author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Fri, 11 Jun 2010 13:00:19 +0200 | |
branch | stable |
changeset 5733 | d00d1fab42af |
parent 5703 | 24ca7615379b |
child 5707 | 3586d36d2a45 |
child 5746 | f4fc424747db |
permissions | -rw-r--r-- |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
1 |
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
0 | 18 |
"""classes to define schemas for CubicWeb |
19 |
||
20 |
""" |
|
21 |
__docformat__ = "restructuredtext en" |
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
22 |
_ = unicode |
0 | 23 |
|
24 |
import re |
|
2147
476a75ede2cc
merge and add missing import in schema.py
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2142
diff
changeset
|
25 |
from os.path import join |
0 | 26 |
from logging import getLogger |
1133 | 27 |
from warnings import warn |
0 | 28 |
|
624
258e5692ae06
provide a new RichString attribute type
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
479
diff
changeset
|
29 |
from logilab.common.decorators import cached, clear_cache, monkeypatch |
2730
bb6fcb8c5d71
to make cw schemas importable, they have to be installed w/ cw code, not in /usr/share/cubicweb/schemas
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2718
diff
changeset
|
30 |
from logilab.common.logging_ext import set_log_methods |
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
31 |
from logilab.common.deprecation import deprecated, class_moved |
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
32 |
from logilab.common.graph import get_cycles |
0 | 33 |
from logilab.common.compat import any |
34 |
||
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
35 |
from yams import BadSchemaDefinition, buildobjs as ybo |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
36 |
from yams.schema import Schema, ERSchema, EntitySchema, RelationSchema, \ |
5030
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
37 |
RelationDefinitionSchema, PermissionMixIn, role_name |
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
38 |
from yams.constraints import BaseConstraint, FormatConstraint |
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
39 |
from yams.reader import (CONSTRAINTS, PyFileReader, SchemaLoader, |
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
40 |
obsolete as yobsolete, cleanup_sys_modules) |
0 | 41 |
|
42 |
from rql import parse, nodes, RQLSyntaxError, TypeResolverException |
|
43 |
||
2730
bb6fcb8c5d71
to make cw schemas importable, they have to be installed w/ cw code, not in /usr/share/cubicweb/schemas
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2718
diff
changeset
|
44 |
import cubicweb |
0 | 45 |
from cubicweb import ETYPE_NAME_MAP, ValidationError, Unauthorized |
46 |
||
2596
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
47 |
PURE_VIRTUAL_RTYPES = set(('identity', 'has_text',)) |
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
48 |
VIRTUAL_RTYPES = set(('eid', 'identity', 'has_text',)) |
d02eed70937f
[R repo, schema] use VIRTUAL_RTYPES const
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2531
diff
changeset
|
49 |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
50 |
# set of meta-relations available for every entity types |
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
51 |
META_RTYPES = set(( |
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
52 |
'owned_by', 'created_by', 'is', 'is_instance_of', 'identity', |
2456
aa25d6b244c8
new cwuri metadata + a few tests fixes on the way
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2437
diff
changeset
|
53 |
'eid', 'creation_date', 'modification_date', 'has_text', 'cwuri', |
2184 | 54 |
)) |
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
55 |
SYSTEM_RTYPES = set(('require_permission', 'custom_workflow', 'in_state', |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
56 |
'wf_info_for')) |
0 | 57 |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4843
diff
changeset
|
58 |
# set of entity and relation types used to build the schema |
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
59 |
SCHEMA_TYPES = set(( |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
60 |
'CWEType', 'CWRType', 'CWAttribute', 'CWRelation', |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
61 |
'CWConstraint', 'CWConstraintType', 'RQLExpression', |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
62 |
'relation_type', 'from_entity', 'to_entity', |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
63 |
'constrained_by', 'cstrtype', |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
64 |
)) |
0 | 65 |
|
4434
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
66 |
WORKFLOW_TYPES = set(('Transition', 'State', 'TrInfo', 'Workflow', |
4759 | 67 |
'WorkflowTransition', 'BaseTransition', |
68 |
'SubWorkflowExitPoint')) |
|
69 |
||
4434
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
70 |
INTERNAL_TYPES = set(('CWProperty', 'CWPermission', 'CWCache', 'ExternalUri')) |
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
71 |
|
101344a6ff9b
Improve the schema command with filtering option.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
4252
diff
changeset
|
72 |
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
73 |
_LOGGER = getLogger('cubicweb.schemaloader') |
0 | 74 |
|
75 |
# schema entities created from serialized schema have an eid rproperty |
|
76 |
ybo.ETYPE_PROPERTIES += ('eid',) |
|
77 |
ybo.RTYPE_PROPERTIES += ('eid',) |
|
78 |
ybo.RDEF_PROPERTIES += ('eid',) |
|
79 |
||
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
80 |
|
4754
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
81 |
PUB_SYSTEM_ENTITY_PERMS = { |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
82 |
'read': ('managers', 'users', 'guests',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
83 |
'add': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
84 |
'delete': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
85 |
'update': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
86 |
} |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
87 |
PUB_SYSTEM_REL_PERMS = { |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
88 |
'read': ('managers', 'users', 'guests',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
89 |
'add': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
90 |
'delete': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
91 |
} |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
92 |
PUB_SYSTEM_ATTR_PERMS = { |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
93 |
'read': ('managers', 'users', 'guests',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
94 |
'update': ('managers',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
95 |
} |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
96 |
RO_REL_PERMS = { |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
97 |
'read': ('managers', 'users', 'guests',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
98 |
'add': (), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
99 |
'delete': (), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
100 |
} |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
101 |
RO_ATTR_PERMS = { |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
102 |
'read': ('managers', 'users', 'guests',), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
103 |
'update': (), |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
104 |
} |
6bf17f810975
[schema] new constants for permissions definitions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4717
diff
changeset
|
105 |
|
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
106 |
# XXX same algorithm as in reorder_cubes and probably other place, |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
107 |
# may probably extract a generic function |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
108 |
def order_eschemas(eschemas): |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
109 |
"""return entity schemas ordered such that entity types which specializes an |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
110 |
other one appears after that one |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
111 |
""" |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
112 |
graph = {} |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
113 |
for eschema in eschemas: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
114 |
if eschema.specializes(): |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
115 |
graph[eschema] = set((eschema.specializes(),)) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
116 |
else: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
117 |
graph[eschema] = set() |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
118 |
cycles = get_cycles(graph) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
119 |
if cycles: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
120 |
cycles = '\n'.join(' -> '.join(cycle) for cycle in cycles) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
121 |
raise Exception('cycles in entity schema specialization: %s' |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
122 |
% cycles) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
123 |
eschemas = [] |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
124 |
while graph: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
125 |
# sorted to get predictable results |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
126 |
for eschema, deps in sorted(graph.items()): |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
127 |
if not deps: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
128 |
eschemas.append(eschema) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
129 |
del graph[eschema] |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
130 |
for deps in graph.itervalues(): |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
131 |
try: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
132 |
deps.remove(eschema) |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
133 |
except KeyError: |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
134 |
continue |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
135 |
return eschemas |
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
136 |
|
0 | 137 |
def bw_normalize_etype(etype): |
138 |
if etype in ETYPE_NAME_MAP: |
|
139 |
msg = '%s has been renamed to %s, please update your code' % ( |
|
1451 | 140 |
etype, ETYPE_NAME_MAP[etype]) |
0 | 141 |
warn(msg, DeprecationWarning, stacklevel=4) |
142 |
etype = ETYPE_NAME_MAP[etype] |
|
143 |
return etype |
|
144 |
||
3275
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
145 |
def display_name(req, key, form='', context=None): |
0 | 146 |
"""return a internationalized string for the key (schema entity or relation |
147 |
name) in a given form |
|
148 |
""" |
|
149 |
assert form in ('', 'plural', 'subject', 'object') |
|
150 |
if form == 'subject': |
|
151 |
form = '' |
|
152 |
if form: |
|
153 |
key = key + '_' + form |
|
154 |
# ensure unicode |
|
3284
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
155 |
# .lower() in case no translation are available XXX done whatever a translation is there or not! |
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
156 |
if context is not None: |
036cf5a25714
ensure pgettext return unicode as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3275
diff
changeset
|
157 |
return unicode(req.pgettext(context, key)).lower() |
3275
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
158 |
else: |
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
159 |
return unicode(req._(key)).lower() |
5247789df541
[gettext] provide GNU contexts to avoid translations ambiguities
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
3240
diff
changeset
|
160 |
|
2788
8d3dbe577d3a
R put version info in deprecation warnings
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2782
diff
changeset
|
161 |
__builtins__['display_name'] = deprecated('[3.4] display_name should be imported from cubicweb.schema')(display_name) |
0 | 162 |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
163 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
164 |
# rql expression utilities function ############################################ |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
165 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
166 |
def guess_rrqlexpr_mainvars(expression): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
167 |
defined = set(split_expression(expression)) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
168 |
mainvars = [] |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
169 |
if 'S' in defined: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
170 |
mainvars.append('S') |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
171 |
if 'O' in defined: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
172 |
mainvars.append('O') |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
173 |
if 'U' in defined: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
174 |
mainvars.append('U') |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
175 |
if not mainvars: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
176 |
raise Exception('unable to guess selection variables') |
5372
b74eed7e8b37
Add a basic script to compare the db_schema to the fs_schema.
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
5174
diff
changeset
|
177 |
return ','.join(sorted(mainvars)) |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
178 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
179 |
def split_expression(rqlstring): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
180 |
for expr in rqlstring.split(','): |
4132
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
181 |
for noparen in expr.split('('): |
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
182 |
for word in noparen.split(): |
440d383367eb
fix mainvars detection bug with EXISTS (paren, actually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3985
diff
changeset
|
183 |
yield word |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
184 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
185 |
def normalize_expression(rqlstring): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
186 |
"""normalize an rql expression to ease schema synchronization (avoid |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
187 |
suppressing and reinserting an expression if only a space has been added/removed |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
188 |
for instance) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
189 |
""" |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
190 |
return u', '.join(' '.join(expr.split()) for expr in rqlstring.split(',')) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
191 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
192 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
193 |
# Schema objects definition ################################################### |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
194 |
|
3471
8c57c71b859c
can now give context to rschema.display_name(...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3401
diff
changeset
|
195 |
def ERSchema_display_name(self, req, form='', context=None): |
0 | 196 |
"""return a internationalized string for the entity/relation type name in |
197 |
a given form |
|
198 |
""" |
|
3471
8c57c71b859c
can now give context to rschema.display_name(...)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3401
diff
changeset
|
199 |
return display_name(req, self.type, form, context) |
0 | 200 |
ERSchema.display_name = ERSchema_display_name |
201 |
||
202 |
@cached |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
203 |
def get_groups(self, action): |
0 | 204 |
"""return the groups authorized to perform <action> on entities of |
205 |
this type |
|
206 |
||
207 |
:type action: str |
|
208 |
:param action: the name of a permission |
|
209 |
||
210 |
:rtype: tuple |
|
211 |
:return: names of the groups with the given permission |
|
212 |
""" |
|
213 |
assert action in self.ACTIONS, action |
|
214 |
#assert action in self._groups, '%s %s' % (self, action) |
|
215 |
try: |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
216 |
return frozenset(g for g in self.permissions[action] if isinstance(g, basestring)) |
0 | 217 |
except KeyError: |
218 |
return () |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
219 |
PermissionMixIn.get_groups = get_groups |
0 | 220 |
|
221 |
@cached |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
222 |
def get_rqlexprs(self, action): |
0 | 223 |
"""return the rql expressions representing queries to check the user is allowed |
224 |
to perform <action> on entities of this type |
|
225 |
||
226 |
:type action: str |
|
227 |
:param action: the name of a permission |
|
228 |
||
229 |
:rtype: tuple |
|
230 |
:return: the rql expressions with the given permission |
|
231 |
""" |
|
232 |
assert action in self.ACTIONS, action |
|
233 |
#assert action in self._rqlexprs, '%s %s' % (self, action) |
|
234 |
try: |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
235 |
return tuple(g for g in self.permissions[action] if not isinstance(g, basestring)) |
0 | 236 |
except KeyError: |
237 |
return () |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
238 |
PermissionMixIn.get_rqlexprs = get_rqlexprs |
0 | 239 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
240 |
orig_set_action_permissions = PermissionMixIn.set_action_permissions |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
241 |
def set_action_permissions(self, action, permissions): |
0 | 242 |
"""set the groups and rql expressions allowing to perform <action> on |
243 |
entities of this type |
|
244 |
||
245 |
:type action: str |
|
246 |
:param action: the name of a permission |
|
247 |
||
248 |
:type permissions: tuple |
|
249 |
:param permissions: the groups and rql expressions allowing the given action |
|
250 |
""" |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
251 |
orig_set_action_permissions(self, action, tuple(permissions)) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
252 |
clear_cache(self, 'get_rqlexprs') |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
253 |
clear_cache(self, 'get_groups') |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
254 |
PermissionMixIn.set_action_permissions = set_action_permissions |
0 | 255 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
256 |
def has_local_role(self, action): |
0 | 257 |
"""return true if the action *may* be granted localy (eg either rql |
258 |
expressions or the owners group are used in security definition) |
|
259 |
||
260 |
XXX this method is only there since we don't know well how to deal with |
|
261 |
'add' action checking. Also find a better name would be nice. |
|
262 |
""" |
|
263 |
assert action in self.ACTIONS, action |
|
264 |
if self.get_rqlexprs(action): |
|
265 |
return True |
|
266 |
if action in ('update', 'delete'): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
267 |
return 'owners' in self.get_groups(action) |
0 | 268 |
return False |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
269 |
PermissionMixIn.has_local_role = has_local_role |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
270 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
271 |
def may_have_permission(self, action, req): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
272 |
if action != 'read' and not (self.has_local_role('read') or |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
273 |
self.has_perm(req, 'read')): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
274 |
return False |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
275 |
return self.has_local_role(action) or self.has_perm(req, action) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
276 |
PermissionMixIn.may_have_permission = may_have_permission |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
277 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
278 |
def has_perm(self, session, action, **kwargs): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
279 |
"""return true if the action is granted globaly or localy""" |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
280 |
try: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
281 |
self.check_perm(session, action, **kwargs) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
282 |
return True |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
283 |
except Unauthorized: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
284 |
return False |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
285 |
PermissionMixIn.has_perm = has_perm |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
286 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
287 |
def check_perm(self, session, action, **kwargs): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
288 |
# NB: session may be a server session or a request object check user is |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
289 |
# in an allowed group, if so that's enough internal sessions should |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
290 |
# always stop there |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
291 |
groups = self.get_groups(action) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
292 |
if session.user.matching_groups(groups): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
293 |
return |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
294 |
# if 'owners' in allowed groups, check if the user actually owns this |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
295 |
# object, if so that's enough |
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
296 |
if 'owners' in groups and ( |
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
297 |
kwargs.get('creating') |
4608 | 298 |
or ('eid' in kwargs and session.user.owns(kwargs['eid']))): |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
299 |
return |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
300 |
# else if there is some rql expressions, check them |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
301 |
if any(rqlexpr.check(session, **kwargs) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
302 |
for rqlexpr in self.get_rqlexprs(action)): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
303 |
return |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
304 |
raise Unauthorized(action, str(self)) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
305 |
PermissionMixIn.check_perm = check_perm |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
306 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
307 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
308 |
RelationDefinitionSchema._RPROPERTIES['eid'] = None |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
309 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
310 |
def rql_expression(self, expression, mainvars=None, eid=None): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
311 |
"""rql expression factory""" |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
312 |
if self.rtype.final: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
313 |
return ERQLExpression(expression, mainvars, eid) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
314 |
return RRQLExpression(expression, mainvars, eid) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
315 |
RelationDefinitionSchema.rql_expression = rql_expression |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
316 |
|
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
317 |
orig_check_permission_definitions = RelationDefinitionSchema.check_permission_definitions |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
318 |
def check_permission_definitions(self): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
319 |
orig_check_permission_definitions(self) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
320 |
schema = self.subject.schema |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
321 |
for action, groups in self.permissions.iteritems(): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
322 |
for group_or_rqlexpr in groups: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
323 |
if action == 'read' and \ |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
324 |
isinstance(group_or_rqlexpr, RQLExpression): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
325 |
msg = "can't use rql expression for read permission of %s" |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
326 |
raise BadSchemaDefinition(msg % self) |
4574
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
327 |
if self.final and isinstance(group_or_rqlexpr, RRQLExpression): |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
328 |
msg = "can't use RRQLExpression on %s, use an ERQLExpression" |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
329 |
raise BadSchemaDefinition(msg % self) |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
330 |
if not self.final and isinstance(group_or_rqlexpr, ERQLExpression): |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
331 |
msg = "can't use ERQLExpression on %s, use a RRQLExpression" |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
332 |
raise BadSchemaDefinition(msg % self) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
333 |
RelationDefinitionSchema.check_permission_definitions = check_permission_definitions |
0 | 334 |
|
335 |
||
336 |
class CubicWebEntitySchema(EntitySchema): |
|
337 |
"""a entity has a type, a set of subject and or object relations |
|
338 |
the entity schema defines the possible relations for a given type and some |
|
339 |
constraints on those relations |
|
340 |
""" |
|
341 |
def __init__(self, schema=None, edef=None, eid=None, **kwargs): |
|
342 |
super(CubicWebEntitySchema, self).__init__(schema, edef, **kwargs) |
|
343 |
if eid is None and edef is not None: |
|
344 |
eid = getattr(edef, 'eid', None) |
|
345 |
self.eid = eid |
|
4574
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
346 |
|
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
347 |
def check_permission_definitions(self): |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
348 |
super(CubicWebEntitySchema, self).check_permission_definitions() |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
349 |
for groups in self.permissions.itervalues(): |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
350 |
for group_or_rqlexpr in groups: |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
351 |
if isinstance(group_or_rqlexpr, RRQLExpression): |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
352 |
msg = "can't use RRQLExpression on %s, use an ERQLExpression" |
2380444d982c
[schema] refactor/cleanup check_permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4570
diff
changeset
|
353 |
raise BadSchemaDefinition(msg % self.type) |
1451 | 354 |
|
0 | 355 |
def attribute_definitions(self): |
356 |
"""return an iterator on attribute definitions |
|
1451 | 357 |
|
0 | 358 |
attribute relations are a subset of subject relations where the |
359 |
object's type is a final entity |
|
1451 | 360 |
|
0 | 361 |
an attribute definition is a 2-uple : |
362 |
* name of the relation |
|
363 |
* schema of the destination entity type |
|
364 |
""" |
|
365 |
iter = super(CubicWebEntitySchema, self).attribute_definitions() |
|
366 |
for rschema, attrschema in iter: |
|
367 |
if rschema.type == 'has_text': |
|
368 |
continue |
|
369 |
yield rschema, attrschema |
|
1451 | 370 |
|
2128
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
371 |
def main_attribute(self): |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
372 |
"""convenience method that returns the *main* (i.e. the first non meta) |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
373 |
attribute defined in the entity schema |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
374 |
""" |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
375 |
for rschema, _ in self.attribute_definitions(): |
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
376 |
if not (rschema in META_RTYPES |
2128
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
377 |
or self.is_metadata(rschema)): |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
378 |
return rschema |
464edb198faa
drop @ wildcard in relation subject/object, override main_attribute for proper behaviour
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2126
diff
changeset
|
379 |
|
0 | 380 |
def add_subject_relation(self, rschema): |
381 |
"""register the relation schema as possible subject relation""" |
|
382 |
super(CubicWebEntitySchema, self).add_subject_relation(rschema) |
|
383 |
self._update_has_text() |
|
384 |
||
385 |
def del_subject_relation(self, rtype): |
|
386 |
super(CubicWebEntitySchema, self).del_subject_relation(rtype) |
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
387 |
self._update_has_text(True) |
1451 | 388 |
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
389 |
def _update_has_text(self, deletion=False): |
0 | 390 |
may_need_has_text, has_has_text = False, False |
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
391 |
need_has_text = None |
0 | 392 |
for rschema in self.subject_relations(): |
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3554
diff
changeset
|
393 |
if rschema.final: |
0 | 394 |
if rschema == 'has_text': |
395 |
has_has_text = True |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
396 |
elif self.rdef(rschema).get('fulltextindexed'): |
0 | 397 |
may_need_has_text = True |
398 |
elif rschema.fulltext_container: |
|
399 |
if rschema.fulltext_container == 'subject': |
|
400 |
may_need_has_text = True |
|
401 |
else: |
|
402 |
need_has_text = False |
|
403 |
for rschema in self.object_relations(): |
|
404 |
if rschema.fulltext_container: |
|
405 |
if rschema.fulltext_container == 'object': |
|
406 |
may_need_has_text = True |
|
407 |
else: |
|
408 |
need_has_text = False |
|
409 |
if need_has_text is None: |
|
410 |
need_has_text = may_need_has_text |
|
2632
920bfaff60a4
B [schema update] may remove has_text unexpectedly, give another argument to fix it
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2622
diff
changeset
|
411 |
if need_has_text and not has_has_text and not deletion: |
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
412 |
rdef = ybo.RelationDefinition(self.type, 'has_text', 'String', |
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
413 |
__permissions__=RO_ATTR_PERMS) |
0 | 414 |
self.schema.add_relation_def(rdef) |
415 |
elif not need_has_text and has_has_text: |
|
5122
c06078d59e87
[schema] ensure we don't remove has_text relation type unfortunatly
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
416 |
# use rschema.del_relation_def and not schema.del_relation_def to |
c06078d59e87
[schema] ensure we don't remove has_text relation type unfortunatly
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
417 |
# avoid deleting the relation type accidentally... |
c06078d59e87
[schema] ensure we don't remove has_text relation type unfortunatly
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5030
diff
changeset
|
418 |
self.schema['has_text'].del_relation_def(self, self.schema['String']) |
1451 | 419 |
|
0 | 420 |
def schema_entity(self): |
421 |
"""return True if this entity type is used to build the schema""" |
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
422 |
return self.type in SCHEMA_TYPES |
0 | 423 |
|
424 |
def rql_expression(self, expression, mainvars=None, eid=None): |
|
425 |
"""rql expression factory""" |
|
426 |
return ERQLExpression(expression, mainvars, eid) |
|
1451 | 427 |
|
2252 | 428 |
|
0 | 429 |
class CubicWebRelationSchema(RelationSchema): |
1451 | 430 |
|
0 | 431 |
def __init__(self, schema=None, rdef=None, eid=None, **kwargs): |
432 |
if rdef is not None: |
|
433 |
# if this relation is inlined |
|
434 |
self.inlined = rdef.inlined |
|
435 |
super(CubicWebRelationSchema, self).__init__(schema, rdef, **kwargs) |
|
436 |
if eid is None and rdef is not None: |
|
437 |
eid = getattr(rdef, 'eid', None) |
|
438 |
self.eid = eid |
|
1451 | 439 |
|
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
440 |
@property |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
441 |
def meta(self): |
2622
3c7edaa6c6d2
oops, should have been in a earlier commit (META_RELATION_TYPES renaming)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2616
diff
changeset
|
442 |
return self.type in META_RTYPES |
1451 | 443 |
|
0 | 444 |
def schema_relation(self): |
2126
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
445 |
"""return True if this relation type is used to build the schema""" |
a25859917ccc
stop using meta attribute from yams schema. Use instead sets defining meta relations and another defining schema types. Refactor various schema view based on this
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
446 |
return self.type in SCHEMA_TYPES |
1451 | 447 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
448 |
def may_have_permission(self, action, req, eschema=None, role=None): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
449 |
if eschema is not None: |
4019 | 450 |
for tschema in self.targets(eschema, role): |
451 |
rdef = self.role_rdef(eschema, tschema, role) |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
452 |
if rdef.may_have_permission(action, req): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
453 |
return True |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
454 |
else: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
455 |
for rdef in self.rdefs.itervalues(): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
456 |
if rdef.may_have_permission(action, req): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
457 |
return True |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
458 |
return False |
0 | 459 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
460 |
def has_perm(self, session, action, **kwargs): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
461 |
"""return true if the action is granted globaly or localy""" |
4575
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
462 |
if self.final: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
463 |
assert not ('fromeid' in kwargs or 'toeid' in kwargs), kwargs |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
464 |
assert action in ('read', 'update') |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
465 |
if 'eid' in kwargs: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
466 |
subjtype = session.describe(kwargs['eid'])[0] |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
467 |
else: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
468 |
subjtype = objtype = None |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
469 |
else: |
4575
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
470 |
assert not 'eid' in kwargs, kwargs |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
471 |
assert action in ('read', 'add', 'delete') |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
472 |
if 'fromeid' in kwargs: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
473 |
subjtype = session.describe(kwargs['fromeid'])[0] |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
474 |
else: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
475 |
subjtype = None |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
476 |
if 'toeid' in kwargs: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
477 |
objtype = session.describe(kwargs['toeid'])[0] |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
478 |
else: |
4a7fe84f7803
[schema] fix RelationSchema.has_perm to properly works with attribute relations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4574
diff
changeset
|
479 |
objtype = None |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
480 |
if objtype and subjtype: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
481 |
return self.rdef(subjtype, objtype).has_perm(session, action, **kwargs) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
482 |
elif subjtype: |
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
483 |
for tschema in self.targets(subjtype, 'subject'): |
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
484 |
rdef = self.rdef(subjtype, tschema) |
4045
f4a52abb6f4f
cw 3.6 api update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4037
diff
changeset
|
485 |
if not rdef.has_perm(session, action, **kwargs): |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
486 |
return False |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
487 |
elif objtype: |
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
488 |
for tschema in self.targets(objtype, 'object'): |
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
489 |
rdef = self.rdef(tschema, objtype) |
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
490 |
if not rdef.has_perm(session, action, **kwargs): |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
491 |
return False |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
492 |
else: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
493 |
for rdef in self.rdefs.itervalues(): |
4004
c52619c738a5
api renaming update
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
4003
diff
changeset
|
494 |
if not rdef.has_perm(session, action, **kwargs): |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
495 |
return False |
4233
94ffaecd8e8c
ouch, has_perm was always returning False...
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4181
diff
changeset
|
496 |
return True |
0 | 497 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
498 |
@deprecated('use .rdef(subjtype, objtype).role_cardinality(role)') |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
499 |
def cardinality(self, subjtype, objtype, target): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
500 |
return self.rdef(subjtype, objtype).role_cardinality(target) |
0 | 501 |
|
1451 | 502 |
|
0 | 503 |
class CubicWebSchema(Schema): |
504 |
"""set of entities and relations schema defining the possible data sets |
|
505 |
used in an application |
|
506 |
||
507 |
:type name: str |
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2460
diff
changeset
|
508 |
:ivar name: name of the schema, usually the instance identifier |
1451 | 509 |
|
0 | 510 |
:type base: str |
511 |
:ivar base: path of the directory where the schema is defined |
|
512 |
""" |
|
1451 | 513 |
reading_from_database = False |
0 | 514 |
entity_class = CubicWebEntitySchema |
515 |
relation_class = CubicWebRelationSchema |
|
2958
44e5446b649b
no inference for the identity relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2926
diff
changeset
|
516 |
no_specialization_inference = ('identity',) |
0 | 517 |
|
518 |
def __init__(self, *args, **kwargs): |
|
519 |
self._eid_index = {} |
|
520 |
super(CubicWebSchema, self).__init__(*args, **kwargs) |
|
521 |
ybo.register_base_types(self) |
|
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
522 |
rschema = self.add_relation_type(ybo.RelationType('eid')) |
0 | 523 |
rschema.final = True |
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
524 |
rschema = self.add_relation_type(ybo.RelationType('has_text')) |
0 | 525 |
rschema.final = True |
2300
c8151d004e06
meta has been drop
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2293
diff
changeset
|
526 |
rschema = self.add_relation_type(ybo.RelationType('identity')) |
0 | 527 |
rschema.final = False |
1451 | 528 |
|
0 | 529 |
def add_entity_type(self, edef): |
530 |
edef.name = edef.name.encode() |
|
531 |
edef.name = bw_normalize_etype(edef.name) |
|
532 |
assert re.match(r'[A-Z][A-Za-z0-9]*[a-z]+[0-9]*$', edef.name), repr(edef.name) |
|
533 |
eschema = super(CubicWebSchema, self).add_entity_type(edef) |
|
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3554
diff
changeset
|
534 |
if not eschema.final: |
0 | 535 |
# automatically add the eid relation to non final entity types |
536 |
rdef = ybo.RelationDefinition(eschema.type, 'eid', 'Int', |
|
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
537 |
cardinality='11', uid=True, |
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
538 |
__permissions__=RO_ATTR_PERMS) |
0 | 539 |
self.add_relation_def(rdef) |
4755
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
540 |
rdef = ybo.RelationDefinition(eschema.type, 'identity', eschema.type, |
13a5d3a7410e
[schema] tweaks meta-relations and schema/workflow entities attributes permissions
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4754
diff
changeset
|
541 |
__permissions__=RO_REL_PERMS) |
0 | 542 |
self.add_relation_def(rdef) |
543 |
self._eid_index[eschema.eid] = eschema |
|
544 |
return eschema |
|
1451 | 545 |
|
0 | 546 |
def add_relation_type(self, rdef): |
547 |
rdef.name = rdef.name.lower().encode() |
|
548 |
rschema = super(CubicWebSchema, self).add_relation_type(rdef) |
|
549 |
self._eid_index[rschema.eid] = rschema |
|
550 |
return rschema |
|
1451 | 551 |
|
0 | 552 |
def add_relation_def(self, rdef): |
553 |
"""build a part of a relation schema |
|
554 |
(i.e. add a relation between two specific entity's types) |
|
555 |
||
556 |
:type subject: str |
|
557 |
:param subject: entity's type that is subject of the relation |
|
558 |
||
559 |
:type rtype: str |
|
560 |
:param rtype: the relation's type (i.e. the name of the relation) |
|
561 |
||
562 |
:type obj: str |
|
563 |
:param obj: entity's type that is object of the relation |
|
564 |
||
565 |
:rtype: RelationSchema |
|
566 |
:param: the newly created or just completed relation schema |
|
567 |
""" |
|
568 |
rdef.name = rdef.name.lower() |
|
569 |
rdef.subject = bw_normalize_etype(rdef.subject) |
|
570 |
rdef.object = bw_normalize_etype(rdef.object) |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
571 |
rdefs = super(CubicWebSchema, self).add_relation_def(rdef) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
572 |
if rdefs: |
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
573 |
try: |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
574 |
self._eid_index[rdef.eid] = rdefs |
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
575 |
except AttributeError: |
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
576 |
pass # not a serialized schema |
4003
b9436fe77c9e
fix bad merge
Sandrine Ribeau <sandrine.ribeau@logilab.fr>
parents:
3998
diff
changeset
|
577 |
return rdefs |
1451 | 578 |
|
0 | 579 |
def del_relation_type(self, rtype): |
580 |
rschema = self.rschema(rtype) |
|
581 |
self._eid_index.pop(rschema.eid, None) |
|
582 |
super(CubicWebSchema, self).del_relation_type(rtype) |
|
1451 | 583 |
|
0 | 584 |
def del_relation_def(self, subjtype, rtype, objtype): |
585 |
for k, v in self._eid_index.items(): |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
586 |
if not isinstance(v, RelationDefinitionSchema): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
587 |
continue |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
588 |
if v.subject == subjtype and v.rtype == rtype and v.object == objtype: |
0 | 589 |
del self._eid_index[k] |
2718
3a56b87bb5d6
[schema] break when found
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2716
diff
changeset
|
590 |
break |
0 | 591 |
super(CubicWebSchema, self).del_relation_def(subjtype, rtype, objtype) |
1451 | 592 |
|
0 | 593 |
def del_entity_type(self, etype): |
594 |
eschema = self.eschema(etype) |
|
595 |
self._eid_index.pop(eschema.eid, None) |
|
596 |
# deal with has_text first, else its automatic deletion (see above) |
|
597 |
# may trigger an error in ancestor's del_entity_type method |
|
598 |
if 'has_text' in eschema.subject_relations(): |
|
599 |
self.del_relation_def(etype, 'has_text', 'String') |
|
600 |
super(CubicWebSchema, self).del_entity_type(etype) |
|
1451 | 601 |
|
0 | 602 |
def schema_by_eid(self, eid): |
603 |
return self._eid_index[eid] |
|
604 |
||
605 |
||
606 |
# Possible constraints ######################################################## |
|
607 |
||
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
608 |
class BaseRQLConstraint(BaseConstraint): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
609 |
"""base class for rql constraints |
0 | 610 |
""" |
1451 | 611 |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
612 |
def __init__(self, restriction, mainvars=None): |
3963
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
613 |
self.restriction = normalize_expression(restriction) |
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
614 |
if mainvars is None: |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
615 |
mainvars = guess_rrqlexpr_mainvars(restriction) |
3963
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
616 |
else: |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
617 |
normmainvars = [] |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
618 |
for mainvar in mainvars.split(','): |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
619 |
mainvar = mainvar.strip() |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
620 |
if not mainvar.isalpha(): |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
621 |
raise Exception('bad mainvars %s' % mainvars) |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
622 |
normmainvars.append(mainvar) |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
623 |
assert mainvars, 'bad mainvars %s' % mainvars |
0d592677e55f
nicer mainvars/expression handling when initializing rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3961
diff
changeset
|
624 |
mainvars = ','.join(sorted(normmainvars)) |
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
625 |
self.mainvars = mainvars |
0 | 626 |
|
627 |
def serialize(self): |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
628 |
# start with a comma for bw compat, see below |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
629 |
return ';' + self.mainvars + ';' + self.restriction |
1451 | 630 |
|
5378
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
631 |
@classmethod |
0 | 632 |
def deserialize(cls, value): |
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
633 |
# XXX < 3.5.10 bw compat |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
634 |
if not value.startswith(';'): |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
635 |
return cls(value) |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
636 |
_, mainvars, restriction = value.split(';', 2) |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
637 |
return cls(restriction, mainvars) |
1451 | 638 |
|
0 | 639 |
def check(self, entity, rtype, value): |
640 |
"""return true if the value satisfy the constraint, else false""" |
|
641 |
# implemented as a hook in the repository |
|
642 |
return 1 |
|
643 |
||
644 |
def repo_check(self, session, eidfrom, rtype, eidto): |
|
645 |
"""raise ValidationError if the relation doesn't satisfy the constraint |
|
646 |
""" |
|
3554
26e586f3c15c
[schema] make RQL* constraints usable w/ attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3347
diff
changeset
|
647 |
pass # this is a vocabulary constraint, not enforce XXX why? |
1451 | 648 |
|
0 | 649 |
def __str__(self): |
3965
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
650 |
return '%s(Any %s WHERE %s)' % (self.__class__.__name__, self.mainvars, |
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
651 |
self.restriction) |
0 | 652 |
|
653 |
def __repr__(self): |
|
3965
94f95928f5ae
nicer __str__ and __repr__ methods on rql constraints
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3964
diff
changeset
|
654 |
return '<%s @%#x>' % (self.__str__(), id(self)) |
0 | 655 |
|
656 |
||
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
657 |
class RQLVocabularyConstraint(BaseRQLConstraint): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
658 |
"""the rql vocabulary constraint : |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
659 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
660 |
limit the proposed values to a set of entities returned by a rql query, |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
661 |
but this is not enforced at the repository level |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
662 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
663 |
restriction is additional rql restriction that will be added to |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
664 |
a predefined query, where the S and O variables respectivly represent |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
665 |
the subject and the object of the relation |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
666 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
667 |
mainvars is a string that should be used as selection variable (eg |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
668 |
`'Any %s WHERE ...' % mainvars`). If not specified, an attempt will be |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
669 |
done to guess it according to variable used in the expression. |
0 | 670 |
""" |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
671 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
672 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
673 |
class RepoEnforcedRQLConstraintMixIn(object): |
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
674 |
|
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
675 |
def __init__(self, restriction, mainvars=None, msg=None): |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
676 |
super(RepoEnforcedRQLConstraintMixIn, self).__init__(restriction, mainvars) |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
677 |
self.msg = msg |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
678 |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
679 |
def serialize(self): |
3968
e8dbad65a7a2
fix format string
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
3967
diff
changeset
|
680 |
# start with a semicolon for bw compat, see below |
e8dbad65a7a2
fix format string
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
3967
diff
changeset
|
681 |
return ';%s;%s\n%s' % (self.mainvars, self.restriction, |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
682 |
self.msg or '') |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
683 |
|
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
684 |
def deserialize(cls, value): |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
685 |
# XXX < 3.5.10 bw compat |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
686 |
if not value.startswith(';'): |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
687 |
return cls(value) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
688 |
value, msg = value.split('\n', 1) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
689 |
_, mainvars, restriction = value.split(';', 2) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
690 |
return cls(restriction, mainvars, msg) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
691 |
deserialize = classmethod(deserialize) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
692 |
|
3554
26e586f3c15c
[schema] make RQL* constraints usable w/ attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3347
diff
changeset
|
693 |
def repo_check(self, session, eidfrom, rtype, eidto=None): |
0 | 694 |
"""raise ValidationError if the relation doesn't satisfy the constraint |
695 |
""" |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
696 |
if not self.match_condition(session, eidfrom, eidto): |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
697 |
# XXX at this point if both or neither of S and O are in mainvar we |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
698 |
# dunno if the validation error `occured` on eidfrom or eidto (from |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
699 |
# user interface point of view) |
5030
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
700 |
# |
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
701 |
# possible enhancement: check entity being created, it's probably |
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
702 |
# the main eid unless this is a composite relation |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
703 |
if eidto is None or 'S' in self.mainvars or not 'O' in self.mainvars: |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
704 |
maineid = eidfrom |
5030
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
705 |
qname = role_name(rtype, 'subject') |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
706 |
else: |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
707 |
maineid = eidto |
5030
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
708 |
qname = role_name(rtype, 'object') |
3964
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
709 |
if self.msg: |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
710 |
msg = session._(self.msg) |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
711 |
else: |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
712 |
msg = '%(constraint)s %(restriction)s failed' % { |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
713 |
'constraint': session._(self.type()), |
21387ffb0731
refactor so that we can specify an extra argument to constraints which
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3963
diff
changeset
|
714 |
'restriction': self.restriction} |
5030
5238d9a8dfee
[form] put qualified name on validation error, should fix #784299
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4913
diff
changeset
|
715 |
raise ValidationError(maineid, {qname: msg}) |
0 | 716 |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
717 |
def exec_query(self, session, eidfrom, eidto): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
718 |
if eidto is None: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
719 |
# checking constraint for an attribute relation |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
720 |
restriction = 'S eid %(s)s, ' + self.restriction |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
721 |
args = {'s': eidfrom} |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
722 |
else: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
723 |
restriction = 'S eid %(s)s, O eid %(o)s, ' + self.restriction |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
724 |
args = {'s': eidfrom, 'o': eidto} |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
725 |
rql = 'Any %s WHERE %s' % (self.mainvars, restriction) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
726 |
if self.distinct_query: |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
727 |
rql = 'DISTINCT ' + rql |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
728 |
return session.execute(rql, args, build_descr=False) |
0 | 729 |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
730 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
731 |
class RQLConstraint(RepoEnforcedRQLConstraintMixIn, RQLVocabularyConstraint): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
732 |
"""the rql constraint is similar to the RQLVocabularyConstraint but |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
733 |
are also enforced at the repository level |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
734 |
""" |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
735 |
distinct_query = False |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
736 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
737 |
def match_condition(self, session, eidfrom, eidto): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
738 |
return self.exec_query(session, eidfrom, eidto) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
739 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
740 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
741 |
class RQLUniqueConstraint(RepoEnforcedRQLConstraintMixIn, BaseRQLConstraint): |
0 | 742 |
"""the unique rql constraint check that the result of the query isn't |
743 |
greater than one |
|
744 |
""" |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
745 |
distinct_query = True |
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
746 |
|
3985
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
747 |
# XXX turns mainvars into a required argument in __init__, since we've no |
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
748 |
# way to guess it correctly (eg if using S,O or U the constraint will |
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
749 |
# always be satisfied since we've to use a DISTINCT query) |
d5bf894fcf02
add some notes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3980
diff
changeset
|
750 |
|
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
751 |
def match_condition(self, session, eidfrom, eidto): |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
752 |
return len(self.exec_query(session, eidfrom, eidto)) <= 1 |
0 | 753 |
|
754 |
||
755 |
class RQLExpression(object): |
|
756 |
def __init__(self, expression, mainvars, eid): |
|
757 |
self.eid = eid # eid of the entity representing this rql expression |
|
758 |
if not isinstance(mainvars, unicode): |
|
759 |
mainvars = unicode(mainvars) |
|
760 |
self.mainvars = mainvars |
|
761 |
self.expression = normalize_expression(expression) |
|
762 |
try: |
|
763 |
self.rqlst = parse(self.full_rql, print_errors=False).children[0] |
|
764 |
except RQLSyntaxError: |
|
765 |
raise RQLSyntaxError(expression) |
|
766 |
for mainvar in mainvars.split(','): |
|
767 |
if len(self.rqlst.defined_vars[mainvar].references()) <= 2: |
|
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
768 |
_LOGGER.warn('You did not use the %s variable in your RQL ' |
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
769 |
'expression %s', mainvar, self) |
3825 | 770 |
# syntax tree used by read security (inserted in queries when necessary) |
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2967
diff
changeset
|
771 |
self.snippet_rqlst = parse(self.minimal_rql, print_errors=False).children[0] |
1451 | 772 |
|
0 | 773 |
def __str__(self): |
774 |
return self.full_rql |
|
775 |
def __repr__(self): |
|
776 |
return '%s(%s)' % (self.__class__.__name__, self.full_rql) |
|
1451 | 777 |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
778 |
def __cmp__(self, other): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
779 |
if hasattr(other, 'expression'): |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
780 |
return cmp(other.expression, self.expression) |
4066
0555f170c4d1
__cmp__ should *NOT* return False when different
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4045
diff
changeset
|
781 |
return -1 |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
782 |
|
0 | 783 |
def __deepcopy__(self, memo): |
784 |
return self.__class__(self.expression, self.mainvars) |
|
785 |
def __getstate__(self): |
|
786 |
return (self.expression, self.mainvars) |
|
787 |
def __setstate__(self, state): |
|
788 |
self.__init__(*state) |
|
1451 | 789 |
|
0 | 790 |
@cached |
791 |
def transform_has_permission(self): |
|
792 |
found = None |
|
793 |
rqlst = self.rqlst |
|
794 |
for var in rqlst.defined_vars.itervalues(): |
|
795 |
for varref in var.references(): |
|
796 |
rel = varref.relation() |
|
797 |
if rel is None: |
|
798 |
continue |
|
799 |
try: |
|
800 |
prefix, action, suffix = rel.r_type.split('_') |
|
801 |
except ValueError: |
|
802 |
continue |
|
803 |
if prefix != 'has' or suffix != 'permission' or \ |
|
804 |
not action in ('add', 'delete', 'update', 'read'): |
|
805 |
continue |
|
806 |
if found is None: |
|
807 |
found = [] |
|
808 |
rqlst.save_state() |
|
809 |
assert rel.children[0].name == 'U' |
|
810 |
objvar = rel.children[1].children[0].variable |
|
811 |
rqlst.remove_node(rel) |
|
812 |
selected = [v.name for v in rqlst.get_selected_variables()] |
|
813 |
if objvar.name not in selected: |
|
814 |
colindex = len(selected) |
|
815 |
rqlst.add_selected(objvar) |
|
816 |
else: |
|
817 |
colindex = selected.index(objvar.name) |
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
818 |
found.append((action, colindex)) |
0 | 819 |
# remove U eid %(u)s if U is not used in any other relation |
820 |
uvrefs = rqlst.defined_vars['U'].references() |
|
821 |
if len(uvrefs) == 1: |
|
822 |
rqlst.remove_node(uvrefs[0].relation()) |
|
823 |
if found is not None: |
|
824 |
rql = rqlst.as_string() |
|
825 |
if len(rqlst.selection) == 1 and isinstance(rqlst.where, nodes.Relation): |
|
826 |
# only "Any X WHERE X eid %(x)s" remaining, no need to execute the rql |
|
827 |
keyarg = rqlst.selection[0].name.lower() |
|
828 |
else: |
|
829 |
keyarg = None |
|
830 |
rqlst.recover() |
|
831 |
return rql, found, keyarg |
|
832 |
return rqlst.as_string(), None, None |
|
1451 | 833 |
|
0 | 834 |
def _check(self, session, **kwargs): |
835 |
"""return True if the rql expression is matching the given relation |
|
836 |
between fromeid and toeid |
|
837 |
||
838 |
session may actually be a request as well |
|
839 |
""" |
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
840 |
creating = kwargs.get('creating') |
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
841 |
if not creating and self.eid is not None: |
0 | 842 |
key = (self.eid, tuple(sorted(kwargs.iteritems()))) |
843 |
try: |
|
844 |
return session.local_perm_cache[key] |
|
845 |
except KeyError: |
|
846 |
pass |
|
847 |
rql, has_perm_defs, keyarg = self.transform_has_permission() |
|
5703
24ca7615379b
[security] consider any rql expression refering to X while X is being created as satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5531
diff
changeset
|
848 |
# when creating an entity, expression related to X satisfied |
24ca7615379b
[security] consider any rql expression refering to X while X is being created as satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5531
diff
changeset
|
849 |
if creating and 'X' in self.rqlst.defined_vars: |
24ca7615379b
[security] consider any rql expression refering to X while X is being created as satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5531
diff
changeset
|
850 |
return True |
0 | 851 |
if keyarg is None: |
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
852 |
kwargs.setdefault('u', session.user.eid) |
0 | 853 |
try: |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5122
diff
changeset
|
854 |
rset = session.execute(rql, kwargs, build_descr=True) |
0 | 855 |
except NotImplementedError: |
856 |
self.critical('cant check rql expression, unsupported rql %s', rql) |
|
857 |
if self.eid is not None: |
|
858 |
session.local_perm_cache[key] = False |
|
859 |
return False |
|
860 |
except TypeResolverException, ex: |
|
861 |
# some expression may not be resolvable with current kwargs |
|
862 |
# (type conflict) |
|
863 |
self.warning('%s: %s', rql, str(ex)) |
|
864 |
if self.eid is not None: |
|
865 |
session.local_perm_cache[key] = False |
|
866 |
return False |
|
5531
0ce62ac0d1d7
catch unauthorized when executing rql to check an rql expression. Fix #968824
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
867 |
except Unauthorized, ex: |
0ce62ac0d1d7
catch unauthorized when executing rql to check an rql expression. Fix #968824
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
868 |
self.debug('unauthorized %s: %s', rql, str(ex)) |
0ce62ac0d1d7
catch unauthorized when executing rql to check an rql expression. Fix #968824
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
869 |
if self.eid is not None: |
0ce62ac0d1d7
catch unauthorized when executing rql to check an rql expression. Fix #968824
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
870 |
session.local_perm_cache[key] = False |
0ce62ac0d1d7
catch unauthorized when executing rql to check an rql expression. Fix #968824
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
871 |
return False |
0 | 872 |
else: |
873 |
rset = session.eid_rset(kwargs[keyarg]) |
|
874 |
# if no special has_*_permission relation in the rql expression, just |
|
875 |
# check the result set contains something |
|
876 |
if has_perm_defs is None: |
|
877 |
if rset: |
|
878 |
if self.eid is not None: |
|
879 |
session.local_perm_cache[key] = True |
|
880 |
return True |
|
881 |
elif rset: |
|
882 |
# check every special has_*_permission relation is satisfied |
|
883 |
get_eschema = session.vreg.schema.eschema |
|
884 |
try: |
|
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
885 |
for eaction, col in has_perm_defs: |
0 | 886 |
for i in xrange(len(rset)): |
887 |
eschema = get_eschema(rset.description[i][col]) |
|
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
888 |
eschema.check_perm(session, eaction, eid=rset[i][col]) |
0 | 889 |
if self.eid is not None: |
890 |
session.local_perm_cache[key] = True |
|
891 |
return True |
|
892 |
except Unauthorized: |
|
893 |
pass |
|
894 |
if self.eid is not None: |
|
895 |
session.local_perm_cache[key] = False |
|
896 |
return False |
|
1451 | 897 |
|
0 | 898 |
@property |
899 |
def minimal_rql(self): |
|
900 |
return 'Any %s WHERE %s' % (self.mainvars, self.expression) |
|
901 |
||
902 |
||
903 |
class ERQLExpression(RQLExpression): |
|
904 |
def __init__(self, expression, mainvars=None, eid=None): |
|
905 |
RQLExpression.__init__(self, expression, mainvars or 'X', eid) |
|
906 |
||
907 |
@property |
|
908 |
def full_rql(self): |
|
909 |
rql = self.minimal_rql |
|
910 |
rqlst = getattr(self, 'rqlst', None) # may be not set yet |
|
911 |
if rqlst is not None: |
|
912 |
defined = rqlst.defined_vars |
|
913 |
else: |
|
914 |
defined = set(split_expression(self.expression)) |
|
915 |
if 'X' in defined: |
|
916 |
rql += ', X eid %(x)s' |
|
917 |
if 'U' in defined: |
|
918 |
rql += ', U eid %(u)s' |
|
919 |
return rql |
|
1451 | 920 |
|
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
921 |
def check(self, session, eid=None, creating=False, **kwargs): |
0 | 922 |
if 'X' in self.rqlst.defined_vars: |
923 |
if eid is None: |
|
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
924 |
if creating: |
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
925 |
return self._check(session, creating=True, **kwargs) |
0 | 926 |
return False |
4607
55eab66c6592
[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4586
diff
changeset
|
927 |
assert creating == False |
4619
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
928 |
return self._check(session, x=eid, **kwargs) |
f4254586e867
[security] allow to call .check on rql expression with a user eid specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4608
diff
changeset
|
929 |
return self._check(session, **kwargs) |
1451 | 930 |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
931 |
|
0 | 932 |
class RRQLExpression(RQLExpression): |
933 |
def __init__(self, expression, mainvars=None, eid=None): |
|
934 |
if mainvars is None: |
|
3961
d1cbf77db999
fix RQLUniqueConstraint behaviour by using a DISTINCT query and allowing
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3827
diff
changeset
|
935 |
mainvars = guess_rrqlexpr_mainvars(expression) |
0 | 936 |
RQLExpression.__init__(self, expression, mainvars, eid) |
3827 | 937 |
# graph of links between variable, used by rql rewriter |
3826
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
938 |
self.vargraph = {} |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
939 |
for relation in self.rqlst.get_nodes(nodes.Relation): |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
940 |
try: |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
941 |
rhsvarname = relation.children[1].children[0].variable.name |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
942 |
lhsvarname = relation.children[0].name |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
943 |
except AttributeError: |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
944 |
pass |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
945 |
else: |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
946 |
self.vargraph.setdefault(lhsvarname, []).append(rhsvarname) |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
947 |
self.vargraph.setdefault(rhsvarname, []).append(lhsvarname) |
0c0c051863cb
close #511810: bad rql generated when looking for vocabulary for a relation on an entity which doesn't exist (yet)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3825
diff
changeset
|
948 |
#self.vargraph[(lhsvarname, rhsvarname)] = relation.r_type |
0 | 949 |
|
950 |
@property |
|
951 |
def full_rql(self): |
|
952 |
rql = self.minimal_rql |
|
953 |
rqlst = getattr(self, 'rqlst', None) # may be not set yet |
|
954 |
if rqlst is not None: |
|
955 |
defined = rqlst.defined_vars |
|
956 |
else: |
|
957 |
defined = set(split_expression(self.expression)) |
|
958 |
if 'S' in defined: |
|
959 |
rql += ', S eid %(s)s' |
|
960 |
if 'O' in defined: |
|
961 |
rql += ', O eid %(o)s' |
|
962 |
if 'U' in defined: |
|
963 |
rql += ', U eid %(u)s' |
|
964 |
return rql |
|
1451 | 965 |
|
0 | 966 |
def check(self, session, fromeid=None, toeid=None): |
967 |
kwargs = {} |
|
968 |
if 'S' in self.rqlst.defined_vars: |
|
969 |
if fromeid is None: |
|
970 |
return False |
|
971 |
kwargs['s'] = fromeid |
|
972 |
if 'O' in self.rqlst.defined_vars: |
|
973 |
if toeid is None: |
|
974 |
return False |
|
975 |
kwargs['o'] = toeid |
|
976 |
return self._check(session, **kwargs) |
|
1451 | 977 |
|
4570
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
978 |
# in yams, default 'update' perm for attributes granted to managers and owners. |
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
979 |
# Within cw, we want to default to users who may edit the entity holding the |
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
980 |
# attribute. |
4586
440e340c61fe
DEFAULT_ATTRPERMS is now public
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4575
diff
changeset
|
981 |
ybo.DEFAULT_ATTRPERMS['update'] = ( |
4570
ede247bbbf62
follow yams api change: attributes permissions are now defined for
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4466
diff
changeset
|
982 |
'managers', ERQLExpression('U has_update_permission X')) |
0 | 983 |
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
984 |
# workflow extensions ######################################################### |
2926
4484387ed012
when adding/removing cubes, we should add/remove entity types in correct order if one inherits from another
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
985 |
|
2460
ce1a7ffc6c90
fix a couple NameErrors
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
2459
diff
changeset
|
986 |
from yams.buildobjs import _add_relation as yams_add_relation |
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
987 |
|
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
988 |
class workflowable_definition(ybo.metadefinition): |
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
989 |
"""extends default EntityType's metaclass to add workflow relations |
5378
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
990 |
(i.e. in_state, wf_info_for and custom_workflow). This is the default |
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
991 |
metaclass for WorkflowableEntityType. |
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
992 |
""" |
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
993 |
def __new__(mcs, name, bases, classdict): |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
994 |
abstract = classdict.pop('__abstract__', False) |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
995 |
cls = super(workflowable_definition, mcs).__new__(mcs, name, bases, |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
996 |
classdict) |
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
997 |
if not abstract: |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
998 |
make_workflowable(cls) |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
999 |
return cls |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1000 |
|
5379
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1001 |
class WorkflowableEntityType(ybo.EntityType): |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1002 |
"""Use this base class instead of :class:`EntityType` to have workflow |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1003 |
relations (i.e. `in_state`, `wf_info_for` and `custom_workflow`) on your |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1004 |
entity type. |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1005 |
""" |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1006 |
__metaclass__ = workflowable_definition |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1007 |
__abstract__ = True |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1008 |
|
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1009 |
|
2957
2daabf4c646e
[schema] make_workflowable now take an option description for the in_state relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2931
diff
changeset
|
1010 |
def make_workflowable(cls, in_state_descr=None): |
5378
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
1011 |
"""Adds workflow relations as :class:`WorkflowableEntityType`, but usable on |
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
1012 |
existing classes which are not using that base class. |
0f54a0e128ac
[schema] cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5372
diff
changeset
|
1013 |
""" |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1014 |
existing_rels = set(rdef.name for rdef in cls.__relations__) |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1015 |
# let relation types defined in cw.schemas.workflow carrying |
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1016 |
# cardinality, constraints and other relation definition properties |
5379
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1017 |
etype = getattr(cls, 'name', cls.__name__) |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1018 |
if 'custom_workflow' not in existing_rels: |
5379
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1019 |
rdef = ybo.RelationDefinition(etype, 'custom_workflow', 'Workflow') |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1020 |
yams_add_relation(cls.__relations__, rdef) |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1021 |
if 'in_state' not in existing_rels: |
5379
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1022 |
rdef = ybo.RelationDefinition(etype, 'in_state', 'State', |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1023 |
description=in_state_descr) |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1024 |
yams_add_relation(cls.__relations__, rdef) |
2920
64322aa83a1d
start a new workflow engine
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2782
diff
changeset
|
1025 |
if 'wf_info_for' not in existing_rels: |
5379
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1026 |
rdef = ybo.RelationDefinition('TrInfo', 'wf_info_for', etype) |
c082dea0731b
[schema] update for yams 0.29: BoundConstraint renamed to BoundaryConstraint; new constraint messages; ObjectRelation deprecated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5378
diff
changeset
|
1027 |
yams_add_relation(cls.__relations__, rdef) |
1451 | 1028 |
|
629
59b6542f5729
provide a new WorkflowableEntityType base class (will be refactored later, maybe with schema interfaces)
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
628
diff
changeset
|
1029 |
|
0 | 1030 |
# schema loading ############################################################## |
1031 |
||
1032 |
CONSTRAINTS['RQLConstraint'] = RQLConstraint |
|
1033 |
CONSTRAINTS['RQLUniqueConstraint'] = RQLUniqueConstraint |
|
1034 |
CONSTRAINTS['RQLVocabularyConstraint'] = RQLVocabularyConstraint |
|
3980
b17cf4a2e09e
this constraint is actually unusable in yams schema for cw
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3979
diff
changeset
|
1035 |
CONSTRAINTS.pop('MultipleStaticVocabularyConstraint', None) # don't want this in cw yams schema |
0 | 1036 |
PyFileReader.context.update(CONSTRAINTS) |
1037 |
||
1038 |
||
1039 |
class BootstrapSchemaLoader(SchemaLoader): |
|
1040 |
"""cubicweb specific schema loader, loading only schema necessary to read |
|
1041 |
the persistent schema |
|
1042 |
""" |
|
1043 |
schemacls = CubicWebSchema |
|
1044 |
||
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1045 |
def load(self, config, path=(), **kwargs): |
0 | 1046 |
"""return a Schema instance from the schema definition read |
1047 |
from <directory> |
|
1048 |
""" |
|
1049 |
return super(BootstrapSchemaLoader, self).load( |
|
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1050 |
path, config.appid, register_base_types=False, **kwargs) |
1451 | 1051 |
|
0 | 1052 |
def _load_definition_files(self, cubes=None): |
1053 |
# bootstraping, ignore cubes |
|
2735
39c942241b48
no need for lib_directory
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2730
diff
changeset
|
1054 |
filepath = join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'bootstrap.py') |
2142
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
1055 |
self.info('loading %s', filepath) |
098aa2075903
include_schema_files is useless
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
1056 |
self.handle_file(filepath) |
1451 | 1057 |
|
0 | 1058 |
def unhandled_file(self, filepath): |
1059 |
"""called when a file without handler associated has been found""" |
|
1060 |
self.warning('ignoring file %r', filepath) |
|
1061 |
||
1062 |
||
1063 |
class CubicWebSchemaLoader(BootstrapSchemaLoader): |
|
1064 |
"""cubicweb specific schema loader, automatically adding metadata to the |
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2460
diff
changeset
|
1065 |
instance's schema |
0 | 1066 |
""" |
1067 |
||
1034
0356bbfb2f26
fix to pass arguments to base class
sylvain.thenault@logilab.fr
parents:
1016
diff
changeset
|
1068 |
def load(self, config, **kwargs): |
0 | 1069 |
"""return a Schema instance from the schema definition read |
1070 |
from <directory> |
|
1071 |
""" |
|
1072 |
self.info('loading %s schemas', ', '.join(config.cubes())) |
|
2782
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1073 |
self.extrapath = {} |
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1074 |
for cubesdir in config.cubes_search_path(): |
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1075 |
if cubesdir != config.CUBES_DIR: |
998f24dabd0d
compute extrapath, necessary for proper schema module detection when CW_CUBES_PATH is set
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2742
diff
changeset
|
1076 |
self.extrapath[cubesdir] = 'cubes' |
372
a8a975a88368
check apphome is not None
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
0
diff
changeset
|
1077 |
if config.apphome: |
2598
a66fe74bd9fc
[R schema] dont give an iterator, it's a trap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2596
diff
changeset
|
1078 |
path = tuple(reversed([config.apphome] + config.cubes_path())) |
372
a8a975a88368
check apphome is not None
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
0
diff
changeset
|
1079 |
else: |
2598
a66fe74bd9fc
[R schema] dont give an iterator, it's a trap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2596
diff
changeset
|
1080 |
path = tuple(reversed(config.cubes_path())) |
2526
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1081 |
try: |
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1082 |
return super(CubicWebSchemaLoader, self).load(config, path=path, **kwargs) |
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1083 |
finally: |
40e41eb34a7d
we've to call cleanup_sys_modules manually for proper schema modules cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2476
diff
changeset
|
1084 |
# we've to cleanup modules imported from cubicweb.schemas as well |
2735
39c942241b48
no need for lib_directory
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2730
diff
changeset
|
1085 |
cleanup_sys_modules([join(cubicweb.CW_SOFTWARE_ROOT, 'schemas')]) |
0 | 1086 |
|
1087 |
def _load_definition_files(self, cubes): |
|
2741
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1088 |
for filepath in (join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'bootstrap.py'), |
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1089 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'base.py'), |
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1090 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'workflow.py'), |
148d0cea1fb5
[schema] oops
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2736
diff
changeset
|
1091 |
join(cubicweb.CW_SOFTWARE_ROOT, 'schemas', 'Bookmark.py')): |
0 | 1092 |
self.info('loading %s', filepath) |
1093 |
self.handle_file(filepath) |
|
1094 |
for cube in cubes: |
|
1095 |
for filepath in self.get_schema_files(cube): |
|
1096 |
self.info('loading %s', filepath) |
|
1097 |
self.handle_file(filepath) |
|
1098 |
||
1099 |
||
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1100 |
set_log_methods(CubicWebSchemaLoader, getLogger('cubicweb.schemaloader')) |
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1101 |
set_log_methods(BootstrapSchemaLoader, getLogger('cubicweb.bootstrapschemaloader')) |
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1102 |
set_log_methods(RQLExpression, getLogger('cubicweb.schema')) |
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1103 |
|
0 | 1104 |
# _() is just there to add messages to the catalog, don't care about actual |
1105 |
# translation |
|
1106 |
PERM_USE_TEMPLATE_FORMAT = _('use_template_format') |
|
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1107 |
NEED_PERM_FORMATS = [_('text/cubicweb-page-template')] |
0 | 1108 |
|
2531
531ea4e7013e
[cleanup] nicer imports
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2526
diff
changeset
|
1109 |
@monkeypatch(FormatConstraint) |
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1110 |
def vocabulary(self, entity=None, form=None): |
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1111 |
cw = None |
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1112 |
if form is None and entity is not None: |
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1113 |
cw = entity._cw |
3347
428f95118556
fix vocab param to avoid deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3287
diff
changeset
|
1114 |
elif form is not None: |
3401
f893f4f199fc
use ._cw instead of req on appobject classes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3369
diff
changeset
|
1115 |
cw = form._cw |
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1116 |
if cw is not None: |
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
1117 |
if hasattr(cw, 'write_security'): # test it's a session and not a request |
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1118 |
# cw is a server session |
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4834
diff
changeset
|
1119 |
hasperm = not cw.write_security or \ |
4843
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
1120 |
not cw.is_hook_category_activated('integrity') or \ |
4757
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1121 |
cw.user.has_permission(PERM_USE_TEMPLATE_FORMAT) |
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1122 |
else: |
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1123 |
hasperm = cw.user.has_permission(PERM_USE_TEMPLATE_FORMAT) |
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1124 |
if hasperm: |
5d937aeaa6fb
do not check for use template permission when session is super session or integrity hooks are deactivated
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4755
diff
changeset
|
1125 |
return self.regular_formats + tuple(NEED_PERM_FORMATS) |
2459
d088d0ff48a1
move RichString and co to yams, keeping only a small monkeypatch for cw-page-template here
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2456
diff
changeset
|
1126 |
return self.regular_formats |
0 | 1127 |
|
1128 |
# XXX monkey patch PyFileReader.import_erschema until bw_normalize_etype is |
|
1129 |
# necessary |
|
1130 |
orig_import_erschema = PyFileReader.import_erschema |
|
1131 |
def bw_import_erschema(self, ertype, schemamod=None, instantiate=True): |
|
1132 |
return orig_import_erschema(self, bw_normalize_etype(ertype), schemamod, instantiate) |
|
1133 |
PyFileReader.import_erschema = bw_import_erschema |
|
1451 | 1134 |
|
0 | 1135 |
# XXX itou for some Statement methods |
1136 |
from rql import stmts |
|
1137 |
orig_get_etype = stmts.ScopeNode.get_etype |
|
1138 |
def bw_get_etype(self, name): |
|
1139 |
return orig_get_etype(self, bw_normalize_etype(name)) |
|
1140 |
stmts.ScopeNode.get_etype = bw_get_etype |
|
1141 |
||
1142 |
orig_add_main_variable_delete = stmts.Delete.add_main_variable |
|
1143 |
def bw_add_main_variable_delete(self, etype, vref): |
|
1144 |
return orig_add_main_variable_delete(self, bw_normalize_etype(etype), vref) |
|
1145 |
stmts.Delete.add_main_variable = bw_add_main_variable_delete |
|
1146 |
||
1147 |
orig_add_main_variable_insert = stmts.Insert.add_main_variable |
|
1148 |
def bw_add_main_variable_insert(self, etype, vref): |
|
1149 |
return orig_add_main_variable_insert(self, bw_normalize_etype(etype), vref) |
|
1150 |
stmts.Insert.add_main_variable = bw_add_main_variable_insert |
|
1151 |
||
1152 |
orig_set_statement_type = stmts.Select.set_statement_type |
|
1153 |
def bw_set_statement_type(self, etype): |
|
1154 |
return orig_set_statement_type(self, bw_normalize_etype(etype)) |
|
1155 |
stmts.Select.set_statement_type = bw_set_statement_type |
|
2736
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1156 |
|
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1157 |
# XXX deprecated |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1158 |
|
2736
c5048502409f
restore backward compat, still imported a lot
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2735
diff
changeset
|
1159 |
from yams.buildobjs import RichString |
4717
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1160 |
from yams.constraints import StaticVocabularyConstraint |
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1161 |
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1162 |
RichString = class_moved(RichString) |
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1163 |
|
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1164 |
StaticVocabularyConstraint = class_moved(StaticVocabularyConstraint) |
535705688f4f
proper deprecation warning when import class that should be imported from yams
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4702
diff
changeset
|
1165 |
FormatConstraint = class_moved(FormatConstraint) |
3978
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1166 |
|
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1167 |
PyFileReader.context['ERQLExpression'] = yobsolete(ERQLExpression) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1168 |
PyFileReader.context['RRQLExpression'] = yobsolete(RRQLExpression) |
2c95e3033f64
finish yesterday work on rql constraints:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3968
diff
changeset
|
1169 |
PyFileReader.context['WorkflowableEntityType'] = WorkflowableEntityType |