4 :copyright: 2001-2009 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
4 :copyright: 2001-2009 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
5 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
5 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
6 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
6 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
7 """ |
7 """ |
8 __docformat__ = "restructuredtext en" |
8 __docformat__ = "restructuredtext en" |
9 |
9 _ = unicode |
|
10 |
|
11 from yams.buildobjs import (EntityType, RelationType, SubjectRelation, |
|
12 String, Boolean, Datetime) |
|
13 from cubicweb.schema import RQLConstraint |
|
14 from cubicweb.schemas import META_ETYPE_PERMS, META_RTYPE_PERMS |
10 |
15 |
11 class CWUser(WorkflowableEntityType): |
16 class CWUser(WorkflowableEntityType): |
12 """define a CubicWeb user""" |
17 """define a CubicWeb user""" |
13 meta = True # XXX backported from old times, shouldn't be there anymore |
|
14 permissions = { |
18 permissions = { |
15 'read': ('managers', 'users', ERQLExpression('X identity U')), |
19 'read': ('managers', 'users', ERQLExpression('X identity U')), |
16 'add': ('managers',), |
20 'add': ('managers',), |
17 'delete': ('managers',), |
21 'delete': ('managers',), |
18 'update': ('managers', ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),), |
22 'update': ('managers', ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),), |
33 in_group = SubjectRelation('CWGroup', cardinality='+*', |
37 in_group = SubjectRelation('CWGroup', cardinality='+*', |
34 constraints=[RQLConstraint('NOT O name "owners"')], |
38 constraints=[RQLConstraint('NOT O name "owners"')], |
35 description=_('groups grant permissions to the user')) |
39 description=_('groups grant permissions to the user')) |
36 |
40 |
37 |
41 |
38 class EmailAddress(MetaEntityType): |
42 class EmailAddress(EntityType): |
39 """an electronic mail address associated to a short alias""" |
43 """an electronic mail address associated to a short alias""" |
40 permissions = { |
44 permissions = { |
41 'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P |
45 'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P |
42 'add': ('managers', 'users',), |
46 'add': ('managers', 'users',), |
43 'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
47 'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')), |
79 # possible |
83 # possible |
80 'add': ('managers', RRQLExpression('U has_update_permission S'),), |
84 'add': ('managers', RRQLExpression('U has_update_permission S'),), |
81 'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
85 'delete': ('managers', RRQLExpression('U has_update_permission S'),), |
82 } |
86 } |
83 |
87 |
84 class in_group(MetaRelationType): |
88 class in_group(RelationType): |
85 """core relation indicating a user's groups""" |
89 """core relation indicating a user's groups""" |
86 meta = False |
90 permissions = META_RTYPE_PERMS |
87 |
91 |
88 class owned_by(MetaRelationType): |
92 class owned_by(RelationType): |
89 """core relation indicating owners of an entity. This relation |
93 """core relation indicating owners of an entity. This relation |
90 implicitly put the owner into the owners group for the entity |
94 implicitly put the owner into the owners group for the entity |
91 """ |
95 """ |
92 permissions = { |
96 permissions = { |
93 'read': ('managers', 'users', 'guests'), |
97 'read': ('managers', 'users', 'guests'), |
98 # and to support later deletion of a user which has created some entities |
102 # and to support later deletion of a user which has created some entities |
99 cardinality = '**' |
103 cardinality = '**' |
100 subject = '**' |
104 subject = '**' |
101 object = 'CWUser' |
105 object = 'CWUser' |
102 |
106 |
103 class created_by(MetaRelationType): |
107 class created_by(RelationType): |
104 """core relation indicating the original creator of an entity""" |
108 """core relation indicating the original creator of an entity""" |
105 permissions = { |
109 permissions = { |
106 'read': ('managers', 'users', 'guests'), |
110 'read': ('managers', 'users', 'guests'), |
107 'add': ('managers',), |
111 'add': ('managers',), |
108 'delete': ('managers',), |
112 'delete': ('managers',), |
135 'read': ('managers', 'users', 'guests'), |
139 'read': ('managers', 'users', 'guests'), |
136 'add': ('managers', 'users',), |
140 'add': ('managers', 'users',), |
137 'update': ('managers', 'owners',), |
141 'update': ('managers', 'owners',), |
138 'delete': ('managers', 'owners',), |
142 'delete': ('managers', 'owners',), |
139 } |
143 } |
140 meta = True |
|
141 # key is a reserved word for mysql |
144 # key is a reserved word for mysql |
142 pkey = String(required=True, internationalizable=True, maxsize=256, |
145 pkey = String(required=True, internationalizable=True, maxsize=256, |
143 description=_('defines what\'s the property is applied for. ' |
146 description=_('defines what\'s the property is applied for. ' |
144 'You must select this first to be able to set ' |
147 'You must select this first to be able to set ' |
145 'value')) |
148 'value')) |
150 'applying. If this relation is not ' |
153 'applying. If this relation is not ' |
151 'set, the property is considered as' |
154 'set, the property is considered as' |
152 ' a global property')) |
155 ' a global property')) |
153 |
156 |
154 |
157 |
155 class for_user(MetaRelationType): |
158 class for_user(RelationType): |
156 """link a property to the user which want this property customization. Unless |
159 """link a property to the user which want this property customization. Unless |
157 you're a site manager, this relation will be handled automatically. |
160 you're a site manager, this relation will be handled automatically. |
158 """ |
161 """ |
159 permissions = { |
162 permissions = { |
160 'read': ('managers', 'users', 'guests'), |
163 'read': ('managers', 'users', 'guests'), |
162 'delete': ('managers',), |
165 'delete': ('managers',), |
163 } |
166 } |
164 inlined = True |
167 inlined = True |
165 |
168 |
166 |
169 |
167 class CWPermission(MetaEntityType): |
170 class CWPermission(EntityType): |
168 """entity type that may be used to construct some advanced security configuration |
171 """entity type that may be used to construct some advanced security configuration |
169 """ |
172 """ |
|
173 permissions = META_ETYPE_PERMS |
|
174 |
170 name = String(required=True, indexed=True, internationalizable=True, maxsize=100, |
175 name = String(required=True, indexed=True, internationalizable=True, maxsize=100, |
171 description=_('name or identifier of the permission')) |
176 description=_('name or identifier of the permission')) |
172 label = String(required=True, internationalizable=True, maxsize=100, |
177 label = String(required=True, internationalizable=True, maxsize=100, |
173 description=_('distinct label to distinguate between other permission entity of the same name')) |
178 description=_('distinct label to distinguate between other permission entity of the same name')) |
174 require_group = SubjectRelation('CWGroup', |
179 require_group = SubjectRelation('CWGroup', |
184 'read': ('managers', 'users', 'guests'), |
189 'read': ('managers', 'users', 'guests'), |
185 'add': ('managers',), |
190 'add': ('managers',), |
186 'delete': ('managers',), |
191 'delete': ('managers',), |
187 } |
192 } |
188 |
193 |
189 class require_group(MetaRelationType): |
194 class require_group(RelationType): |
190 """used to grant a permission to a group""" |
195 """used to grant a permission to a group""" |
191 permissions = { |
196 permissions = { |
192 'read': ('managers', 'users', 'guests'), |
197 'read': ('managers', 'users', 'guests'), |
193 'add': ('managers',), |
198 'add': ('managers',), |
194 'delete': ('managers',), |
199 'delete': ('managers',), |
198 class see_also(RelationType): |
203 class see_also(RelationType): |
199 """generic relation to link one entity to another""" |
204 """generic relation to link one entity to another""" |
200 symetric = True |
205 symetric = True |
201 |
206 |
202 |
207 |
203 class CWCache(MetaEntityType): |
208 class CWCache(EntityType): |
204 """a simple cache entity characterized by a name and |
209 """a simple cache entity characterized by a name and |
205 a validity date. |
210 a validity date. |
206 |
211 |
207 The target application is responsible for updating timestamp |
212 The target application is responsible for updating timestamp |
208 when necessary to invalidate the cache (typically in hooks). |
213 when necessary to invalidate the cache (typically in hooks). |
210 Also, checkout the AppRsetObject.get_cache() method. |
215 Also, checkout the AppRsetObject.get_cache() method. |
211 """ |
216 """ |
212 permissions = { |
217 permissions = { |
213 'read': ('managers', 'users', 'guests'), |
218 'read': ('managers', 'users', 'guests'), |
214 'add': ('managers',), |
219 'add': ('managers',), |
215 'update': ('managers', 'users',), |
220 'update': ('managers', 'users',), # XXX |
216 'delete': ('managers',), |
221 'delete': ('managers',), |
217 } |
222 } |
218 |
223 |
219 name = String(required=True, unique=True, indexed=True, maxsize=128, |
224 name = String(required=True, unique=True, indexed=True, maxsize=128, |
220 description=_('name of the cache')) |
225 description=_('name of the cache')) |