34 |
34 |
35 - `creation_date` (`Datetime`) |
35 - `creation_date` (`Datetime`) |
36 |
36 |
37 - `modification_date` (`Datetime`) |
37 - `modification_date` (`Datetime`) |
38 |
38 |
39 - `created_by` (`EUser`) (which user created the entity) |
39 - `created_by` (`CWUser`) (which user created the entity) |
40 |
40 |
41 - `owned_by` (`EUser`) (to whom the entity belongs; by default the |
41 - `owned_by` (`CWUser`) (to whom the entity belongs; by default the |
42 creator but not necessary, and it could have multiple owners) |
42 creator but not necessary, and it could have multiple owners) |
43 |
43 |
44 - `is` (`EEType`) |
44 - `is` (`CWEType`) |
45 |
45 |
46 |
46 |
47 * relations can be defined by using `ObjectRelation` or `SubjectRelation`. |
47 * relations can be defined by using `ObjectRelation` or `SubjectRelation`. |
48 The first argument of `SubjectRelation` or `ObjectRelation` gives respectively |
48 The first argument of `SubjectRelation` or `ObjectRelation` gives respectively |
49 the object/subject entity type of the relation. This could be : |
49 the object/subject entity type of the relation. This could be : |
163 class locked_by(RelationType): |
163 class locked_by(RelationType): |
164 """relation on all entities indicating that they are locked""" |
164 """relation on all entities indicating that they are locked""" |
165 inlined = True |
165 inlined = True |
166 cardinality = '?*' |
166 cardinality = '?*' |
167 subject = '*' |
167 subject = '*' |
168 object = 'EUser' |
168 object = 'CWUser' |
169 |
169 |
170 In addition to the permissions, the properties of the relation types |
170 In addition to the permissions, the properties of the relation types |
171 (shared also by all definition of relation of this type) are : |
171 (shared also by all definition of relation of this type) are : |
172 |
172 |
173 |
173 |
288 in which X represents the entity the attribute belongs to |
288 in which X represents the entity the attribute belongs to |
289 |
289 |
290 - the permissions `add` and `delete` are equivalent. Only `add`/`read` |
290 - the permissions `add` and `delete` are equivalent. Only `add`/`read` |
291 are actually taken in consideration. |
291 are actually taken in consideration. |
292 |
292 |
293 In addition to that the entity type `EPermission` from the standard library |
293 In addition to that the entity type `CWPermission` from the standard library |
294 allow to build very complex and dynamic security architecture. The schema of |
294 allow to build very complex and dynamic security architecture. The schema of |
295 this entity type is as follow : :: |
295 this entity type is as follow : :: |
296 |
296 |
297 class EPermission(MetaEntityType): |
297 class CWPermission(MetaEntityType): |
298 """entity type that may be used to construct some advanced security configuration |
298 """entity type that may be used to construct some advanced security configuration |
299 """ |
299 """ |
300 name = String(required=True, indexed=True, internationalizable=True, maxsize=100) |
300 name = String(required=True, indexed=True, internationalizable=True, maxsize=100) |
301 require_group = SubjectRelation('EGroup', cardinality='+*', |
301 require_group = SubjectRelation('CWGroup', cardinality='+*', |
302 description=_('groups to which the permission is granted')) |
302 description=_('groups to which the permission is granted')) |
303 require_state = SubjectRelation('State', |
303 require_state = SubjectRelation('State', |
304 description=_("entity'state in which the permission is applyable")) |
304 description=_("entity'state in which the permission is applyable")) |
305 # can be used on any entity |
305 # can be used on any entity |
306 require_permission = ObjectRelation('**', cardinality='*1', composite='subject', |
306 require_permission = ObjectRelation('**', cardinality='*1', composite='subject', |
336 RRQLExpression('O require_permission P, P name "add_version",' |
336 RRQLExpression('O require_permission P, P name "add_version",' |
337 'U in_group G, P require_group G'),) |
337 'U in_group G, P require_group G'),) |
338 } |
338 } |
339 inlined = True |
339 inlined = True |
340 |
340 |
341 This configuration indicates that an entity `EPermission` named |
341 This configuration indicates that an entity `CWPermission` named |
342 "add_version" can be associated to a project and provides rights to create |
342 "add_version" can be associated to a project and provides rights to create |
343 new versions on this project to specific groups. It is important to notice that : |
343 new versions on this project to specific groups. It is important to notice that : |
344 |
344 |
345 * in such case, we have to protect both the entity type "Version" and the relation |
345 * in such case, we have to protect both the entity type "Version" and the relation |
346 associating a version to a project ("version_of") |
346 associating a version to a project ("version_of") |
347 |
347 |
348 * because of the genricity of the entity type `EPermission`, we have to execute |
348 * because of the genricity of the entity type `CWPermission`, we have to execute |
349 a unification with the groups and/or the states if necessary in the expression |
349 a unification with the groups and/or the states if necessary in the expression |
350 ("U in_group G, P require_group G" in the above example) |
350 ("U in_group G, P require_group G" in the above example) |
351 |
351 |
352 Use of RQL expression for reading rights |
352 Use of RQL expression for reading rights |
353 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
353 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |