| author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
| Thu, 18 Mar 2010 11:57:48 +0100 | |
| changeset 4938 | b1a4fe480de5 |
| parent 4913 | 083b4d454192 |
| child 5030 | 5238d9a8dfee |
| permissions | -rw-r--r-- |
| 0 | 1 |
"""classes to define schemas for CubicWeb |
2 |
||
3 |
:organization: Logilab |
|
|
4212
ab6573088b4a
update copyright: welcome 2010
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
4132
diff
changeset
|
4 |
:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
| 0 | 5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
1977
606923dff11b
big bunch of copyright / docstring update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1498
diff
changeset
|
6 |
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
| 0 | 7 |
""" |
8 |
__docformat__ = "restructuredtext en" |
|
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
9 |
_ = unicode |
| 0 | 10 |
|
11 |
import re |
|
|
2147
476a75ede2cc
merge and add missing import in schema.py
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2142
diff
changeset
|
12 |
from os.path import join |
| 0 | 13 |
from logging import getLogger |
| 1133 | 14 |
from warnings import warn |
| 0 | 15 |
|
|
624
258e5692ae06
provide a new RichString attribute type
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
479
diff
changeset
|
16 |
from logilab.common.decorators import cached, clear_cache, monkeypatch |
|
2730
bb6fcb8c5d71
to make cw schemas importable, they have to be installed w/ cw code, not in /usr/share/cubicweb/schemas
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2718
diff
changeset
|
17 |
from logilab.common.logging_ext import set_log_methods |
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
18 |
from logilab.common.deprecation import deprecated, class_moved |
|
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
19 |
from logilab.common.graph import get_cycles |
| 0 | 20 |
from logilab.common.compat import any |
21 |
||
|
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
22 |
from yams import BadSchemaDefinition, buildobjs as ybo |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
23 |
from yams.schema import Schema, ERSchema, EntitySchema, RelationSchema, \ |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
24 |
RelationDefinitionSchema, PermissionMixIn |
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
25 |
from yams.constraints import BaseConstraint, FormatConstraint |
|
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
26 |
from yams.reader import (CONSTRAINTS, PyFileReader, SchemaLoader, |
|
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
27 |
obsolete as yobsolete, cleanup_sys_modules) |
| 0 | 28 |
|
29 |
from rql import parse, nodes, RQLSyntaxError, TypeResolverException |
|
30 |
||
|
2730
bb6fcb8c5d71
to make cw schemas importable, they have to be installed w/ cw code, not in /usr/share/cubicweb/schemas
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2718
diff
changeset
|
31 |
import cubicweb |
| 0 | 32 |
from cubicweb import ETYPE_NAME_MAP, ValidationError, Unauthorized |
33 |
||
|
2596
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
34 |
PURE_VIRTUAL_RTYPES = set(('identity', 'has_text',)) |
|
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
35 |
VIRTUAL_RTYPES = set(('eid', 'identity', 'has_text',)) |
|
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
36 |
|
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
37 |
# set of meta-relations available for every entity types |
|
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
38 |
META_RTYPES = set(( |
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
39 |
'owned_by', 'created_by', 'is', 'is_instance_of', 'identity', |
|
2456
aa25d6b244c8
new cwuri metadata + a few tests fixes on the way
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2437
diff
changeset
|
40 |
'eid', 'creation_date', 'modification_date', 'has_text', 'cwuri', |
| 2184 | 41 |
)) |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
42 |
SYSTEM_RTYPES = set(('require_permission', 'custom_workflow', 'in_state', |
|
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
43 |
'wf_info_for')) |
| 0 | 44 |
|
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
45 |
# set of entity and relation types used to build the schema |
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
46 |
SCHEMA_TYPES = set(( |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
47 |
'CWEType', 'CWRType', 'CWAttribute', 'CWRelation', |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
48 |
'CWConstraint', 'CWConstraintType', 'RQLExpression', |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
49 |
'relation_type', 'from_entity', 'to_entity', |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
50 |
'constrained_by', 'cstrtype', |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
51 |
)) |
| 0 | 52 |
|
|
4434
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
53 |
WORKFLOW_TYPES = set(('Transition', 'State', 'TrInfo', 'Workflow', |
| 4759 | 54 |
'WorkflowTransition', 'BaseTransition', |
55 |
'SubWorkflowExitPoint')) |
|
56 |
||
|
4434
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
57 |
INTERNAL_TYPES = set(('CWProperty', 'CWPermission', 'CWCache', 'ExternalUri')) |
|
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
58 |
|
|
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
59 |
|
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
60 |
_LOGGER = getLogger('cubicweb.schemaloader') |
| 0 | 61 |
|
62 |
# schema entities created from serialized schema have an eid rproperty |
|
63 |
ybo.ETYPE_PROPERTIES += ('eid',) |
|
64 |
ybo.RTYPE_PROPERTIES += ('eid',) |
|
65 |
ybo.RDEF_PROPERTIES += ('eid',) |
|
66 |
||
|
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
67 |
|
|
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
68 |
PUB_SYSTEM_ENTITY_PERMS = { |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
69 |
'read': ('managers', 'users', 'guests',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
70 |
'add': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
71 |
'delete': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
72 |
'update': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
73 |
} |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
74 |
PUB_SYSTEM_REL_PERMS = { |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
75 |
'read': ('managers', 'users', 'guests',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
76 |
'add': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
77 |
'delete': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
78 |
} |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
79 |
PUB_SYSTEM_ATTR_PERMS = { |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
80 |
'read': ('managers', 'users', 'guests',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
81 |
'update': ('managers',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
82 |
} |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
83 |
RO_REL_PERMS = { |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
84 |
'read': ('managers', 'users', 'guests',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
85 |
'add': (), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
86 |
'delete': (), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
87 |
} |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
88 |
RO_ATTR_PERMS = { |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
89 |
'read': ('managers', 'users', 'guests',), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
90 |
'update': (), |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
91 |
} |
|
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
92 |
|
|
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
93 |
# XXX same algorithm as in reorder_cubes and probably other place, |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
94 |
# may probably extract a generic function |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
95 |
def order_eschemas(eschemas): |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
96 |
"""return entity schemas ordered such that entity types which specializes an |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
97 |
other one appears after that one |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
98 |
""" |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
99 |
graph = {} |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
100 |
for eschema in eschemas: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
101 |
if eschema.specializes(): |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
102 |
graph[eschema] = set((eschema.specializes(),)) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
103 |
else: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
104 |
graph[eschema] = set() |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
105 |
cycles = get_cycles(graph) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
106 |
if cycles: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
107 |
cycles = '\n'.join(' -> '.join(cycle) for cycle in cycles) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
108 |
raise Exception('cycles in entity schema specialization: %s' |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
109 |
% cycles) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
110 |
eschemas = [] |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
111 |
while graph: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
112 |
# sorted to get predictable results |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
113 |
for eschema, deps in sorted(graph.items()): |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
114 |
if not deps: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
115 |
eschemas.append(eschema) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
116 |
del graph[eschema] |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
117 |
for deps in graph.itervalues(): |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
118 |
try: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
119 |
deps.remove(eschema) |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
120 |
except KeyError: |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
121 |
continue |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
122 |
return eschemas |
|
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
123 |
|
| 0 | 124 |
def bw_normalize_etype(etype): |
125 |
if etype in ETYPE_NAME_MAP: |
|
126 |
msg = '%s has been renamed to %s, please update your code' % ( |
|
| 1451 | 127 |
etype, ETYPE_NAME_MAP[etype]) |
| 0 | 128 |
warn(msg, DeprecationWarning, stacklevel=4) |
129 |
etype = ETYPE_NAME_MAP[etype] |
|
130 |
return etype |
|
131 |
||
|
3275
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
132 |
def display_name(req, key, form='', context=None): |
| 0 | 133 |
"""return a internationalized string for the key (schema entity or relation |
134 |
name) in a given form |
|
135 |
""" |
|
136 |
assert form in ('', 'plural', 'subject', 'object') |
|
137 |
if form == 'subject': |
|
138 |
form = '' |
|
139 |
if form: |
|
140 |
key = key + '_' + form |
|
141 |
# ensure unicode |
|
|
3284
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
142 |
# .lower() in case no translation are available XXX done whatever a translation is there or not! |
|
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
143 |
if context is not None: |
|
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
144 |
return unicode(req.pgettext(context, key)).lower() |
|
3275
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
145 |
else: |
|
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
146 |
return unicode(req._(key)).lower() |
|
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
147 |
|
|
2788
8d3dbe577d3a
R put version info in deprecation warnings
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2782
diff
changeset
|
148 |
__builtins__['display_name'] = deprecated('[3.4] display_name should be imported from cubicweb.schema')(display_name) |
| 0 | 149 |
|
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
150 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
151 |
# rql expression utilities function ############################################ |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
152 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
153 |
def guess_rrqlexpr_mainvars(expression): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
154 |
defined = set(split_expression(expression)) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
155 |
mainvars = [] |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
156 |
if 'S' in defined: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
157 |
mainvars.append('S') |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
158 |
if 'O' in defined: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
159 |
mainvars.append('O') |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
160 |
if 'U' in defined: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
161 |
mainvars.append('U') |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
162 |
if not mainvars: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
163 |
raise Exception('unable to guess selection variables') |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
164 |
return ','.join(mainvars) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
165 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
166 |
def split_expression(rqlstring): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
167 |
for expr in rqlstring.split(','): |
|
4132
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
168 |
for noparen in expr.split('('): |
|
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
169 |
for word in noparen.split(): |
|
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
170 |
yield word |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
171 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
172 |
def normalize_expression(rqlstring): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
173 |
"""normalize an rql expression to ease schema synchronization (avoid |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
174 |
suppressing and reinserting an expression if only a space has been added/removed |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
175 |
for instance) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
176 |
""" |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
177 |
return u', '.join(' '.join(expr.split()) for expr in rqlstring.split(',')) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
178 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
179 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
180 |
# Schema objects definition ################################################### |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
181 |
|
|
3471
8c57c71b859c
can now give context to rschema.display_name(...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3401
diff
changeset
|
182 |
def ERSchema_display_name(self, req, form='', context=None): |
| 0 | 183 |
"""return a internationalized string for the entity/relation type name in |
184 |
a given form |
|
185 |
""" |
|
|
3471
8c57c71b859c
can now give context to rschema.display_name(...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3401
diff
changeset
|
186 |
return display_name(req, self.type, form, context) |
| 0 | 187 |
ERSchema.display_name = ERSchema_display_name |
188 |
||
189 |
@cached |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
190 |
def get_groups(self, action): |
| 0 | 191 |
"""return the groups authorized to perform <action> on entities of |
192 |
this type |
|
193 |
||
194 |
:type action: str |
|
195 |
:param action: the name of a permission |
|
196 |
||
197 |
:rtype: tuple |
|
198 |
:return: names of the groups with the given permission |
|
199 |
""" |
|
200 |
assert action in self.ACTIONS, action |
|
201 |
#assert action in self._groups, '%s %s' % (self, action) |
|
202 |
try: |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
203 |
return frozenset(g for g in self.permissions[action] if isinstance(g, basestring)) |
| 0 | 204 |
except KeyError: |
205 |
return () |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
206 |
PermissionMixIn.get_groups = get_groups |
| 0 | 207 |
|
208 |
@cached |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
209 |
def get_rqlexprs(self, action): |
| 0 | 210 |
"""return the rql expressions representing queries to check the user is allowed |
211 |
to perform <action> on entities of this type |
|
212 |
||
213 |
:type action: str |
|
214 |
:param action: the name of a permission |
|
215 |
||
216 |
:rtype: tuple |
|
217 |
:return: the rql expressions with the given permission |
|
218 |
""" |
|
219 |
assert action in self.ACTIONS, action |
|
220 |
#assert action in self._rqlexprs, '%s %s' % (self, action) |
|
221 |
try: |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
222 |
return tuple(g for g in self.permissions[action] if not isinstance(g, basestring)) |
| 0 | 223 |
except KeyError: |
224 |
return () |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
225 |
PermissionMixIn.get_rqlexprs = get_rqlexprs |
| 0 | 226 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
227 |
orig_set_action_permissions = PermissionMixIn.set_action_permissions |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
228 |
def set_action_permissions(self, action, permissions): |
| 0 | 229 |
"""set the groups and rql expressions allowing to perform <action> on |
230 |
entities of this type |
|
231 |
||
232 |
:type action: str |
|
233 |
:param action: the name of a permission |
|
234 |
||
235 |
:type permissions: tuple |
|
236 |
:param permissions: the groups and rql expressions allowing the given action |
|
237 |
""" |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
238 |
orig_set_action_permissions(self, action, tuple(permissions)) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
239 |
clear_cache(self, 'get_rqlexprs') |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
240 |
clear_cache(self, 'get_groups') |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
241 |
PermissionMixIn.set_action_permissions = set_action_permissions |
| 0 | 242 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
243 |
def has_local_role(self, action): |
| 0 | 244 |
"""return true if the action *may* be granted localy (eg either rql |
245 |
expressions or the owners group are used in security definition) |
|
246 |
||
247 |
XXX this method is only there since we don't know well how to deal with |
|
248 |
'add' action checking. Also find a better name would be nice. |
|
249 |
""" |
|
250 |
assert action in self.ACTIONS, action |
|
251 |
if self.get_rqlexprs(action): |
|
252 |
return True |
|
253 |
if action in ('update', 'delete'): |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
254 |
return 'owners' in self.get_groups(action) |
| 0 | 255 |
return False |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
256 |
PermissionMixIn.has_local_role = has_local_role |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
257 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
258 |
def may_have_permission(self, action, req): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
259 |
if action != 'read' and not (self.has_local_role('read') or |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
260 |
self.has_perm(req, 'read')): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
261 |
return False |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
262 |
return self.has_local_role(action) or self.has_perm(req, action) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
263 |
PermissionMixIn.may_have_permission = may_have_permission |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
264 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
265 |
def has_perm(self, session, action, **kwargs): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
266 |
"""return true if the action is granted globaly or localy""" |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
267 |
try: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
268 |
self.check_perm(session, action, **kwargs) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
269 |
return True |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
270 |
except Unauthorized: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
271 |
return False |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
272 |
PermissionMixIn.has_perm = has_perm |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
273 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
274 |
def check_perm(self, session, action, **kwargs): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
275 |
# NB: session may be a server session or a request object check user is |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
276 |
# in an allowed group, if so that's enough internal sessions should |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
277 |
# always stop there |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
278 |
groups = self.get_groups(action) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
279 |
if session.user.matching_groups(groups): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
280 |
return |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
281 |
# if 'owners' in allowed groups, check if the user actually owns this |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
282 |
# object, if so that's enough |
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
283 |
if 'owners' in groups and ( |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
284 |
kwargs.get('creating') |
| 4608 | 285 |
or ('eid' in kwargs and session.user.owns(kwargs['eid']))): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
286 |
return |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
287 |
# else if there is some rql expressions, check them |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
288 |
if any(rqlexpr.check(session, **kwargs) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
289 |
for rqlexpr in self.get_rqlexprs(action)): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
290 |
return |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
291 |
raise Unauthorized(action, str(self)) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
292 |
PermissionMixIn.check_perm = check_perm |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
293 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
294 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
295 |
RelationDefinitionSchema._RPROPERTIES['eid'] = None |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
296 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
297 |
def rql_expression(self, expression, mainvars=None, eid=None): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
298 |
"""rql expression factory""" |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
299 |
if self.rtype.final: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
300 |
return ERQLExpression(expression, mainvars, eid) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
301 |
return RRQLExpression(expression, mainvars, eid) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
302 |
RelationDefinitionSchema.rql_expression = rql_expression |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
303 |
|
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
304 |
orig_check_permission_definitions = RelationDefinitionSchema.check_permission_definitions |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
305 |
def check_permission_definitions(self): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
306 |
orig_check_permission_definitions(self) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
307 |
schema = self.subject.schema |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
308 |
for action, groups in self.permissions.iteritems(): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
309 |
for group_or_rqlexpr in groups: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
310 |
if action == 'read' and \ |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
311 |
isinstance(group_or_rqlexpr, RQLExpression): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
312 |
msg = "can't use rql expression for read permission of %s" |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
313 |
raise BadSchemaDefinition(msg % self) |
|
4574
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
314 |
if self.final and isinstance(group_or_rqlexpr, RRQLExpression): |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
315 |
msg = "can't use RRQLExpression on %s, use an ERQLExpression" |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
316 |
raise BadSchemaDefinition(msg % self) |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
317 |
if not self.final and isinstance(group_or_rqlexpr, ERQLExpression): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
318 |
msg = "can't use ERQLExpression on %s, use a RRQLExpression" |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
319 |
raise BadSchemaDefinition(msg % self) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
320 |
RelationDefinitionSchema.check_permission_definitions = check_permission_definitions |
| 0 | 321 |
|
322 |
||
323 |
class CubicWebEntitySchema(EntitySchema): |
|
324 |
"""a entity has a type, a set of subject and or object relations |
|
325 |
the entity schema defines the possible relations for a given type and some |
|
326 |
constraints on those relations |
|
327 |
""" |
|
328 |
def __init__(self, schema=None, edef=None, eid=None, **kwargs): |
|
329 |
super(CubicWebEntitySchema, self).__init__(schema, edef, **kwargs) |
|
330 |
if eid is None and edef is not None: |
|
331 |
eid = getattr(edef, 'eid', None) |
|
332 |
self.eid = eid |
|
|
4574
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
333 |
|
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
334 |
def check_permission_definitions(self): |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
335 |
super(CubicWebEntitySchema, self).check_permission_definitions() |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
336 |
for groups in self.permissions.itervalues(): |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
337 |
for group_or_rqlexpr in groups: |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
338 |
if isinstance(group_or_rqlexpr, RRQLExpression): |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
339 |
msg = "can't use RRQLExpression on %s, use an ERQLExpression" |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
340 |
raise BadSchemaDefinition(msg % self.type) |
| 1451 | 341 |
|
| 0 | 342 |
def attribute_definitions(self): |
343 |
"""return an iterator on attribute definitions |
|
| 1451 | 344 |
|
| 0 | 345 |
attribute relations are a subset of subject relations where the |
346 |
object's type is a final entity |
|
| 1451 | 347 |
|
| 0 | 348 |
an attribute definition is a 2-uple : |
349 |
* name of the relation |
|
350 |
* schema of the destination entity type |
|
351 |
""" |
|
352 |
iter = super(CubicWebEntitySchema, self).attribute_definitions() |
|
353 |
for rschema, attrschema in iter: |
|
354 |
if rschema.type == 'has_text': |
|
355 |
continue |
|
356 |
yield rschema, attrschema |
|
| 1451 | 357 |
|
|
2128
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
358 |
def main_attribute(self): |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
359 |
"""convenience method that returns the *main* (i.e. the first non meta) |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
360 |
attribute defined in the entity schema |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
361 |
""" |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
362 |
for rschema, _ in self.attribute_definitions(): |
|
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
363 |
if not (rschema in META_RTYPES |
|
2128
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
364 |
or self.is_metadata(rschema)): |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
365 |
return rschema |
|
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
366 |
|
| 0 | 367 |
def add_subject_relation(self, rschema): |
368 |
"""register the relation schema as possible subject relation""" |
|
369 |
super(CubicWebEntitySchema, self).add_subject_relation(rschema) |
|
370 |
self._update_has_text() |
|
371 |
||
372 |
def del_subject_relation(self, rtype): |
|
373 |
super(CubicWebEntitySchema, self).del_subject_relation(rtype) |
|
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
374 |
self._update_has_text(True) |
| 1451 | 375 |
|
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
376 |
def _update_has_text(self, deletion=False): |
| 0 | 377 |
may_need_has_text, has_has_text = False, False |
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
378 |
need_has_text = None |
| 0 | 379 |
for rschema in self.subject_relations(): |
|
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3554
diff
changeset
|
380 |
if rschema.final: |
| 0 | 381 |
if rschema == 'has_text': |
382 |
has_has_text = True |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
383 |
elif self.rdef(rschema).get('fulltextindexed'): |
| 0 | 384 |
may_need_has_text = True |
385 |
elif rschema.fulltext_container: |
|
386 |
if rschema.fulltext_container == 'subject': |
|
387 |
may_need_has_text = True |
|
388 |
else: |
|
389 |
need_has_text = False |
|
390 |
for rschema in self.object_relations(): |
|
391 |
if rschema.fulltext_container: |
|
392 |
if rschema.fulltext_container == 'object': |
|
393 |
may_need_has_text = True |
|
394 |
else: |
|
395 |
need_has_text = False |
|
396 |
if need_has_text is None: |
|
397 |
need_has_text = may_need_has_text |
|
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
398 |
if need_has_text and not has_has_text and not deletion: |
|
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
399 |
rdef = ybo.RelationDefinition(self.type, 'has_text', 'String', |
|
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
400 |
__permissions__=RO_ATTR_PERMS) |
| 0 | 401 |
self.schema.add_relation_def(rdef) |
402 |
elif not need_has_text and has_has_text: |
|
403 |
self.schema.del_relation_def(self.type, 'has_text', 'String') |
|
| 1451 | 404 |
|
| 0 | 405 |
def schema_entity(self): |
406 |
"""return True if this entity type is used to build the schema""" |
|
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
407 |
return self.type in SCHEMA_TYPES |
| 0 | 408 |
|
409 |
def rql_expression(self, expression, mainvars=None, eid=None): |
|
410 |
"""rql expression factory""" |
|
411 |
return ERQLExpression(expression, mainvars, eid) |
|
| 1451 | 412 |
|
| 2252 | 413 |
|
| 0 | 414 |
class CubicWebRelationSchema(RelationSchema): |
| 1451 | 415 |
|
| 0 | 416 |
def __init__(self, schema=None, rdef=None, eid=None, **kwargs): |
417 |
if rdef is not None: |
|
418 |
# if this relation is inlined |
|
419 |
self.inlined = rdef.inlined |
|
420 |
super(CubicWebRelationSchema, self).__init__(schema, rdef, **kwargs) |
|
421 |
if eid is None and rdef is not None: |
|
422 |
eid = getattr(rdef, 'eid', None) |
|
423 |
self.eid = eid |
|
| 1451 | 424 |
|
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
425 |
@property |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
426 |
def meta(self): |
|
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
427 |
return self.type in META_RTYPES |
| 1451 | 428 |
|
| 0 | 429 |
def schema_relation(self): |
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
430 |
"""return True if this relation type is used to build the schema""" |
|
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
431 |
return self.type in SCHEMA_TYPES |
| 1451 | 432 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
433 |
def may_have_permission(self, action, req, eschema=None, role=None): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
434 |
if eschema is not None: |
| 4019 | 435 |
for tschema in self.targets(eschema, role): |
436 |
rdef = self.role_rdef(eschema, tschema, role) |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
437 |
if rdef.may_have_permission(action, req): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
438 |
return True |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
439 |
else: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
440 |
for rdef in self.rdefs.itervalues(): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
441 |
if rdef.may_have_permission(action, req): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
442 |
return True |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
443 |
return False |
| 0 | 444 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
445 |
def has_perm(self, session, action, **kwargs): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
446 |
"""return true if the action is granted globaly or localy""" |
|
4575
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
447 |
if self.final: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
448 |
assert not ('fromeid' in kwargs or 'toeid' in kwargs), kwargs |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
449 |
assert action in ('read', 'update') |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
450 |
if 'eid' in kwargs: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
451 |
subjtype = session.describe(kwargs['eid'])[0] |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
452 |
else: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
453 |
subjtype = objtype = None |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
454 |
else: |
|
4575
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
455 |
assert not 'eid' in kwargs, kwargs |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
456 |
assert action in ('read', 'add', 'delete') |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
457 |
if 'fromeid' in kwargs: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
458 |
subjtype = session.describe(kwargs['fromeid'])[0] |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
459 |
else: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
460 |
subjtype = None |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
461 |
if 'toeid' in kwargs: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
462 |
objtype = session.describe(kwargs['toeid'])[0] |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
463 |
else: |
|
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
464 |
objtype = None |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
465 |
if objtype and subjtype: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
466 |
return self.rdef(subjtype, objtype).has_perm(session, action, **kwargs) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
467 |
elif subjtype: |
|
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
468 |
for tschema in self.targets(subjtype, 'subject'): |
|
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
469 |
rdef = self.rdef(subjtype, tschema) |
|
4045
f4a52abb6f4f
cw 3.6 api update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4037
diff
changeset
|
470 |
if not rdef.has_perm(session, action, **kwargs): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
471 |
return False |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
472 |
elif objtype: |
|
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
473 |
for tschema in self.targets(objtype, 'object'): |
|
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
474 |
rdef = self.rdef(tschema, objtype) |
|
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
475 |
if not rdef.has_perm(session, action, **kwargs): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
476 |
return False |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
477 |
else: |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
478 |
for rdef in self.rdefs.itervalues(): |
|
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
479 |
if not rdef.has_perm(session, action, **kwargs): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
480 |
return False |
|
4233
94ffaecd8e8c
ouch, has_perm was always returning False...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4181
diff
changeset
|
481 |
return True |
| 0 | 482 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
483 |
@deprecated('use .rdef(subjtype, objtype).role_cardinality(role)') |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
484 |
def cardinality(self, subjtype, objtype, target): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
485 |
return self.rdef(subjtype, objtype).role_cardinality(target) |
| 0 | 486 |
|
| 1451 | 487 |
|
| 0 | 488 |
class CubicWebSchema(Schema): |
489 |
"""set of entities and relations schema defining the possible data sets |
|
490 |
used in an application |
|
491 |
||
492 |
:type name: str |
|
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2460
diff
changeset
|
493 |
:ivar name: name of the schema, usually the instance identifier |
| 1451 | 494 |
|
| 0 | 495 |
:type base: str |
496 |
:ivar base: path of the directory where the schema is defined |
|
497 |
""" |
|
| 1451 | 498 |
reading_from_database = False |
| 0 | 499 |
entity_class = CubicWebEntitySchema |
500 |
relation_class = CubicWebRelationSchema |
|
|
2958
44e5446b649b
no inference for the identity relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2926
diff
changeset
|
501 |
no_specialization_inference = ('identity',) |
| 0 | 502 |
|
503 |
def __init__(self, *args, **kwargs): |
|
504 |
self._eid_index = {} |
|
505 |
super(CubicWebSchema, self).__init__(*args, **kwargs) |
|
506 |
ybo.register_base_types(self) |
|
|
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
507 |
rschema = self.add_relation_type(ybo.RelationType('eid')) |
| 0 | 508 |
rschema.final = True |
|
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
509 |
rschema = self.add_relation_type(ybo.RelationType('has_text')) |
| 0 | 510 |
rschema.final = True |
|
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
511 |
rschema = self.add_relation_type(ybo.RelationType('identity')) |
| 0 | 512 |
rschema.final = False |
| 1451 | 513 |
|
| 0 | 514 |
def add_entity_type(self, edef): |
515 |
edef.name = edef.name.encode() |
|
516 |
edef.name = bw_normalize_etype(edef.name) |
|
517 |
assert re.match(r'[A-Z][A-Za-z0-9]*[a-z]+[0-9]*$', edef.name), repr(edef.name) |
|
518 |
eschema = super(CubicWebSchema, self).add_entity_type(edef) |
|
|
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3554
diff
changeset
|
519 |
if not eschema.final: |
| 0 | 520 |
# automatically add the eid relation to non final entity types |
521 |
rdef = ybo.RelationDefinition(eschema.type, 'eid', 'Int', |
|
|
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
522 |
cardinality='11', uid=True, |
|
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
523 |
__permissions__=RO_ATTR_PERMS) |
| 0 | 524 |
self.add_relation_def(rdef) |
|
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
525 |
rdef = ybo.RelationDefinition(eschema.type, 'identity', eschema.type, |
|
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
526 |
__permissions__=RO_REL_PERMS) |
| 0 | 527 |
self.add_relation_def(rdef) |
528 |
self._eid_index[eschema.eid] = eschema |
|
529 |
return eschema |
|
| 1451 | 530 |
|
| 0 | 531 |
def add_relation_type(self, rdef): |
532 |
rdef.name = rdef.name.lower().encode() |
|
533 |
rschema = super(CubicWebSchema, self).add_relation_type(rdef) |
|
534 |
self._eid_index[rschema.eid] = rschema |
|
535 |
return rschema |
|
| 1451 | 536 |
|
| 0 | 537 |
def add_relation_def(self, rdef): |
538 |
"""build a part of a relation schema |
|
539 |
(i.e. add a relation between two specific entity's types) |
|
540 |
||
541 |
:type subject: str |
|
542 |
:param subject: entity's type that is subject of the relation |
|
543 |
||
544 |
:type rtype: str |
|
545 |
:param rtype: the relation's type (i.e. the name of the relation) |
|
546 |
||
547 |
:type obj: str |
|
548 |
:param obj: entity's type that is object of the relation |
|
549 |
||
550 |
:rtype: RelationSchema |
|
551 |
:param: the newly created or just completed relation schema |
|
552 |
""" |
|
553 |
rdef.name = rdef.name.lower() |
|
554 |
rdef.subject = bw_normalize_etype(rdef.subject) |
|
555 |
rdef.object = bw_normalize_etype(rdef.object) |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
556 |
rdefs = super(CubicWebSchema, self).add_relation_def(rdef) |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
557 |
if rdefs: |
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
558 |
try: |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
559 |
self._eid_index[rdef.eid] = rdefs |
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
560 |
except AttributeError: |
|
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
561 |
pass # not a serialized schema |
|
4003
b9436fe77c9e
fix bad merge
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
3998
diff
changeset
|
562 |
return rdefs |
| 1451 | 563 |
|
| 0 | 564 |
def del_relation_type(self, rtype): |
565 |
rschema = self.rschema(rtype) |
|
566 |
self._eid_index.pop(rschema.eid, None) |
|
567 |
super(CubicWebSchema, self).del_relation_type(rtype) |
|
| 1451 | 568 |
|
| 0 | 569 |
def del_relation_def(self, subjtype, rtype, objtype): |
570 |
for k, v in self._eid_index.items(): |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
571 |
if not isinstance(v, RelationDefinitionSchema): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
572 |
continue |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
573 |
if v.subject == subjtype and v.rtype == rtype and v.object == objtype: |
| 0 | 574 |
del self._eid_index[k] |
|
2718
3a56b87bb5d6
[schema] break when found
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2716
diff
changeset
|
575 |
break |
| 0 | 576 |
super(CubicWebSchema, self).del_relation_def(subjtype, rtype, objtype) |
| 1451 | 577 |
|
| 0 | 578 |
def del_entity_type(self, etype): |
579 |
eschema = self.eschema(etype) |
|
580 |
self._eid_index.pop(eschema.eid, None) |
|
581 |
# deal with has_text first, else its automatic deletion (see above) |
|
582 |
# may trigger an error in ancestor's del_entity_type method |
|
583 |
if 'has_text' in eschema.subject_relations(): |
|
584 |
self.del_relation_def(etype, 'has_text', 'String') |
|
585 |
super(CubicWebSchema, self).del_entity_type(etype) |
|
| 1451 | 586 |
|
| 0 | 587 |
def schema_by_eid(self, eid): |
588 |
return self._eid_index[eid] |
|
589 |
||
590 |
||
591 |
# Possible constraints ######################################################## |
|
592 |
||
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
593 |
class BaseRQLConstraint(BaseConstraint): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
594 |
"""base class for rql constraints |
| 0 | 595 |
""" |
| 1451 | 596 |
|
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
597 |
def __init__(self, restriction, mainvars=None): |
|
3963
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
598 |
self.restriction = normalize_expression(restriction) |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
599 |
if mainvars is None: |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
600 |
mainvars = guess_rrqlexpr_mainvars(restriction) |
|
3963
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
601 |
else: |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
602 |
normmainvars = [] |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
603 |
for mainvar in mainvars.split(','): |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
604 |
mainvar = mainvar.strip() |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
605 |
if not mainvar.isalpha(): |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
606 |
raise Exception('bad mainvars %s' % mainvars) |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
607 |
normmainvars.append(mainvar) |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
608 |
assert mainvars, 'bad mainvars %s' % mainvars |
|
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
609 |
mainvars = ','.join(sorted(normmainvars)) |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
610 |
self.mainvars = mainvars |
| 0 | 611 |
|
612 |
def serialize(self): |
|
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
613 |
# start with a comma for bw compat, see below |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
614 |
return ';' + self.mainvars + ';' + self.restriction |
| 1451 | 615 |
|
| 0 | 616 |
def deserialize(cls, value): |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
617 |
# XXX < 3.5.10 bw compat |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
618 |
if not value.startswith(';'): |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
619 |
return cls(value) |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
620 |
_, mainvars, restriction = value.split(';', 2) |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
621 |
return cls(restriction, mainvars) |
| 0 | 622 |
deserialize = classmethod(deserialize) |
| 1451 | 623 |
|
| 0 | 624 |
def check(self, entity, rtype, value): |
625 |
"""return true if the value satisfy the constraint, else false""" |
|
626 |
# implemented as a hook in the repository |
|
627 |
return 1 |
|
628 |
||
629 |
def repo_check(self, session, eidfrom, rtype, eidto): |
|
630 |
"""raise ValidationError if the relation doesn't satisfy the constraint |
|
631 |
""" |
|
|
3554
26e586f3c15c
[schema] make RQL* constraints usable w/ attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3347
diff
changeset
|
632 |
pass # this is a vocabulary constraint, not enforce XXX why? |
| 1451 | 633 |
|
| 0 | 634 |
def __str__(self): |
|
3965
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
635 |
return '%s(Any %s WHERE %s)' % (self.__class__.__name__, self.mainvars, |
|
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
636 |
self.restriction) |
| 0 | 637 |
|
638 |
def __repr__(self): |
|
|
3965
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
639 |
return '<%s @%#x>' % (self.__str__(), id(self)) |
| 0 | 640 |
|
641 |
||
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
642 |
class RQLVocabularyConstraint(BaseRQLConstraint): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
643 |
"""the rql vocabulary constraint : |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
644 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
645 |
limit the proposed values to a set of entities returned by a rql query, |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
646 |
but this is not enforced at the repository level |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
647 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
648 |
restriction is additional rql restriction that will be added to |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
649 |
a predefined query, where the S and O variables respectivly represent |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
650 |
the subject and the object of the relation |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
651 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
652 |
mainvars is a string that should be used as selection variable (eg |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
653 |
`'Any %s WHERE ...' % mainvars`). If not specified, an attempt will be |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
654 |
done to guess it according to variable used in the expression. |
| 0 | 655 |
""" |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
656 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
657 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
658 |
class RepoEnforcedRQLConstraintMixIn(object): |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
659 |
|
|
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
660 |
def __init__(self, restriction, mainvars=None, msg=None): |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
661 |
super(RepoEnforcedRQLConstraintMixIn, self).__init__(restriction, mainvars) |
|
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
662 |
self.msg = msg |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
663 |
|
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
664 |
def serialize(self): |
|
3968
e8dbad65a7a2
fix format string
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
3967
diff
changeset
|
665 |
# start with a semicolon for bw compat, see below |
|
e8dbad65a7a2
fix format string
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
3967
diff
changeset
|
666 |
return ';%s;%s\n%s' % (self.mainvars, self.restriction, |
|
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
667 |
self.msg or '') |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
668 |
|
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
669 |
def deserialize(cls, value): |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
670 |
# XXX < 3.5.10 bw compat |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
671 |
if not value.startswith(';'): |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
672 |
return cls(value) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
673 |
value, msg = value.split('\n', 1) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
674 |
_, mainvars, restriction = value.split(';', 2) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
675 |
return cls(restriction, mainvars, msg) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
676 |
deserialize = classmethod(deserialize) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
677 |
|
|
3554
26e586f3c15c
[schema] make RQL* constraints usable w/ attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3347
diff
changeset
|
678 |
def repo_check(self, session, eidfrom, rtype, eidto=None): |
| 0 | 679 |
"""raise ValidationError if the relation doesn't satisfy the constraint |
680 |
""" |
|
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
681 |
if not self.match_condition(session, eidfrom, eidto): |
|
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
682 |
# XXX at this point if both or neither of S and O are in mainvar we |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
683 |
# dunno if the validation error `occured` on eidfrom or eidto (from |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
684 |
# user interface point of view) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
685 |
if eidto is None or 'S' in self.mainvars or not 'O' in self.mainvars: |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
686 |
maineid = eidfrom |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
687 |
else: |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
688 |
maineid = eidto |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
689 |
if self.msg: |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
690 |
msg = session._(self.msg) |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
691 |
else: |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
692 |
msg = '%(constraint)s %(restriction)s failed' % { |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
693 |
'constraint': session._(self.type()), |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
694 |
'restriction': self.restriction} |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
695 |
raise ValidationError(maineid, {rtype: msg}) |
| 0 | 696 |
|
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
697 |
def exec_query(self, session, eidfrom, eidto): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
698 |
if eidto is None: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
699 |
# checking constraint for an attribute relation |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
700 |
restriction = 'S eid %(s)s, ' + self.restriction |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
701 |
args, ck = {'s': eidfrom}, 's' |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
702 |
else: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
703 |
restriction = 'S eid %(s)s, O eid %(o)s, ' + self.restriction |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
704 |
args, ck = {'s': eidfrom, 'o': eidto}, ('s', 'o') |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
705 |
rql = 'Any %s WHERE %s' % (self.mainvars, restriction) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
706 |
if self.distinct_query: |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
707 |
rql = 'DISTINCT ' + rql |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
708 |
return session.execute(rql, args, ck, build_descr=False) |
| 0 | 709 |
|
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
710 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
711 |
class RQLConstraint(RepoEnforcedRQLConstraintMixIn, RQLVocabularyConstraint): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
712 |
"""the rql constraint is similar to the RQLVocabularyConstraint but |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
713 |
are also enforced at the repository level |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
714 |
""" |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
715 |
distinct_query = False |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
716 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
717 |
def match_condition(self, session, eidfrom, eidto): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
718 |
return self.exec_query(session, eidfrom, eidto) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
719 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
720 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
721 |
class RQLUniqueConstraint(RepoEnforcedRQLConstraintMixIn, BaseRQLConstraint): |
| 0 | 722 |
"""the unique rql constraint check that the result of the query isn't |
723 |
greater than one |
|
724 |
""" |
|
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
725 |
distinct_query = True |
|
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
726 |
|
|
3985
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
727 |
# XXX turns mainvars into a required argument in __init__, since we've no |
|
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
728 |
# way to guess it correctly (eg if using S,O or U the constraint will |
|
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
729 |
# always be satisfied since we've to use a DISTINCT query) |
|
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
730 |
|
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
731 |
def match_condition(self, session, eidfrom, eidto): |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
732 |
return len(self.exec_query(session, eidfrom, eidto)) <= 1 |
| 0 | 733 |
|
734 |
||
735 |
class RQLExpression(object): |
|
736 |
def __init__(self, expression, mainvars, eid): |
|
737 |
self.eid = eid # eid of the entity representing this rql expression |
|
738 |
if not isinstance(mainvars, unicode): |
|
739 |
mainvars = unicode(mainvars) |
|
740 |
self.mainvars = mainvars |
|
741 |
self.expression = normalize_expression(expression) |
|
742 |
try: |
|
743 |
self.rqlst = parse(self.full_rql, print_errors=False).children[0] |
|
744 |
except RQLSyntaxError: |
|
745 |
raise RQLSyntaxError(expression) |
|
746 |
for mainvar in mainvars.split(','): |
|
747 |
if len(self.rqlst.defined_vars[mainvar].references()) <= 2: |
|
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
748 |
_LOGGER.warn('You did not use the %s variable in your RQL ' |
|
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
749 |
'expression %s', mainvar, self) |
| 3825 | 750 |
# syntax tree used by read security (inserted in queries when necessary) |
|
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2967
diff
changeset
|
751 |
self.snippet_rqlst = parse(self.minimal_rql, print_errors=False).children[0] |
| 1451 | 752 |
|
| 0 | 753 |
def __str__(self): |
754 |
return self.full_rql |
|
755 |
def __repr__(self): |
|
756 |
return '%s(%s)' % (self.__class__.__name__, self.full_rql) |
|
| 1451 | 757 |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
758 |
def __cmp__(self, other): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
759 |
if hasattr(other, 'expression'): |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
760 |
return cmp(other.expression, self.expression) |
|
4066
0555f170c4d1
__cmp__ should *NOT* return False when different
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4045
diff
changeset
|
761 |
return -1 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
762 |
|
| 0 | 763 |
def __deepcopy__(self, memo): |
764 |
return self.__class__(self.expression, self.mainvars) |
|
765 |
def __getstate__(self): |
|
766 |
return (self.expression, self.mainvars) |
|
767 |
def __setstate__(self, state): |
|
768 |
self.__init__(*state) |
|
| 1451 | 769 |
|
| 0 | 770 |
@cached |
771 |
def transform_has_permission(self): |
|
772 |
found = None |
|
773 |
rqlst = self.rqlst |
|
774 |
for var in rqlst.defined_vars.itervalues(): |
|
775 |
for varref in var.references(): |
|
776 |
rel = varref.relation() |
|
777 |
if rel is None: |
|
778 |
continue |
|
779 |
try: |
|
780 |
prefix, action, suffix = rel.r_type.split('_') |
|
781 |
except ValueError: |
|
782 |
continue |
|
783 |
if prefix != 'has' or suffix != 'permission' or \ |
|
784 |
not action in ('add', 'delete', 'update', 'read'): |
|
785 |
continue |
|
786 |
if found is None: |
|
787 |
found = [] |
|
788 |
rqlst.save_state() |
|
789 |
assert rel.children[0].name == 'U' |
|
790 |
objvar = rel.children[1].children[0].variable |
|
791 |
rqlst.remove_node(rel) |
|
792 |
selected = [v.name for v in rqlst.get_selected_variables()] |
|
793 |
if objvar.name not in selected: |
|
794 |
colindex = len(selected) |
|
795 |
rqlst.add_selected(objvar) |
|
796 |
else: |
|
797 |
colindex = selected.index(objvar.name) |
|
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
798 |
found.append((action, colindex)) |
| 0 | 799 |
# remove U eid %(u)s if U is not used in any other relation |
800 |
uvrefs = rqlst.defined_vars['U'].references() |
|
801 |
if len(uvrefs) == 1: |
|
802 |
rqlst.remove_node(uvrefs[0].relation()) |
|
803 |
if found is not None: |
|
804 |
rql = rqlst.as_string() |
|
805 |
if len(rqlst.selection) == 1 and isinstance(rqlst.where, nodes.Relation): |
|
806 |
# only "Any X WHERE X eid %(x)s" remaining, no need to execute the rql |
|
807 |
keyarg = rqlst.selection[0].name.lower() |
|
808 |
else: |
|
809 |
keyarg = None |
|
810 |
rqlst.recover() |
|
811 |
return rql, found, keyarg |
|
812 |
return rqlst.as_string(), None, None |
|
| 1451 | 813 |
|
| 0 | 814 |
def _check(self, session, **kwargs): |
815 |
"""return True if the rql expression is matching the given relation |
|
816 |
between fromeid and toeid |
|
817 |
||
818 |
session may actually be a request as well |
|
819 |
""" |
|
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
820 |
creating = kwargs.get('creating') |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
821 |
if not creating and self.eid is not None: |
| 0 | 822 |
key = (self.eid, tuple(sorted(kwargs.iteritems()))) |
823 |
try: |
|
824 |
return session.local_perm_cache[key] |
|
825 |
except KeyError: |
|
826 |
pass |
|
827 |
rql, has_perm_defs, keyarg = self.transform_has_permission() |
|
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
828 |
if creating: |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
829 |
# when creating an entity, consider has_*_permission satisfied |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
830 |
if has_perm_defs: |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
831 |
return True |
|
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
832 |
return False |
| 0 | 833 |
if keyarg is None: |
|
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
834 |
kwargs.setdefault('u', session.user.eid) |
| 0 | 835 |
cachekey = kwargs.keys() |
836 |
try: |
|
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
837 |
rset = session.execute(rql, kwargs, cachekey, build_descr=True) |
| 0 | 838 |
except NotImplementedError: |
839 |
self.critical('cant check rql expression, unsupported rql %s', rql) |
|
840 |
if self.eid is not None: |
|
841 |
session.local_perm_cache[key] = False |
|
842 |
return False |
|
843 |
except TypeResolverException, ex: |
|
844 |
# some expression may not be resolvable with current kwargs |
|
845 |
# (type conflict) |
|
846 |
self.warning('%s: %s', rql, str(ex)) |
|
847 |
if self.eid is not None: |
|
848 |
session.local_perm_cache[key] = False |
|
849 |
return False |
|
850 |
else: |
|
851 |
rset = session.eid_rset(kwargs[keyarg]) |
|
852 |
# if no special has_*_permission relation in the rql expression, just |
|
853 |
# check the result set contains something |
|
854 |
if has_perm_defs is None: |
|
855 |
if rset: |
|
856 |
if self.eid is not None: |
|
857 |
session.local_perm_cache[key] = True |
|
858 |
return True |
|
859 |
elif rset: |
|
860 |
# check every special has_*_permission relation is satisfied |
|
861 |
get_eschema = session.vreg.schema.eschema |
|
862 |
try: |
|
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
863 |
for eaction, col in has_perm_defs: |
| 0 | 864 |
for i in xrange(len(rset)): |
865 |
eschema = get_eschema(rset.description[i][col]) |
|
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
866 |
eschema.check_perm(session, eaction, eid=rset[i][col]) |
| 0 | 867 |
if self.eid is not None: |
868 |
session.local_perm_cache[key] = True |
|
869 |
return True |
|
870 |
except Unauthorized: |
|
871 |
pass |
|
872 |
if self.eid is not None: |
|
873 |
session.local_perm_cache[key] = False |
|
874 |
return False |
|
| 1451 | 875 |
|
| 0 | 876 |
@property |
877 |
def minimal_rql(self): |
|
878 |
return 'Any %s WHERE %s' % (self.mainvars, self.expression) |
|
879 |
||
880 |
||
881 |
class ERQLExpression(RQLExpression): |
|
882 |
def __init__(self, expression, mainvars=None, eid=None): |
|
883 |
RQLExpression.__init__(self, expression, mainvars or 'X', eid) |
|
884 |
||
885 |
@property |
|
886 |
def full_rql(self): |
|
887 |
rql = self.minimal_rql |
|
888 |
rqlst = getattr(self, 'rqlst', None) # may be not set yet |
|
889 |
if rqlst is not None: |
|
890 |
defined = rqlst.defined_vars |
|
891 |
else: |
|
892 |
defined = set(split_expression(self.expression)) |
|
893 |
if 'X' in defined: |
|
894 |
rql += ', X eid %(x)s' |
|
895 |
if 'U' in defined: |
|
896 |
rql += ', U eid %(u)s' |
|
897 |
return rql |
|
| 1451 | 898 |
|
|
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
899 |
def check(self, session, eid=None, creating=False, **kwargs): |
| 0 | 900 |
if 'X' in self.rqlst.defined_vars: |
901 |
if eid is None: |
|
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
902 |
if creating: |
|
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
903 |
return self._check(session, creating=True, **kwargs) |
| 0 | 904 |
return False |
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
905 |
assert creating == False |
|
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
906 |
return self._check(session, x=eid, **kwargs) |
|
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
907 |
return self._check(session, **kwargs) |
| 1451 | 908 |
|
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
909 |
|
| 0 | 910 |
class RRQLExpression(RQLExpression): |
911 |
def __init__(self, expression, mainvars=None, eid=None): |
|
912 |
if mainvars is None: |
|
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
913 |
mainvars = guess_rrqlexpr_mainvars(expression) |
| 0 | 914 |
RQLExpression.__init__(self, expression, mainvars, eid) |
| 3827 | 915 |
# graph of links between variable, used by rql rewriter |
|
3826
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
916 |
self.vargraph = {} |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
917 |
for relation in self.rqlst.get_nodes(nodes.Relation): |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
918 |
try: |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
919 |
rhsvarname = relation.children[1].children[0].variable.name |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
920 |
lhsvarname = relation.children[0].name |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
921 |
except AttributeError: |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
922 |
pass |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
923 |
else: |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
924 |
self.vargraph.setdefault(lhsvarname, []).append(rhsvarname) |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
925 |
self.vargraph.setdefault(rhsvarname, []).append(lhsvarname) |
|
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
926 |
#self.vargraph[(lhsvarname, rhsvarname)] = relation.r_type |
| 0 | 927 |
|
928 |
@property |
|
929 |
def full_rql(self): |
|
930 |
rql = self.minimal_rql |
|
931 |
rqlst = getattr(self, 'rqlst', None) # may be not set yet |
|
932 |
if rqlst is not None: |
|
933 |
defined = rqlst.defined_vars |
|
934 |
else: |
|
935 |
defined = set(split_expression(self.expression)) |
|
936 |
if 'S' in defined: |
|
937 |
rql += ', S eid %(s)s' |
|
938 |
if 'O' in defined: |
|
939 |
rql += ', O eid %(o)s' |
|
940 |
if 'U' in defined: |
|
941 |
rql += ', U eid %(u)s' |
|
942 |
return rql |
|
| 1451 | 943 |
|
| 0 | 944 |
def check(self, session, fromeid=None, toeid=None): |
945 |
kwargs = {} |
|
946 |
if 'S' in self.rqlst.defined_vars: |
|
947 |
if fromeid is None: |
|
948 |
return False |
|
949 |
kwargs['s'] = fromeid |
|
950 |
if 'O' in self.rqlst.defined_vars: |
|
951 |
if toeid is None: |
|
952 |
return False |
|
953 |
kwargs['o'] = toeid |
|
954 |
return self._check(session, **kwargs) |
|
| 1451 | 955 |
|
|
4570
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
956 |
# in yams, default 'update' perm for attributes granted to managers and owners. |
|
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
957 |
# Within cw, we want to default to users who may edit the entity holding the |
|
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
958 |
# attribute. |
|
4586
440e340c61fe
DEFAULT_ATTRPERMS is now public
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4575
diff
changeset
|
959 |
ybo.DEFAULT_ATTRPERMS['update'] = ( |
|
4570
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
960 |
'managers', ERQLExpression('U has_update_permission X')) |
| 0 | 961 |
|
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
962 |
# workflow extensions ######################################################### |
|
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
963 |
|
|
2460
ce1a7ffc6c90
fix a couple NameErrors
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
2459
diff
changeset
|
964 |
from yams.buildobjs import _add_relation as yams_add_relation |
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
965 |
|
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
966 |
class workflowable_definition(ybo.metadefinition): |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
967 |
"""extends default EntityType's metaclass to add workflow relations |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
968 |
(i.e. in_state and wf_info_for). |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
969 |
This is the default metaclass for WorkflowableEntityType |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
970 |
""" |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
971 |
def __new__(mcs, name, bases, classdict): |
|
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
972 |
abstract = classdict.pop('__abstract__', False) |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
973 |
cls = super(workflowable_definition, mcs).__new__(mcs, name, bases, |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
974 |
classdict) |
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
975 |
if not abstract: |
|
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
976 |
make_workflowable(cls) |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
977 |
return cls |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
978 |
|
|
2957
2daabf4c646e
[schema] make_workflowable now take an option description for the in_state relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2931
diff
changeset
|
979 |
def make_workflowable(cls, in_state_descr=None): |
|
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
980 |
existing_rels = set(rdef.name for rdef in cls.__relations__) |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
981 |
# let relation types defined in cw.schemas.workflow carrying |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
982 |
# cardinality, constraints and other relation definition properties |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
983 |
if 'custom_workflow' not in existing_rels: |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
984 |
rdef = ybo.SubjectRelation('Workflow') |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
985 |
yams_add_relation(cls.__relations__, rdef, 'custom_workflow') |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
986 |
if 'in_state' not in existing_rels: |
|
2957
2daabf4c646e
[schema] make_workflowable now take an option description for the in_state relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2931
diff
changeset
|
987 |
rdef = ybo.SubjectRelation('State', description=in_state_descr) |
|
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
988 |
yams_add_relation(cls.__relations__, rdef, 'in_state') |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
989 |
if 'wf_info_for' not in existing_rels: |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
990 |
rdef = ybo.ObjectRelation('TrInfo') |
|
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
991 |
yams_add_relation(cls.__relations__, rdef, 'wf_info_for') |
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
992 |
|
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
993 |
class WorkflowableEntityType(ybo.EntityType): |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
994 |
__metaclass__ = workflowable_definition |
|
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
995 |
__abstract__ = True |
| 1451 | 996 |
|
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
997 |
|
| 0 | 998 |
# schema loading ############################################################## |
999 |
||
1000 |
CONSTRAINTS['RQLConstraint'] = RQLConstraint |
|
1001 |
CONSTRAINTS['RQLUniqueConstraint'] = RQLUniqueConstraint |
|
1002 |
CONSTRAINTS['RQLVocabularyConstraint'] = RQLVocabularyConstraint |
|
|
3980
b17cf4a2e09e
this constraint is actually unusable in yams schema for cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3979
diff
changeset
|
1003 |
CONSTRAINTS.pop('MultipleStaticVocabularyConstraint', None) # don't want this in cw yams schema |
| 0 | 1004 |
PyFileReader.context.update(CONSTRAINTS) |
1005 |
||
1006 |
||
1007 |
class BootstrapSchemaLoader(SchemaLoader): |
|
1008 |
"""cubicweb specific schema loader, loading only schema necessary to read |
|
1009 |
the persistent schema |
|
1010 |
""" |
|
1011 |
schemacls = CubicWebSchema |
|
1012 |
||
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1013 |
def load(self, config, path=(), **kwargs): |
| 0 | 1014 |
"""return a Schema instance from the schema definition read |
1015 |
from <directory> |
|
1016 |
""" |
|
1017 |
return super(BootstrapSchemaLoader, self).load( |
|
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1018 |
path, config.appid, register_base_types=False, **kwargs) |
| 1451 | 1019 |
|
| 0 | 1020 |
def _load_definition_files(self, cubes=None): |
1021 |
# bootstraping, ignore cubes |
|
|
2735
39c942241b48
no need for lib_directory
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2730
diff
changeset
|
1022 |
filepath = join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'bootstrap.py') |
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
1023 |
self.info('loading %s', filepath) |
|
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
1024 |
self.handle_file(filepath) |
| 1451 | 1025 |
|
| 0 | 1026 |
def unhandled_file(self, filepath): |
1027 |
"""called when a file without handler associated has been found""" |
|
1028 |
self.warning('ignoring file %r', filepath) |
|
1029 |
||
1030 |
||
1031 |
class CubicWebSchemaLoader(BootstrapSchemaLoader): |
|
1032 |
"""cubicweb specific schema loader, automatically adding metadata to the |
|
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2460
diff
changeset
|
1033 |
instance's schema |
| 0 | 1034 |
""" |
1035 |
||
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1036 |
def load(self, config, **kwargs): |
| 0 | 1037 |
"""return a Schema instance from the schema definition read |
1038 |
from <directory> |
|
1039 |
""" |
|
1040 |
self.info('loading %s schemas', ', '.join(config.cubes())) |
|
|
2782
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1041 |
self.extrapath = {} |
|
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1042 |
for cubesdir in config.cubes_search_path(): |
|
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1043 |
if cubesdir != config.CUBES_DIR: |
|
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1044 |
self.extrapath[cubesdir] = 'cubes' |
|
372
a8a975a88368
check apphome is not None
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
0
diff
changeset
|
1045 |
if config.apphome: |
|
2598
a66fe74bd9fc
[R schema] dont give an iterator, it's a trap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2596
diff
changeset
|
1046 |
path = tuple(reversed([config.apphome] + config.cubes_path())) |
|
372
a8a975a88368
check apphome is not None
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
0
diff
changeset
|
1047 |
else: |
|
2598
a66fe74bd9fc
[R schema] dont give an iterator, it's a trap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2596
diff
changeset
|
1048 |
path = tuple(reversed(config.cubes_path())) |
|
2526
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1049 |
try: |
|
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1050 |
return super(CubicWebSchemaLoader, self).load(config, path=path, **kwargs) |
|
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1051 |
finally: |
|
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1052 |
# we've to cleanup modules imported from cubicweb.schemas as well |
|
2735
39c942241b48
no need for lib_directory
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2730
diff
changeset
|
1053 |
cleanup_sys_modules([join(cubicweb.CW_SOFTWARE_ROOT, 'schemas')]) |
| 0 | 1054 |
|
1055 |
def _load_definition_files(self, cubes): |
|
|
2741
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1056 |
for filepath in (join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'bootstrap.py'), |
|
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1057 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'base.py'), |
|
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1058 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'workflow.py'), |
|
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1059 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'Bookmark.py')): |
| 0 | 1060 |
self.info('loading %s', filepath) |
1061 |
self.handle_file(filepath) |
|
1062 |
for cube in cubes: |
|
1063 |
for filepath in self.get_schema_files(cube): |
|
1064 |
self.info('loading %s', filepath) |
|
1065 |
self.handle_file(filepath) |
|
1066 |
||
1067 |
||
|
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1068 |
set_log_methods(CubicWebSchemaLoader, getLogger('cubicweb.schemaloader')) |
|
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1069 |
set_log_methods(BootstrapSchemaLoader, getLogger('cubicweb.bootstrapschemaloader')) |
|
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1070 |
set_log_methods(RQLExpression, getLogger('cubicweb.schema')) |
|
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1071 |
|
| 0 | 1072 |
# _() is just there to add messages to the catalog, don't care about actual |
1073 |
# translation |
|
1074 |
PERM_USE_TEMPLATE_FORMAT = _('use_template_format') |
|
|
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1075 |
NEED_PERM_FORMATS = [_('text/cubicweb-page-template')] |
| 0 | 1076 |
|
|
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
1077 |
@monkeypatch(FormatConstraint) |
|
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1078 |
def vocabulary(self, entity=None, form=None): |
|
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1079 |
cw = None |
|
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1080 |
if form is None and entity is not None: |
|
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1081 |
cw = entity._cw |
|
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1082 |
elif form is not None: |
|
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1083 |
cw = form._cw |
|
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1084 |
if cw is not None: |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
1085 |
if hasattr(cw, 'write_security'): # test it's a session and not a request |
|
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1086 |
# cw is a server session |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
1087 |
hasperm = not cw.write_security or \ |
|
4843
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
1088 |
not cw.is_hook_category_activated('integrity') or \ |
|
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1089 |
cw.user.has_permission(PERM_USE_TEMPLATE_FORMAT) |
|
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1090 |
else: |
|
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1091 |
hasperm = cw.user.has_permission(PERM_USE_TEMPLATE_FORMAT) |
|
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1092 |
if hasperm: |
|
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1093 |
return self.regular_formats + tuple(NEED_PERM_FORMATS) |
|
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1094 |
return self.regular_formats |
| 0 | 1095 |
|
1096 |
# XXX monkey patch PyFileReader.import_erschema until bw_normalize_etype is |
|
1097 |
# necessary |
|
1098 |
orig_import_erschema = PyFileReader.import_erschema |
|
1099 |
def bw_import_erschema(self, ertype, schemamod=None, instantiate=True): |
|
1100 |
return orig_import_erschema(self, bw_normalize_etype(ertype), schemamod, instantiate) |
|
1101 |
PyFileReader.import_erschema = bw_import_erschema |
|
| 1451 | 1102 |
|
| 0 | 1103 |
# XXX itou for some Statement methods |
1104 |
from rql import stmts |
|
1105 |
orig_get_etype = stmts.ScopeNode.get_etype |
|
1106 |
def bw_get_etype(self, name): |
|
1107 |
return orig_get_etype(self, bw_normalize_etype(name)) |
|
1108 |
stmts.ScopeNode.get_etype = bw_get_etype |
|
1109 |
||
1110 |
orig_add_main_variable_delete = stmts.Delete.add_main_variable |
|
1111 |
def bw_add_main_variable_delete(self, etype, vref): |
|
1112 |
return orig_add_main_variable_delete(self, bw_normalize_etype(etype), vref) |
|
1113 |
stmts.Delete.add_main_variable = bw_add_main_variable_delete |
|
1114 |
||
1115 |
orig_add_main_variable_insert = stmts.Insert.add_main_variable |
|
1116 |
def bw_add_main_variable_insert(self, etype, vref): |
|
1117 |
return orig_add_main_variable_insert(self, bw_normalize_etype(etype), vref) |
|
1118 |
stmts.Insert.add_main_variable = bw_add_main_variable_insert |
|
1119 |
||
1120 |
orig_set_statement_type = stmts.Select.set_statement_type |
|
1121 |
def bw_set_statement_type(self, etype): |
|
1122 |
return orig_set_statement_type(self, bw_normalize_etype(etype)) |
|
1123 |
stmts.Select.set_statement_type = bw_set_statement_type |
|
|
2736
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1124 |
|
|
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1125 |
# XXX deprecated |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1126 |
|
|
2736
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1127 |
from yams.buildobjs import RichString |
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1128 |
from yams.constraints import StaticVocabularyConstraint |
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1129 |
|
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1130 |
RichString = class_moved(RichString) |
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1131 |
|
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1132 |
StaticVocabularyConstraint = class_moved(StaticVocabularyConstraint) |
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1133 |
FormatConstraint = class_moved(FormatConstraint) |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1134 |
|
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1135 |
PyFileReader.context['ERQLExpression'] = yobsolete(ERQLExpression) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1136 |
PyFileReader.context['RRQLExpression'] = yobsolete(RRQLExpression) |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1137 |
PyFileReader.context['WorkflowableEntityType'] = WorkflowableEntityType |