8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
9 """ |
9 """ |
10 |
10 |
11 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
11 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
12 |
12 |
|
13 from cubicweb.server import schemaserial as ss |
|
14 def _add_relation_definition_no_perms(subjtype, rtype, objtype): |
|
15 rschema = fsschema.rschema(rtype) |
|
16 for query, args in ss.rdef2rql(rschema, subjtype, objtype, groupmap=None): |
|
17 rql(query, args, ask_confirm=False) |
|
18 commit(ask_confirm=False) |
|
19 |
|
20 if applcubicwebversion == (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
|
21 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'CWGroup') |
|
22 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'RQLExpression') |
|
23 session.set_pool() |
|
24 session.unsafe_execute('SET X update_permission Y WHERE X is CWAttribute, X add_permission Y') |
|
25 drop_relation_definition('CWAttribute', 'add_permission', 'CWGroup') |
|
26 drop_relation_definition('CWAttribute', 'add_permission', 'RQLExpression') |
|
27 drop_relation_definition('CWAttribute', 'delete_permission', 'CWGroup') |
|
28 drop_relation_definition('CWAttribute', 'delete_permission', 'RQLExpression') |
|
29 |
|
30 elif applcubicwebversion < (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
|
31 session.set_pool() |
|
32 session.execute = session.unsafe_execute |
|
33 permsdict = ss.deserialize_ertype_permissions(session) |
|
34 |
|
35 config.disabled_hooks_categories.add('integrity') |
|
36 for rschema in repo.schema.relations(): |
|
37 rpermsdict = permsdict.get(rschema.eid, {}) |
|
38 for rdef in rschema.rdefs.values(): |
|
39 for action in rdef.ACTIONS: |
|
40 actperms = [] |
|
41 for something in rpermsdict.get(action == 'update' and 'add' or action, ()): |
|
42 if isinstance(something, tuple): |
|
43 actperms.append(rdef.rql_expression(*something)) |
|
44 else: # group name |
|
45 actperms.append(something) |
|
46 rdef.set_action_permissions(action, actperms) |
|
47 for action in ('read', 'add', 'delete'): |
|
48 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'CWGroup') |
|
49 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'RQLExpression') |
|
50 for action in ('read', 'update'): |
|
51 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'CWGroup') |
|
52 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'RQLExpression') |
|
53 for action in ('read', 'add', 'delete'): |
|
54 rql('SET X %s_permission Y WHERE X is CWRelation, ' |
|
55 'RT %s_permission Y, X relation_type RT, Y is CWGroup' % (action, action)) |
|
56 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
|
57 'X %s_permission Y WHERE X is CWRelation, ' |
|
58 'X relation_type RT, RT %s_permission Y2, Y2 exprtype YET, ' |
|
59 'Y2 mainvars YMV, Y2 expression YEX' % (action, action)) |
|
60 rql('SET X read_permission Y WHERE X is CWAttribute, ' |
|
61 'RT read_permission Y, X relation_type RT, Y is CWGroup') |
|
62 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
|
63 'X read_permission Y WHERE X is CWAttribute, ' |
|
64 'X relation_type RT, RT read_permission Y2, Y2 exprtype YET, ' |
|
65 'Y2 mainvars YMV, Y2 expression YEX') |
|
66 rql('SET X update_permission Y WHERE X is CWAttribute, ' |
|
67 'RT add_permission Y, X relation_type RT, Y is CWGroup') |
|
68 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
|
69 'X update_permission Y WHERE X is CWAttribute, ' |
|
70 'X relation_type RT, RT add_permission Y2, Y2 exprtype YET, ' |
|
71 'Y2 mainvars YMV, Y2 expression YEX') |
|
72 for action in ('read', 'add', 'delete'): |
|
73 drop_relation_definition('CWRType', '%s_permission' % action, 'CWGroup', commit=False) |
|
74 drop_relation_definition('CWRType', '%s_permission' % action, 'RQLExpression') |
|
75 config.disabled_hooks_categories.remove('integrity') |
|
76 |
13 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
77 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
14 from cubicweb import RepositoryError |
78 |
15 from cubicweb.server.hooks import uniquecstrcheck_before_modification |
|
16 session.set_shared_data('do-not-insert-cwuri', True) |
79 session.set_shared_data('do-not-insert-cwuri', True) |
17 repo.hm.unregister_hook(uniquecstrcheck_before_modification, 'before_add_entity', '') |
80 deactivate_verification_hooks() |
18 repo.hm.unregister_hook(uniquecstrcheck_before_modification, 'before_update_entity', '') |
|
19 add_relation_type('cwuri') |
81 add_relation_type('cwuri') |
20 base_url = session.base_url() |
82 base_url = session.base_url() |
21 # use an internal session since some entity might forbid modifications to admin |
83 # use an internal session since some entity might forbid modifications to admin |
22 isession = repo.internal_session() |
84 isession = repo.internal_session() |
23 for eid, in rql('Any X', ask_confirm=False): |
85 for eid, in rql('Any X', ask_confirm=False): |
24 type, source, extid = session.describe(eid) |
86 type, source, extid = session.describe(eid) |
25 if source == 'system': |
87 if source == 'system': |
26 isession.execute('SET X cwuri %(u)s WHERE X eid %(x)s', |
88 isession.execute('SET X cwuri %(u)s WHERE X eid %(x)s', |
27 {'x': eid, 'u': base_url + u'eid/%s' % eid}) |
89 {'x': eid, 'u': base_url + u'eid/%s' % eid}) |
28 isession.commit() |
90 isession.commit() |
29 repo.hm.register_hook(uniquecstrcheck_before_modification, 'before_add_entity', '') |
91 reactivate_verification_hooks() |
30 repo.hm.register_hook(uniquecstrcheck_before_modification, 'before_update_entity', '') |
|
31 session.set_shared_data('do-not-insert-cwuri', False) |
92 session.set_shared_data('do-not-insert-cwuri', False) |
32 |
93 |
33 if applcubicwebversion < (3, 5, 0) and cubicwebversion >= (3, 5, 0): |
94 if applcubicwebversion < (3, 5, 0) and cubicwebversion >= (3, 5, 0): |
34 # check that migration is not doomed |
95 # check that migration is not doomed |
35 rset = rql('Any X,Y WHERE X transition_of E, Y transition_of E, ' |
96 rset = rql('Any X,Y WHERE X transition_of E, Y transition_of E, ' |
47 add_entity_type('WorkflowTransition') |
108 add_entity_type('WorkflowTransition') |
48 add_entity_type('SubWorkflowExitPoint') |
109 add_entity_type('SubWorkflowExitPoint') |
49 # drop explicit 'State allowed_transition Transition' since it should be |
110 # drop explicit 'State allowed_transition Transition' since it should be |
50 # infered due to yams inheritance. However we've to disable the schema |
111 # infered due to yams inheritance. However we've to disable the schema |
51 # sync hook first to avoid to destroy existing data... |
112 # sync hook first to avoid to destroy existing data... |
52 from cubicweb.server.schemahooks import after_del_relation_type |
|
53 repo.hm.unregister_hook(after_del_relation_type, |
|
54 'after_delete_relation', 'relation_type') |
|
55 try: |
113 try: |
56 drop_relation_definition('State', 'allowed_transition', 'Transition') |
114 from cubicweb.hooks import syncschema |
57 finally: |
115 repo.vreg.unregister(syncschema.AfterDelRelationTypeHook) |
58 repo.hm.register_hook(after_del_relation_type, |
116 try: |
59 'after_delete_relation', 'relation_type') |
117 drop_relation_definition('State', 'allowed_transition', 'Transition') |
|
118 finally: |
|
119 repo.vreg.register(syncschema.AfterDelRelationTypeHook) |
|
120 except ImportError: # syncschema is in CW >= 3.6 only |
|
121 from cubicweb.server.schemahooks import after_del_relation_type |
|
122 repo.hm.unregister_hook(after_del_relation_type, |
|
123 'after_delete_relation', 'relation_type') |
|
124 try: |
|
125 drop_relation_definition('State', 'allowed_transition', 'Transition') |
|
126 finally: |
|
127 repo.hm.register_hook(after_del_relation_type, |
|
128 'after_delete_relation', 'relation_type') |
60 schema.rebuild_infered_relations() # need to be explicitly called once everything is in place |
129 schema.rebuild_infered_relations() # need to be explicitly called once everything is in place |
61 |
130 |
62 for et in rql('DISTINCT Any ET,ETN WHERE S state_of ET, ET name ETN', |
131 for et in rql('DISTINCT Any ET,ETN WHERE S state_of ET, ET name ETN', |
63 ask_confirm=False).entities(): |
132 ask_confirm=False).entities(): |
64 wf = add_workflow(u'default %s workflow' % et.name, et.name, |
133 wf = add_workflow(u'default %s workflow' % et.name, et.name, |