779 * `target_etype`, optional name of an entity type that should be supported |
779 * `target_etype`, optional name of an entity type that should be supported |
780 at the other end of the relation |
780 at the other end of the relation |
781 |
781 |
782 * `action`, a relation schema action (e.g. one of 'read', 'add', 'delete', |
782 * `action`, a relation schema action (e.g. one of 'read', 'add', 'delete', |
783 default to 'read') which must be granted to the user, else a 0 score will |
783 default to 'read') which must be granted to the user, else a 0 score will |
784 be returned |
784 be returned. Give None if you don't want any permission checking. |
785 |
785 |
786 * `strict`, boolean (default to False) telling what to do when the user has |
786 * `strict`, boolean (default to False) telling what to do when the user has |
787 not globally the permission for the action (eg the action is not granted |
787 not globally the permission for the action (eg the action is not granted |
788 to one of the user's groups) |
788 to one of the user's groups) |
789 |
789 |
837 return 0 # relation not supported |
837 return 0 # relation not supported |
838 eschema = eclass.e_schema |
838 eschema = eclass.e_schema |
839 if self.target_etype is not None: |
839 if self.target_etype is not None: |
840 try: |
840 try: |
841 rdef = rschema.role_rdef(eschema, self.target_etype, self.role) |
841 rdef = rschema.role_rdef(eschema, self.target_etype, self.role) |
842 if not rdef.may_have_permission(self.action, req): |
842 if self.action and not rdef.may_have_permission(self.action, req): |
843 return 0 |
843 return 0 |
844 except KeyError: |
844 except KeyError: |
845 return 0 |
845 return 0 |
846 else: |
846 elif self.action: |
847 return rschema.may_have_permission(self.action, req, eschema, self.role) |
847 return rschema.may_have_permission(self.action, req, eschema, self.role) |
848 return 1 |
848 return 1 |
849 |
849 |
850 def score_entity(self, entity): |
850 def score_entity(self, entity): |
851 rschema = self._get_rschema(entity) |
851 rschema = self._get_rschema(entity) |
852 if rschema is None: |
852 if rschema is None: |
853 return 0 # relation not supported |
853 return 0 # relation not supported |
854 if self.target_etype is not None: |
854 if self.action: |
855 rschema = rschema.role_rdef(entity.e_schema, self.target_etype, self.role) |
855 if self.target_etype is not None: |
856 if self.role == 'subject': |
856 rschema = rschema.role_rdef(entity.e_schema, self.target_etype, self.role) |
857 if not rschema.has_perm(entity._cw, 'add', fromeid=entity.eid): |
857 if self.role == 'subject': |
|
858 if not rschema.has_perm(entity._cw, self.action, fromeid=entity.eid): |
|
859 return 0 |
|
860 elif not rschema.has_perm(entity._cw, self.action, toeid=entity.eid): |
858 return 0 |
861 return 0 |
859 elif not rschema.has_perm(entity._cw, 'add', toeid=entity.eid): |
|
860 return 0 |
|
861 return 1 |
862 return 1 |
862 |
863 |
863 |
864 |
864 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
865 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
865 """Same as :class:~`cubicweb.selectors.relation_possible`, but will look for |
866 """Same as :class:~`cubicweb.selectors.relation_possible`, but will look for |