757 * `target_etype`, optional name of an entity type that should be supported |
757 * `target_etype`, optional name of an entity type that should be supported |
758 at the other end of the relation |
758 at the other end of the relation |
759 |
759 |
760 * `action`, a relation schema action (e.g. one of 'read', 'add', 'delete', |
760 * `action`, a relation schema action (e.g. one of 'read', 'add', 'delete', |
761 default to 'read') which must be granted to the user, else a 0 score will |
761 default to 'read') which must be granted to the user, else a 0 score will |
762 be returned |
762 be returned. Give None if you don't want any permission checking. |
763 |
763 |
764 * `strict`, boolean (default to False) telling what to do when the user has |
764 * `strict`, boolean (default to False) telling what to do when the user has |
765 not globally the permission for the action (eg the action is not granted |
765 not globally the permission for the action (eg the action is not granted |
766 to one of the user's groups) |
766 to one of the user's groups) |
767 |
767 |
815 return 0 # relation not supported |
815 return 0 # relation not supported |
816 eschema = eclass.e_schema |
816 eschema = eclass.e_schema |
817 if self.target_etype is not None: |
817 if self.target_etype is not None: |
818 try: |
818 try: |
819 rdef = rschema.role_rdef(eschema, self.target_etype, self.role) |
819 rdef = rschema.role_rdef(eschema, self.target_etype, self.role) |
820 if not rdef.may_have_permission(self.action, req): |
820 if self.action and not rdef.may_have_permission(self.action, req): |
821 return 0 |
821 return 0 |
822 except KeyError: |
822 except KeyError: |
823 return 0 |
823 return 0 |
824 else: |
824 elif self.action: |
825 return rschema.may_have_permission(self.action, req, eschema, self.role) |
825 return rschema.may_have_permission(self.action, req, eschema, self.role) |
826 return 1 |
826 return 1 |
827 |
827 |
828 def score_entity(self, entity): |
828 def score_entity(self, entity): |
829 rschema = self._get_rschema(entity) |
829 rschema = self._get_rschema(entity) |
830 if rschema is None: |
830 if rschema is None: |
831 return 0 # relation not supported |
831 return 0 # relation not supported |
832 if self.target_etype is not None: |
832 if self.action: |
833 rschema = rschema.role_rdef(entity.e_schema, self.target_etype, self.role) |
833 if self.target_etype is not None: |
834 if self.role == 'subject': |
834 rschema = rschema.role_rdef(entity.e_schema, self.target_etype, self.role) |
835 if not rschema.has_perm(entity._cw, 'add', fromeid=entity.eid): |
835 if self.role == 'subject': |
|
836 if not rschema.has_perm(entity._cw, self.action, fromeid=entity.eid): |
|
837 return 0 |
|
838 elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid): |
836 return 0 |
839 return 0 |
837 elif not rschema.has_perm(entity._cw, 'add', toeid=entity.eid): |
|
838 return 0 |
|
839 return 1 |
840 return 1 |
840 |
841 |
841 |
842 |
842 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
843 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
843 """Same as :class:~`cubicweb.selectors.relation_possible`, but will look for |
844 """Same as :class:~`cubicweb.selectors.relation_possible`, but will look for |