RelationDefinition):
6830 7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	241	__permissions__ = {
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	242	'read': ('managers', 'users'),
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	243	'add': ('managers',),
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	244	'delete': ('managers',),
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	245	}
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	246
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	247	subject = ('Folder', 'File', 'Image', 'Comment',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	248	object = 'CWUser'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	249
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	250	We can note the following points:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	251
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	252	* we've added a new `visibility` attribute to folder, file, image and comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	253	using a `RelationDefinition`
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	254
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	255	* `cardinality = '11'` means this attribute is required. This is usually hidden
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	256	under the `required` argument given to the `String` constructor, but we can
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	257	rely on this here (same thing for StaticVocabularyConstraint, which is usually
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	258	hidden by the `vocabulary` argument)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	259
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	260	* the `parent` possible value will be used for visibility propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	261
6830 7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	262	* think to secure the `may_be_read_by` permissions, else any user can add/delte it
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	263	by default, which somewhat breaks our security model...
7a19a4f65573 [doc] fix security bug in photo web site tutorial Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6152 diff changeset	264
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	265	Now, we should be able to define security rules in the schema, based on these new
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	266	attribute and relation. Here is the code to add to schema.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	267
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	268	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	269
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	270	from cubicweb.schema import ERQLExpression
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	271
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	272	VISIBILITY_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	273	'read': ('managers',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	274	ERQLExpression('X visibility "public"'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	275	ERQLExpression('X may_be_read_by U')),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	276	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	277	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	278	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	279	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	280	AUTH_ONLY_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	281	'read': ('managers', 'users'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	282	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	283	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	284	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	285	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	286	CLASSIFIERS_PERMISSIONS = {
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	287	'read': ('managers', 'users', 'guests'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	288	'add': ('managers',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	289	'update': ('managers', 'owners',),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	290	'delete': ('managers', 'owners'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	291	}
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	292
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	293	from cubes.folder.schema import Folder
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	294	from cubes.file.schema import File, Image
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	295	from cubes.comment.schema import Comment
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	296	from cubes.person.schema import Person
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	297	from cubes.zone.schema import Zone
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	298	from cubes.tag.schema import Tag
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	299
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	300	Folder.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	301	File.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	302	Image.__permissions__ = VISIBILITY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	303	Comment.__permissions__ = VISIBILITY_PERMISSIONS.copy()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	304	Comment.__permissions__['add'] = ('managers', 'users',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	305	Person.__permissions__ = AUTH_ONLY_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	306	Zone.__permissions__ = CLASSIFIERS_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	307	Tag.__permissions__ = CLASSIFIERS_PERMISSIONS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	308
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	309	What's important in there:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	310
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	311	* `VISIBILITY_PERMISSIONS` provides read access to managers group, if
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	312	`visibility` attribute's value is 'public', or if user (designed by the 'U'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	313	variable in the expression) is linked to the entity (the 'X' variable) through
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	314	the `may_read` permission
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	315
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	316	* we modify permissions of the entity types we use by importing them and
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	317	modifying their `__permissions__` attribute
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	318
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	319	* notice the `.copy()`: we only want to modify 'add' permission for `Comment`,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	320	not for all entity types using `VISIBILITY_PERMISSIONS`!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	321
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	322	* the remaining part of the security model is done using regular groups:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	323
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	324	- `users` is the group to which all authenticated users will belong
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	325	- `guests` is the group of anonymous users
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	326
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	327
5259 61505346e28f [doc/book] add a ref from hooks to adv tutorial Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 5253 diff changeset	328	.. _adv_tuto_security_propagation:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	329
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	330	Step 2: security propagation in hooks
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	331	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	332
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	333	To fullfill the requirements, we have to implement::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	334
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	335	Also, unless explicity specified, visibility of an image should be the same as
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	336	its parent folder, as well as visibility of a comment should be the same as the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	337	commented entity.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	338
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	339	This kind of `active` rule will be done using CubicWeb's hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	340	system. Hooks are triggered on database event such as addition of new
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	341	entity or relation.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	342
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	343	The tricky part of the requirement is in unless explicitly specified, notably
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	344	because when the entity is added, we don't know yet its 'parent'
f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	345	entity (e.g. Folder of an Image, Image commented by a Comment). To handle such things,
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	346	CubicWeb provides `Operation`, which allow to schedule things to do at commit time.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	347
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	348	In our case we will:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	349
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	350	* on entity creation, schedule an operation that will set default visibility
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	351
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	352	* when a "parent" relation is added, propagate parent's visibility unless the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	353	child already has a visibility set
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	354
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	355	Here is the code in cube's hooks.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	356
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	357	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	358
6152 6824f8b61098 use is_instance in a number of places (esp. documentation) rather than the deprecated implements Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5608 diff changeset	359	from cubicweb.selectors import is_instance
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	360	from cubicweb.server import hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	361
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	362	class SetVisibilityOp(hook.Operation):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	363	def precommit_event(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	364	for eid in self.session.transaction_data.pop('pending_visibility'):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	365	entity = self.session.entity_from_eid(eid)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	366	if entity.visibility == 'parent':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	367	entity.set_attributes(visibility=u'authenticated')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	368
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	369	class SetVisibilityHook(hook.Hook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	370	__regid__ = 'sytweb.setvisibility'
6152 6824f8b61098 use is_instance in a number of places (esp. documentation) rather than the deprecated implements Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5608 diff changeset	371	__select__ = hook.Hook.__select__ & is_instance('Folder', 'File', 'Image', 'Comment')
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	372	events = ('after_add_entity',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	373	def __call__(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	374	hook.set_operation(self._cw, 'pending_visibility', self.entity.eid,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	375	SetVisibilityOp)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	376
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	377	class SetParentVisibilityHook(hook.Hook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	378	__regid__ = 'sytweb.setparentvisibility'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	379	__select__ = hook.Hook.__select__ & hook.match_rtype('filed_under', 'comments')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	380	events = ('after_add_relation',)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	381
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	382	def __call__(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	383	parent = self._cw.entity_from_eid(self.eidto)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	384	child = self._cw.entity_from_eid(self.eidfrom)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	385	if child.visibility == 'parent':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	386	child.set_attributes(visibility=parent.visibility)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	387
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	388	Notice:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	389
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	390	* hooks are application objects, hence have selectors that should match entity or
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	391	relation types to which the hook applies. To match a relation type, we use the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	392	hook specific `match_rtype` selector.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	393
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	394	* usage of `set_operation`: instead of adding an operation for each added entity,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	395	set_operation allows to create a single one and to store entity's eids to be
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	396	processed in session's transaction data. This is a good pratice to avoid heavy
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	397	operations manipulation cost when creating a lot of entities in the same
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	398	transaction.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	399
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	400	* the `precommit_event` method of the operation will be called at transaction's
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	401	commit time.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	402
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	403	* in a hook, `self._cw` is the repository session, not a web request as usually
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	404	in views
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	405
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	406	* according to hook's event, you have access to different attributes on the hook
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	407	instance. Here:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	408
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	409	- `self.entity` is the newly added entity on 'after_add_entity' events
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	410
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	411	- `self.eidfrom` / `self.eidto` are the eid of the subject / object entity on
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	412	'after_add_relatiohn' events (you may also get the relation type using
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	413	`self.rtype`)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	414
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	415	The `parent` visibility value is used to tell "propagate using parent security"
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	416	because we want that attribute to be required, so we can't use None value else
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	417	we'll get an error before we get any chance to propagate...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	418
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	419	Now, we also want to propagate the `may_be_read_by` relation. Fortunately,
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	420	CubicWeb provides some base hook classes for such things, so we only have to add
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	421	the following code to hooks.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	422
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	423	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	424
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	425	# relations where the "parent" entity is the subject
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	426	S_RELS = set()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	427	# relations where the "parent" entity is the object
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	428	O_RELS = set(('filed_under', 'comments',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	429
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	430	class AddEntitySecurityPropagationHook(hook.PropagateSubjectRelationHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	431	"""propagate permissions when new entity are added"""
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	432	__regid__ = 'sytweb.addentity_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	433	__select__ = (hook.PropagateSubjectRelationHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	434	& hook.match_rtype_sets(S_RELS, O_RELS))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	435	main_rtype = 'may_be_read_by'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	436	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	437	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	438
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	439	class AddPermissionSecurityPropagationHook(hook.PropagateSubjectRelationAddHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	440	"""propagate permissions when new entity are added"""
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	441	__regid__ = 'sytweb.addperm_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	442	__select__ = (hook.PropagateSubjectRelationAddHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	443	& hook.match_rtype('may_be_read_by',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	444	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	445	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	446
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	447	class DelPermissionSecurityPropagationHook(hook.PropagateSubjectRelationDelHook):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	448	__regid__ = 'sytweb.delperm_security_propagation'
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	449	__select__ = (hook.PropagateSubjectRelationDelHook.__select__
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	450	& hook.match_rtype('may_be_read_by',))
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	451	subject_relations = S_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	452	object_relations = O_RELS
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	453
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	454	* the `AddEntitySecurityPropagationHook` will propagate the relation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	455	when `filed_under` or `comments` relations are added
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	456
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	457	- the `S_RELS` and `O_RELS` set as well as the `match_rtype_sets` selector are
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	458	used here so that if my cube is used by another one, it'll be able to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	459	configure security propagation by simply adding relation to one of the two
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	460	sets.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	461
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	462	* the two others will propagate permissions changes on parent entities to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	463	children entities
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	464
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	465
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	466	.. _adv_tuto_tesing_security:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	467
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	468	Step 3: testing our security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	469	~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	470
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	471	Security is tricky. Writing some tests for it is a very good idea. You should
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	472	even write them first, as Test Driven Development recommends!
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	473
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	474	Here is a small test case that will check the basis of our security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	475	model, in test/unittest_sytweb.py:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	476
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	477	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	478
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	479	from cubicweb.devtools.testlib import CubicWebTC
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	480	from cubicweb import Binary
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	481
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	482	class SecurityTC(CubicWebTC):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	483
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	484	def test_visibility_propagation(self):
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	485	# create a user for later security checks
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	486	toto = self.create_user('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	487	# init some data using the default manager connection
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	488	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	489	folder = req.create_entity('Folder',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	490	name=u'restricted',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	491	visibility=u'restricted')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	492	photo1 = req.create_entity('Image',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	493	data_name=u'photo1.jpg',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	494	data=Binary('xxx'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	495	filed_under=folder)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	496	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	497	photo1.clear_all_caches() # good practice, avoid request cache effects
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	498	# visibility propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	499	self.assertEquals(photo1.visibility, 'restricted')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	500	# unless explicitly specified
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	501	photo2 = req.create_entity('Image',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	502	data_name=u'photo2.jpg',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	503	data=Binary('xxx'),
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	504	visibility=u'public',
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	505	filed_under=folder)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	506	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	507	self.assertEquals(photo2.visibility, 'public')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	508	# test security
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	509	self.login('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	510	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	511	self.assertEquals(len(req.execute('Image X')), 1) # only the public one
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	512	self.assertEquals(len(req.execute('Folder X')), 0) # restricted...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	513	# may_be_read_by propagation
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	514	self.restore_connection()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	515	folder.set_relations(may_be_read_by=toto)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	516	self.commit()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	517	photo1.clear_all_caches()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	518	self.failUnless(photo1.may_be_read_by)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	519	# test security with permissions
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	520	self.login('toto')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	521	req = self.request()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	522	self.assertEquals(len(req.execute('Image X')), 2) # now toto has access to photo2
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	523	self.assertEquals(len(req.execute('Folder X')), 1) # and to restricted folder
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	524
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	525	if __name__ == '__main__':
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	526	from logilab.common.testlib import unittest_main
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	527	unittest_main()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	528
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	529	It's not complete, but show most things you'll want to do in tests: adding some
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	530	content, creating users and connecting as them in the test, etc...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	531
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	532	To run it type:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	533
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	534	.. sourcecode:: bash
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	535
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	536	$ pytest unittest_sytweb.py
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	537	======================== unittest_sytweb.py ========================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	538	-> creating tables [....................]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	539	-> inserting default user and default groups.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	540	-> storing the schema in the database [....................]
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	541	-> database for instance data initialized.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	542	.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	543	----------------------------------------------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	544	Ran 1 test in 22.547s
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	545
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	546	OK
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	547
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	548
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	549	The first execution is taking time, since it creates a sqlite database for the
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	550	test instance. The second one will be much quicker:
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	551
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	552	.. sourcecode:: bash
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	553
ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	554	$ pytest unittest_sytweb.py
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	555	======================== unittest_sytweb.py ========================
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	556	.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	557	----------------------------------------------------------------------
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	558	Ran 1 test in 2.662s
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	559
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	560	OK
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	561
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	562	If you do some changes in your schema, you'll have to force regeneration of that
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	563	database. You do that by removing the tmpdb files before running the test: ::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	564
6832 f392e4fb36ec [doc] update cw api (XXX: similar changes have to be done in book probably) Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 6830 diff changeset	565	$ rm data/tmpdb*
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	566
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	567
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	568	.. Note::
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	569	pytest is a very convenient utility used to control test execution. It is available from the `logilab-common`_ package.
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	570
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	571	.. _`logilab-common`: http://www.logilab.org/project/logilab-common
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	572
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	573	.. _adv_tuto_migration_script:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	574
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	575	Step 4: writing the migration script and migrating the instance
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	576	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	577
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	578	Prior to those changes, I created an instance, feeded it with some data, so I
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	579	don't want to create a new one, but to migrate the existing one. Let's see how to
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	580	do that.
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	581
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	582	Migration commands should be put in the cube's migration directory, in a
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	583	file named file:`<X.Y.Z>_Any.py` ('Any' being there mostly for historical reason).
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	584
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	585	Here I'll create a migration/0.2.0_Any.py file containing the following
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	586	instructions:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	587
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	588	.. sourcecode:: python
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	589
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	590	add_relation_type('may_be_read_by')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	591	add_relation_type('visibility')
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	592	sync_schema_props_perms()
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	593
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	594	Then I update the version number in cube's __pkginfo__.py to 0.2.0. And
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	595	that's it! Those instructions will:
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	596
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	597	* update the instance's schema by adding our two new relations and update the
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	598	underlying database tables accordingly (the two first instructions)
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	599
5608 f9ab62103ad4 proof read documentation Alexandre Fayolle <alexandre.fayolle@logilab.fr> parents: 5432 diff changeset	600	* update schema's permissions definition (the last instruction)
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	601
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	602
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	603	To migrate my instance I simply type::
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	604
5432 ee246e1813c6 [doc] various small improvements Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 5350 diff changeset	605	cubicweb-ctl upgrade sytweb
5253 7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	606
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	607	I'll then be asked some questions to do the migration step by step. You should say
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	608	YES when it asks if a backup of your database should be done, so you can get back
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	609	to initial state if anything goes wrong...
7ee07d18dc95 [doc/book] include sylvain great advanced tutorial, move tutorials in one proper section Aurelien Campeas <aurelien.campeas@logilab.fr> parents: diff changeset	610

author	Sylvain Thénault <sylvain.thenault@logilab.fr>
	Mon, 17 Jan 2011 12:41:45 +0100
branch	stable
changeset 6833	8fe4b003c1bc
parent 6832	f392e4fb36ec
child 6876	4b0b9d8207c5
permissions	-rw-r--r--