cubicweb: test/data_schemareader/schema.py@96dba2efd16d (annotated)

[hooks/security] provide attribute "add" permission As of today, the update permission on attributes is checked at entity *creation* time. This forbids using update permissions the proper way. We set it to be checked at entity update time only. We introduce a specific 'add' permission rule for attributes. For backward compatibility, its default value will be the same as the current 'update' permission. Notes: * needs a new yams version (ticket #149216) * introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr) * if the update permission was () and the bw compat kicks in, the rule is not enforced, to avoid un-creatable entity types -- this restriction will be lifted when the bw compat is gone * small internal refactoring on check_entity_attributes * one small pre 3.6.1 bw compat snippet must be removed from schemaserial Closes #2965518.

8167 41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	1	from cubicweb.schemas.base import in_group, CWSourceSchemaConfig
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	2	# copy __permissions__ to avoid modifying a shared dictionary
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	3	in_group.__permissions__ = in_group.__permissions__.copy()
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	4	in_group.__permissions__['read'] = ('managers',)
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	5
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	6	cw_for_source = CWSourceSchemaConfig.get_relation('cw_for_source')
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	7	cw_for_source.__permissions__ = {'read': ('managers', 'users'),
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	8	'add': ('managers',),
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	9	'delete': ('managers',)}
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	10
41ec579e27c4 [test] test/demonstrate relation permissions overriding Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	11

author	Aurelien Campeas <aurelien.campeas@logilab.fr>
	Thu, 24 Oct 2013 13:15:53 +0200
changeset 9395	96dba2efd16d
parent 8167	41ec579e27c4
child 10907	9ae707db5265
permissions	-rw-r--r--