23 |
23 |
24 The following built-in types are available : `String`, `Int`, `Float`, |
24 The following built-in types are available : `String`, `Int`, `Float`, |
25 `Decimal`, `Boolean`, `Date`, `Datetime`, `Time`, `Interval`, `Byte` |
25 `Decimal`, `Boolean`, `Date`, `Datetime`, `Time`, `Interval`, `Byte` |
26 and `Password`. |
26 and `Password`. |
27 |
27 |
28 You'll also have access to :ref:`CWBaseEntityTypes_:base cubicweb entitye types`. |
28 You'll also have access to :ref:`base cubicweb entity types <CWBaseEntityTypes>`. |
29 |
29 |
30 The instance schema is accessible through the .schema attribute of the |
30 The instance schema is accessible through the .schema attribute of the |
31 `vregistry`. It's an instance of :class:`cubicweb.schema.Schema`, which |
31 `vregistry`. It's an instance of :class:`cubicweb.schema.Schema`, which |
32 extends :class:`yams.schema.Schema`. |
32 extends :class:`yams.schema.Schema`. |
33 |
33 |
348 The class name corresponds to the entity type name. It is exepected to be |
348 The class name corresponds to the entity type name. It is exepected to be |
349 defined in the module ``mycube.schema``. |
349 defined in the module ``mycube.schema``. |
350 |
350 |
351 When defining a schema using python files, you may use the following shortcuts: |
351 When defining a schema using python files, you may use the following shortcuts: |
352 |
352 |
353 - ._cwuired` : boolean indicating if the attribute is._cwuired, eg subject cardinality is '1' |
353 - `required` : boolean indicating if the attribute is required, eg subject cardinality is '1' |
354 |
354 |
355 - `vocabulary` : specify static possible values of an attribute |
355 - `vocabulary` : specify static possible values of an attribute |
356 |
356 |
357 - `maxsize` : integer providing the maximum size of a string (no limit by default) |
357 - `maxsize` : integer providing the maximum size of a string (no limit by default) |
358 |
358 |
362 |
362 |
363 class Person(EntityType): |
363 class Person(EntityType): |
364 """A person with the properties and the relations necessary for my |
364 """A person with the properties and the relations necessary for my |
365 application""" |
365 application""" |
366 |
366 |
367 last_name = String._cwuired=True, fulltextindexed=True) |
367 last_name = String(required=True, fulltextindexed=True) |
368 first_name = String._cwuired=True, fulltextindexed=True) |
368 first_name = String(required=True, fulltextindexed=True) |
369 title = String(vocabulary=('Mr', 'Mrs', 'Miss')) |
369 title = String(vocabulary=('Mr', 'Mrs', 'Miss')) |
370 date_of_birth = Date() |
370 date_of_birth = Date() |
371 works_for = SubjectRelation('Company', cardinality='?*') |
371 works_for = SubjectRelation('Company', cardinality='?*') |
372 |
372 |
373 |
373 |
436 |
436 |
437 In the case of simultaneous relations definitions, `subject` and `object` |
437 In the case of simultaneous relations definitions, `subject` and `object` |
438 can both be equal to the value of the first argument of `SubjectRelation` |
438 can both be equal to the value of the first argument of `SubjectRelation` |
439 and `ObjectRelation`. |
439 and `ObjectRelation`. |
440 |
440 |
441 When a relation is not inlined and not symmetrical, and it does not._cwuire |
441 When a relation is not inlined and not symmetrical, and it does not require |
442 specific permissions, its definition (by using `SubjectRelation` and |
442 specific permissions, its definition (by using `SubjectRelation` and |
443 `ObjectRelation`) is all we need. |
443 `ObjectRelation`) is all we need. |
444 |
444 |
445 |
445 |
446 Definition of permissions |
446 Definition of permissions |
453 .. sourcecode:: python |
453 .. sourcecode:: python |
454 |
454 |
455 class CWPermission(EntityType): |
455 class CWPermission(EntityType): |
456 """entity type that may be used to construct some advanced security configuration |
456 """entity type that may be used to construct some advanced security configuration |
457 """ |
457 """ |
458 name = String._cwuired=True, indexed=True, internationalizable=True, maxsize=100) |
458 name = String(required=True, indexed=True, internationalizable=True, maxsize=100) |
459 ._cwuire_group = SubjectRelation('CWGroup', cardinality='+*', |
459 require_group = SubjectRelation('CWGroup', cardinality='+*', |
460 description=_('groups to which the permission is granted')) |
460 description=_('groups to which the permission is granted')) |
461 ._cwuire_state = SubjectRelation('State', |
461 require_state = SubjectRelation('State', |
462 description=_("entity's state in which the permission is applicable")) |
462 description=_("entity's state in which the permission is applicable")) |
463 # can be used on any entity |
463 # can be used on any entity |
464 ._cwuire_permission = ObjectRelation('**', cardinality='*1', composite='subject', |
464 require_permission = ObjectRelation('**', cardinality='*1', composite='subject', |
465 description=_("link a permission to the entity. This " |
465 description=_("link a permission to the entity. This " |
466 "permission should be used in the security " |
466 "permission should be used in the security " |
467 "definition of the entity's type to be useful.")) |
467 "definition of the entity's type to be useful.")) |
468 |
468 |
469 |
469 |
480 __permissions__ = {'read': ('managers', 'users', 'guests',), |
480 __permissions__ = {'read': ('managers', 'users', 'guests',), |
481 'update': ('managers', 'logilab', 'owners',), |
481 'update': ('managers', 'logilab', 'owners',), |
482 'delete': ('managers', ), |
482 'delete': ('managers', ), |
483 'add': ('managers', 'logilab', |
483 'add': ('managers', 'logilab', |
484 ERQLExpression('X version_of PROJ, U in_group G,' |
484 ERQLExpression('X version_of PROJ, U in_group G,' |
485 'PROJ._cwuire_permission P, P name "add_version",' |
485 'PROJ require_permission P, P name "add_version",' |
486 'P._cwuire_group G'),)} |
486 'P require_group G'),)} |
487 |
487 |
488 |
488 |
489 class version_of(RelationType): |
489 class version_of(RelationType): |
490 """link a version to its project. A version is necessarily linked to one and only one project. |
490 """link a version to its project. A version is necessarily linked to one and only one project. |
491 """ |
491 """ |
492 __permissions__ = {'read': ('managers', 'users', 'guests',), |
492 __permissions__ = {'read': ('managers', 'users', 'guests',), |
493 'delete': ('managers', ), |
493 'delete': ('managers', ), |
494 'add': ('managers', 'logilab', |
494 'add': ('managers', 'logilab', |
495 RRQLExpression('O._cwuire_permission P, P name "add_version",' |
495 RRQLExpression('O require_permission P, P name "add_version",' |
496 'U in_group G, P._cwuire_group G'),) |
496 'U in_group G, P require_group G'),) |
497 } |
497 } |
498 inlined = True |
498 inlined = True |
499 |
499 |
500 This configuration indicates that an entity `CWPermission` named |
500 This configuration indicates that an entity `CWPermission` named |
501 "add_version" can be associated to a project and provides rights to create |
501 "add_version" can be associated to a project and provides rights to create |
504 * in such case, we have to protect both the entity type "Version" and the relation |
504 * in such case, we have to protect both the entity type "Version" and the relation |
505 associating a version to a project ("version_of") |
505 associating a version to a project ("version_of") |
506 |
506 |
507 * because of the genericity of the entity type `CWPermission`, we have to execute |
507 * because of the genericity of the entity type `CWPermission`, we have to execute |
508 a unification with the groups and/or the states if necessary in the expression |
508 a unification with the groups and/or the states if necessary in the expression |
509 ("U in_group G, P._cwuire_group G" in the above example) |
509 ("U in_group G, P require_group G" in the above example) |