5 :organization: Logilab |
5 :organization: Logilab |
6 :copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
6 :copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
8 :license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
9 """ |
9 """ |
|
10 from __future__ import with_statement |
|
11 |
|
12 from cubicweb.server.session import hooks_control |
|
13 from cubicweb.server import schemaserial as ss |
10 |
14 |
11 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
15 applcubicwebversion, cubicwebversion = versions_map['cubicweb'] |
12 |
16 |
13 from cubicweb.server import schemaserial as ss |
|
14 def _add_relation_definition_no_perms(subjtype, rtype, objtype): |
17 def _add_relation_definition_no_perms(subjtype, rtype, objtype): |
15 rschema = fsschema.rschema(rtype) |
18 rschema = fsschema.rschema(rtype) |
16 for query, args in ss.rdef2rql(rschema, subjtype, objtype, groupmap=None): |
19 rdef = rschema.rdefs[(subjtype, objtype)] |
17 rql(query, args, ask_confirm=False) |
20 rdef.rtype = schema.rschema(rtype) |
|
21 rdef.subject = schema.eschema(subjtype) |
|
22 rdef.object = schema.eschema(objtype) |
|
23 ss.execschemarql(rql, rdef, ss.rdef2rql(rdef, CSTRMAP, groupmap=None)) |
18 commit(ask_confirm=False) |
24 commit(ask_confirm=False) |
19 |
25 |
20 if applcubicwebversion == (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
26 if applcubicwebversion == (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
|
27 CSTRMAP = dict(rql('Any T, X WHERE X is CWConstraintType, X name T', |
|
28 ask_confirm=False)) |
21 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'CWGroup') |
29 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'CWGroup') |
22 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'RQLExpression') |
30 _add_relation_definition_no_perms('CWAttribute', 'update_permission', 'RQLExpression') |
23 rql('SET X update_permission Y WHERE X is CWAttribute, X add_permission Y') |
31 rql('SET X update_permission Y WHERE X is CWAttribute, X add_permission Y') |
24 drop_relation_definition('CWAttribute', 'add_permission', 'CWGroup') |
32 drop_relation_definition('CWAttribute', 'add_permission', 'CWGroup') |
25 drop_relation_definition('CWAttribute', 'add_permission', 'RQLExpression') |
33 drop_relation_definition('CWAttribute', 'add_permission', 'RQLExpression') |
26 drop_relation_definition('CWAttribute', 'delete_permission', 'CWGroup') |
34 drop_relation_definition('CWAttribute', 'delete_permission', 'CWGroup') |
27 drop_relation_definition('CWAttribute', 'delete_permission', 'RQLExpression') |
35 drop_relation_definition('CWAttribute', 'delete_permission', 'RQLExpression') |
28 |
36 |
29 elif applcubicwebversion < (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
37 elif applcubicwebversion < (3, 6, 0) and cubicwebversion >= (3, 6, 0): |
|
38 CSTRMAP = dict(rql('Any T, X WHERE X is CWConstraintType, X name T', |
|
39 ask_confirm=False)) |
30 session.set_pool() |
40 session.set_pool() |
31 permsdict = ss.deserialize_ertype_permissions(session) |
41 permsdict = ss.deserialize_ertype_permissions(session) |
32 |
42 |
33 changes = session.disable_hook_categories.add('integrity') |
43 with hooks_control(session, session.HOOKS_ALLOW_ALL, 'integrity'): |
34 for rschema in repo.schema.relations(): |
44 for rschema in repo.schema.relations(): |
35 rpermsdict = permsdict.get(rschema.eid, {}) |
45 rpermsdict = permsdict.get(rschema.eid, {}) |
36 for rdef in rschema.rdefs.values(): |
46 for rdef in rschema.rdefs.values(): |
37 for action in rdef.ACTIONS: |
47 for action in rdef.ACTIONS: |
38 actperms = [] |
48 actperms = [] |
39 for something in rpermsdict.get(action == 'update' and 'add' or action, ()): |
49 for something in rpermsdict.get(action == 'update' and 'add' or action, ()): |
40 if isinstance(something, tuple): |
50 if isinstance(something, tuple): |
41 actperms.append(rdef.rql_expression(*something)) |
51 actperms.append(rdef.rql_expression(*something)) |
42 else: # group name |
52 else: # group name |
43 actperms.append(something) |
53 actperms.append(something) |
44 rdef.set_action_permissions(action, actperms) |
54 rdef.set_action_permissions(action, actperms) |
45 for action in ('read', 'add', 'delete'): |
55 for action in ('read', 'add', 'delete'): |
46 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'CWGroup') |
56 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'CWGroup') |
47 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'RQLExpression') |
57 _add_relation_definition_no_perms('CWRelation', '%s_permission' % action, 'RQLExpression') |
48 for action in ('read', 'update'): |
58 for action in ('read', 'update'): |
49 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'CWGroup') |
59 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'CWGroup') |
50 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'RQLExpression') |
60 _add_relation_definition_no_perms('CWAttribute', '%s_permission' % action, 'RQLExpression') |
51 for action in ('read', 'add', 'delete'): |
61 for action in ('read', 'add', 'delete'): |
52 rql('SET X %s_permission Y WHERE X is CWRelation, ' |
62 rql('SET X %s_permission Y WHERE X is CWRelation, ' |
53 'RT %s_permission Y, X relation_type RT, Y is CWGroup' % (action, action)) |
63 'RT %s_permission Y, X relation_type RT, Y is CWGroup' % (action, action)) |
|
64 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
|
65 'X %s_permission Y WHERE X is CWRelation, ' |
|
66 'X relation_type RT, RT %s_permission Y2, Y2 exprtype YET, ' |
|
67 'Y2 mainvars YMV, Y2 expression YEX' % (action, action)) |
|
68 rql('SET X read_permission Y WHERE X is CWAttribute, ' |
|
69 'RT read_permission Y, X relation_type RT, Y is CWGroup') |
54 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
70 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
55 'X %s_permission Y WHERE X is CWRelation, ' |
71 'X read_permission Y WHERE X is CWAttribute, ' |
56 'X relation_type RT, RT %s_permission Y2, Y2 exprtype YET, ' |
72 'X relation_type RT, RT read_permission Y2, Y2 exprtype YET, ' |
57 'Y2 mainvars YMV, Y2 expression YEX' % (action, action)) |
73 'Y2 mainvars YMV, Y2 expression YEX') |
58 rql('SET X read_permission Y WHERE X is CWAttribute, ' |
74 rql('SET X update_permission Y WHERE X is CWAttribute, ' |
59 'RT read_permission Y, X relation_type RT, Y is CWGroup') |
75 'RT add_permission Y, X relation_type RT, Y is CWGroup') |
60 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
76 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
61 'X read_permission Y WHERE X is CWAttribute, ' |
77 'X update_permission Y WHERE X is CWAttribute, ' |
62 'X relation_type RT, RT read_permission Y2, Y2 exprtype YET, ' |
78 'X relation_type RT, RT add_permission Y2, Y2 exprtype YET, ' |
63 'Y2 mainvars YMV, Y2 expression YEX') |
79 'Y2 mainvars YMV, Y2 expression YEX') |
64 rql('SET X update_permission Y WHERE X is CWAttribute, ' |
80 for action in ('read', 'add', 'delete'): |
65 'RT add_permission Y, X relation_type RT, Y is CWGroup') |
81 drop_relation_definition('CWRType', '%s_permission' % action, 'CWGroup', commit=False) |
66 rql('INSERT RQLExpression Y: Y exprtype YET, Y mainvars YMV, Y expression YEX, ' |
82 drop_relation_definition('CWRType', '%s_permission' % action, 'RQLExpression') |
67 'X update_permission Y WHERE X is CWAttribute, ' |
|
68 'X relation_type RT, RT add_permission Y2, Y2 exprtype YET, ' |
|
69 'Y2 mainvars YMV, Y2 expression YEX') |
|
70 for action in ('read', 'add', 'delete'): |
|
71 drop_relation_definition('CWRType', '%s_permission' % action, 'CWGroup', commit=False) |
|
72 drop_relation_definition('CWRType', '%s_permission' % action, 'RQLExpression') |
|
73 if changes: |
|
74 session.enable_hook_categories.add(*changes) |
|
75 |
83 |
76 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
84 if applcubicwebversion < (3, 4, 0) and cubicwebversion >= (3, 4, 0): |
77 |
85 |
78 session.set_shared_data('do-not-insert-cwuri', True) |
86 with hooks_control(session, session.HOOKS_ALLOW_ALL, 'integrity'): |
79 deactivate_verification_hooks() |
87 session.set_shared_data('do-not-insert-cwuri', True) |
80 add_relation_type('cwuri') |
88 add_relation_type('cwuri') |
81 base_url = session.base_url() |
89 base_url = session.base_url() |
82 for eid, in rql('Any X', ask_confirm=False): |
90 for eid, in rql('Any X', ask_confirm=False): |
83 type, source, extid = session.describe(eid) |
91 type, source, extid = session.describe(eid) |
84 if source == 'system': |
92 if source == 'system': |
85 rql('SET X cwuri %(u)s WHERE X eid %(x)s', |
93 rql('SET X cwuri %(u)s WHERE X eid %(x)s', |
86 {'x': eid, 'u': base_url + u'eid/%s' % eid}) |
94 {'x': eid, 'u': base_url + u'eid/%s' % eid}) |
87 isession.commit() |
95 isession.commit() |
88 reactivate_verification_hooks() |
96 session.set_shared_data('do-not-insert-cwuri', False) |
89 session.set_shared_data('do-not-insert-cwuri', False) |
|
90 |
97 |
91 if applcubicwebversion < (3, 5, 0) and cubicwebversion >= (3, 5, 0): |
98 if applcubicwebversion < (3, 5, 0) and cubicwebversion >= (3, 5, 0): |
92 # check that migration is not doomed |
99 # check that migration is not doomed |
93 rset = rql('Any X,Y WHERE X transition_of E, Y transition_of E, ' |
100 rset = rql('Any X,Y WHERE X transition_of E, Y transition_of E, ' |
94 'X name N, Y name N, NOT X identity Y', |
101 'X name N, Y name N, NOT X identity Y', |