7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
9 """ |
9 """ |
10 |
10 |
11 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
11 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
|
12 |
|
13 if applcubicwebversion < (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
|
14 from cubicweb.server import schemaserial as ss |
|
15 session.set_pool() |
|
16 session.execute = session.unsafe_execute |
|
17 permsdict = ss.deserialize_ertype_permissions(session) |
|
18 def _add_relation_definition_no_perms(subjtype, rtype, objtype): |
|
19 rschema = fsschema.rschema(rtype) |
|
20 for query, args in ss.rdef2rql(rschema, subjtype, objtype, groupmap=None): |
|
21 rql(query, args, ask_confirm=False) |
|
22 checkpoint(ask_confirm=False) |
|
23 |
|
24 config.disabled_hooks_categories.add('integrity') |
|
25 for rschema in repo.schema.relations(): |
|
26 rpermsdict = permsdict.get(rschema.eid, {}) |
|
27 for rdef in rschema.rdefs.values(): |
|
28 for action in ('read', 'add', 'delete'): |
|
29 actperms = [] |
|
30 for something in rpermsdict.get(action, ()): |
|
31 if isinstance(something, tuple): |
|
32 actperms.append(rdef.rql_expression(*something)) |
|
33 else: # group name |
|
34 actperms.append(something) |
|
35 rdef.set_action_permissions(action, actperms) |
|
36 for action in ('read', 'add', 'delete'): |
|
37 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'CWGroup') |
|
38 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'RQLExpression') |
|
39 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'CWGroup') |
|
40 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'RQLExpression') |
|
41 for action in ('read', 'add', 'delete'): |
|
42 rql('SET X %s_permission Y WHERE X is IN (CWAttribute, CWRelation), ' |
|
43 'RT %s_permission Y, X relation_type RT, Y is CWGroup' % (action, action)) |
|
44 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
|
45 'X %s_permission Y WHERE X is IN (CWAttribute, CWRelation), ' |
|
46 'X relation_type RT, RT %s_permission Y2, Y2 exprtype YET, ' |
|
47 'Y2 mainvars YMV, Y2 expression YEX' % (action, action)) |
|
48 drop_relation_definition('CWRType', '%s_permission' % action, 'CWGroup', commit=False) |
|
49 drop_relation_definition('CWRType', '%s_permission' % action, 'RQLExpression') |
|
50 config.disabled_hooks_categories.add('integrity') |
12 |
51 |
13 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
52 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
14 |
53 |
15 session.set_shared_data('do-not-insert-cwuri', True) |
54 session.set_shared_data('do-not-insert-cwuri', True) |
16 deactivate_verification_hooks() |
55 deactivate_verification_hooks() |