663 self.rtype = rtype |
663 self.rtype = rtype |
664 self.role = role |
664 self.role = role |
665 self.target_etype = target_etype |
665 self.target_etype = target_etype |
666 self.action = action |
666 self.action = action |
667 |
667 |
668 @lltrace |
|
669 def __call__(self, cls, req, *args, **kwargs): |
|
670 rschema = cls.schema.rschema(self.rtype) |
|
671 if not (rschema.has_perm(req, self.action) |
|
672 or rschema.has_local_role(self.action)): |
|
673 return 0 |
|
674 if self.action != 'read': |
|
675 if not (rschema.has_perm(req, 'read') |
|
676 or rschema.has_local_role('read')): |
|
677 return 0 |
|
678 score = super(relation_possible, self).__call__(cls, req, *args, **kwargs) |
|
679 return score |
|
680 |
|
681 def score_class(self, eclass, req): |
668 def score_class(self, eclass, req): |
682 eschema = eclass.e_schema |
669 eschema = eclass.e_schema |
683 try: |
670 try: |
684 if self.role == 'object': |
671 if self.role == 'object': |
685 rschema = eschema.objrels[self.rtype] |
672 rschema = eschema.objrels[self.rtype] |
687 rschema = eschema.subjrels[self.rtype] |
674 rschema = eschema.subjrels[self.rtype] |
688 except KeyError: |
675 except KeyError: |
689 return 0 |
676 return 0 |
690 if self.target_etype is not None: |
677 if self.target_etype is not None: |
691 try: |
678 try: |
692 if self.role == 'subject': |
679 rdef = rschema.role_rdef(eschema, self.target_etype, self.role) |
693 return int(self.target_etype in rschema.objects(eschema)) |
680 if not rdef.may_have_permission(self.action, req): |
694 else: |
681 return 0 |
695 return int(self.target_etype in rschema.subjects(eschema)) |
|
696 except KeyError: |
682 except KeyError: |
697 return 0 |
683 return 0 |
|
684 else: |
|
685 return rschema.may_have_permission(self.action, req, eschema, self.role) |
698 return 1 |
686 return 1 |
699 |
687 |
700 |
688 |
701 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
689 class partial_relation_possible(PartialSelectorMixIn, relation_possible): |
702 """partial version of the relation_possible selector |
690 """partial version of the relation_possible selector |
1068 def etype_rtype_selector(cls, req, rset=None, row=None, col=0, **kwargs): |
1056 def etype_rtype_selector(cls, req, rset=None, row=None, col=0, **kwargs): |
1069 schema = cls.schema |
1057 schema = cls.schema |
1070 perm = getattr(cls, 'require_permission', 'read') |
1058 perm = getattr(cls, 'require_permission', 'read') |
1071 if hasattr(cls, 'etype'): |
1059 if hasattr(cls, 'etype'): |
1072 eschema = schema.eschema(cls.etype) |
1060 eschema = schema.eschema(cls.etype) |
1073 if not (eschema.has_perm(req, perm) or eschema.has_local_role(perm)): |
1061 if not eschema.may_have_permission(perm, req): |
1074 return 0 |
1062 return 0 |
1075 if hasattr(cls, 'rtype'): |
1063 if hasattr(cls, 'rtype'): |
1076 rschema = schema.rschema(cls.rtype) |
1064 rschema = schema.rschema(cls.rtype) |
1077 if not (rschema.has_perm(req, perm) or rschema.has_local_role(perm)): |
1065 if not rschema.may_have_permission(perm, req): |
1078 return 0 |
1066 return 0 |
1079 return 1 |
1067 return 1 |
1080 etype_rtype_selector = deprecated()(etype_rtype_selector) |
1068 etype_rtype_selector = deprecated()(etype_rtype_selector) |
1081 |
1069 |
1082 #req_form_params_selector = deprecated()(match_form_params) # form_params |
1070 #req_form_params_selector = deprecated()(match_form_params) # form_params |