53 * add a `may_be_read_by` relation from Folder, File and Comment to users, |
53 * add a `may_be_read_by` relation from Folder, File and Comment to users, |
54 which will define who can see the entity |
54 which will define who can see the entity |
55 |
55 |
56 * security propagation will be done in hook. |
56 * security propagation will be done in hook. |
57 |
57 |
58 So the first thing to do is to modify my cube's schema.py to define those |
58 So the first thing to do is to modify my cube's :file:`schema.py` to define those |
59 relations: |
59 relations: |
60 |
60 |
61 .. sourcecode:: python |
61 .. sourcecode:: python |
62 |
62 |
63 from yams.constraints import StaticVocabularyConstraint |
63 from yams.constraints import StaticVocabularyConstraint |
94 |
94 |
95 * think to secure the `may_be_read_by` permissions, else any user can add/delete it |
95 * think to secure the `may_be_read_by` permissions, else any user can add/delete it |
96 by default, which somewhat breaks our security model... |
96 by default, which somewhat breaks our security model... |
97 |
97 |
98 Now, we should be able to define security rules in the schema, based on these new |
98 Now, we should be able to define security rules in the schema, based on these new |
99 attribute and relation. Here is the code to add to *schema.py*: |
99 attribute and relation. Here is the code to add to :file:`schema.py`: |
100 |
100 |
101 .. sourcecode:: python |
101 .. sourcecode:: python |
102 |
102 |
103 from cubicweb.schema import ERQLExpression |
103 from cubicweb.schema import ERQLExpression |
104 |
104 |
182 * on entity creation, schedule an operation that will set default visibility |
182 * on entity creation, schedule an operation that will set default visibility |
183 |
183 |
184 * when a "parent" relation is added, propagate parent's visibility unless the |
184 * when a "parent" relation is added, propagate parent's visibility unless the |
185 child already has a visibility set |
185 child already has a visibility set |
186 |
186 |
187 Here is the code in cube's *hooks.py*: |
187 Here is the code in cube's :file:`hooks.py`: |
188 |
188 |
189 .. sourcecode:: python |
189 .. sourcecode:: python |
190 |
190 |
191 from cubicweb.predicates import is_instance |
191 from cubicweb.predicates import is_instance |
192 from cubicweb.server import hook |
192 from cubicweb.server import hook |
249 because we want that attribute to be required, so we can't use None value else |
249 because we want that attribute to be required, so we can't use None value else |
250 we'll get an error before we get any chance to propagate... |
250 we'll get an error before we get any chance to propagate... |
251 |
251 |
252 Now, we also want to propagate the `may_be_read_by` relation. Fortunately, |
252 Now, we also want to propagate the `may_be_read_by` relation. Fortunately, |
253 CubicWeb provides some base hook classes for such things, so we only have to add |
253 CubicWeb provides some base hook classes for such things, so we only have to add |
254 the following code to *hooks.py*: |
254 the following code to :file:`hooks.py`: |
255 |
255 |
256 .. sourcecode:: python |
256 .. sourcecode:: python |
257 |
257 |
258 # relations where the "parent" entity is the subject |
258 # relations where the "parent" entity is the subject |
259 S_RELS = set() |
259 S_RELS = set() |
417 |
417 |
418 Prior to those changes, I created an instance, fed it with some data, so I |
418 Prior to those changes, I created an instance, fed it with some data, so I |
419 don't want to create a new one, but to migrate the existing one. Let's see how to |
419 don't want to create a new one, but to migrate the existing one. Let's see how to |
420 do that. |
420 do that. |
421 |
421 |
422 Migration commands should be put in the cube's *migration* directory, in a |
|
423 file named file:`<X.Y.Z>_Any.py` ('Any' being there mostly for historical reasons). |
422 file named file:`<X.Y.Z>_Any.py` ('Any' being there mostly for historical reasons). |
424 |
423 Migration commands should be put in the cube's :file:`migration` directory, in a |
425 Here I'll create a *migration/0.2.0_Any.py* file containing the following |
424 |
|
425 Here I'll create a :file:`migration/0.2.0_Any.py` file containing the following |
426 instructions: |
426 instructions: |
427 |
427 |
428 .. sourcecode:: python |
428 .. sourcecode:: python |
429 |
429 |
430 add_relation_type('may_be_read_by') |
430 add_relation_type('may_be_read_by') |
431 add_relation_type('visibility') |
431 add_relation_type('visibility') |
432 sync_schema_props_perms() |
432 sync_schema_props_perms() |
433 |
433 |
434 Then I update the version number in the cube's *__pkginfo__.py* to 0.2.0. And |
434 Then I update the version number in the cube's :file:`__pkginfo__.py` to 0.2.0. And |
435 that's it! Those instructions will: |
435 that's it! Those instructions will: |
436 |
436 |
437 * update the instance's schema by adding our two new relations and update the |
437 * update the instance's schema by adding our two new relations and update the |
438 underlying database tables accordingly (the first two instructions) |
438 underlying database tables accordingly (the first two instructions) |
439 |
439 |