cubicweb: comparison web/views/actions.py

equal deleted inserted replaced

-:1169d3154be6
+:7ca53fc72a0a
 for role, rschemas in (('subject', eschema.subject_relations()),
 ('object', eschema.object_relations())):
 for rschema in rschemas:
 if rschema.final:
 continue
-# check the relation can be added as well
-# XXX consider autoform_permissions_overrides?
-if role == 'subject'and not rschema.has_perm(req, 'add',
-fromeid=entity.eid):
-continue
-if role == 'object'and not rschema.has_perm(req, 'add',
-toeid=entity.eid):
-continue
-# check the target types can be added as well
 for teschema in rschema.targets(eschema, role):
 if not appearsin_addmenu.etype_get(eschema, rschema,
 role, teschema):
 continue
-if teschema.has_local_role('add') or teschema.has_perm(req, 'add'):
+rdef = rschema.role_rdef(eschema, teschema, role)
+# check the relation can be added
+# XXX consider autoform_permissions_overrides?
+if role == 'subject'and not rdef.has_perm(
+req, 'add', fromeid=entity.eid):
+continue
+if role == 'object'and not rdef.has_perm(
+req, 'add', toeid=entity.eid):
+continue
+# check the target types can be added as well
+if teschema.may_have_permission('add', req):
 yield rschema, teschema, role
 def linkto_url(self, entity, rtype, etype, target):
 return self.build_url('add/%s' % etype,
 __linkto='%s:%s:%s' % (rtype, entity.eid, target),