14 # details. |
14 # details. |
15 # |
15 # |
16 # You should have received a copy of the GNU Lesser General Public License along |
16 # You should have received a copy of the GNU Lesser General Public License along |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
18 """classes to define schemas for CubicWeb""" |
18 """classes to define schemas for CubicWeb""" |
|
19 from __future__ import print_function |
19 |
20 |
20 __docformat__ = "restructuredtext en" |
21 __docformat__ = "restructuredtext en" |
21 _ = unicode |
22 _ = unicode |
22 |
23 |
23 import re |
24 import re |
663 else: |
664 else: |
664 DBG = True |
665 DBG = True |
665 groups = self.get_groups(action) |
666 groups = self.get_groups(action) |
666 if _cw.user.matching_groups(groups): |
667 if _cw.user.matching_groups(groups): |
667 if DBG: |
668 if DBG: |
668 print ('check_perm: %r %r: user matches %s' % (action, _self_str, groups)) |
669 print('check_perm: %r %r: user matches %s' % (action, _self_str, groups)) |
669 return |
670 return |
670 # if 'owners' in allowed groups, check if the user actually owns this |
671 # if 'owners' in allowed groups, check if the user actually owns this |
671 # object, if so that's enough |
672 # object, if so that's enough |
672 # |
673 # |
673 # NB: give _cw to user.owns since user is not be bound to a transaction on |
674 # NB: give _cw to user.owns since user is not be bound to a transaction on |
674 # the repository side |
675 # the repository side |
675 if 'owners' in groups and ( |
676 if 'owners' in groups and ( |
676 kwargs.get('creating') |
677 kwargs.get('creating') |
677 or ('eid' in kwargs and _cw.user.owns(kwargs['eid']))): |
678 or ('eid' in kwargs and _cw.user.owns(kwargs['eid']))): |
678 if DBG: |
679 if DBG: |
679 print ('check_perm: %r %r: user is owner or creation time' % |
680 print('check_perm: %r %r: user is owner or creation time' % |
680 (action, _self_str)) |
681 (action, _self_str)) |
681 return |
682 return |
682 # else if there is some rql expressions, check them |
683 # else if there is some rql expressions, check them |
683 if DBG: |
684 if DBG: |
684 print ('check_perm: %r %r %s' % |
685 print('check_perm: %r %r %s' % |
685 (action, _self_str, [(rqlexpr, kwargs, rqlexpr.check(_cw, **kwargs)) |
686 (action, _self_str, [(rqlexpr, kwargs, rqlexpr.check(_cw, **kwargs)) |
686 for rqlexpr in self.get_rqlexprs(action)])) |
687 for rqlexpr in self.get_rqlexprs(action)])) |
687 if any(rqlexpr.check(_cw, **kwargs) |
688 if any(rqlexpr.check(_cw, **kwargs) |
688 for rqlexpr in self.get_rqlexprs(action)): |
689 for rqlexpr in self.get_rqlexprs(action)): |
689 return |
690 return |
690 raise Unauthorized(action, str(self)) |
691 raise Unauthorized(action, str(self)) |
691 PermissionMixIn.check_perm = check_perm |
692 PermissionMixIn.check_perm = check_perm |