349 if entity.has_eid(): |
349 if entity.has_eid(): |
350 eid = entity.eid |
350 eid = entity.eid |
351 else: |
351 else: |
352 eid = None |
352 eid = None |
353 strict = False |
353 strict = False |
|
354 cw = entity._cw |
354 for rschema, targetschemas, role in eschema.relation_definitions(True): |
355 for rschema, targetschemas, role in eschema.relation_definitions(True): |
355 # check category first, potentially lower cost than checking |
356 # check category first, potentially lower cost than checking |
356 # permission which may imply rql queries |
357 # permission which may imply rql queries |
357 _targetschemas = [] |
358 _targetschemas = [] |
358 for tschema in targetschemas: |
359 for tschema in targetschemas: |
359 if not tag in self.etype_get(eschema, rschema, role, tschema): |
360 if not tag in self.etype_get(eschema, rschema, role, tschema): |
360 continue |
361 continue |
361 rdef = rschema.role_rdef(eschema, tschema, role) |
362 rdef = rschema.role_rdef(eschema, tschema, role) |
362 if not ((not strict and rdef.has_local_role(permission)) or |
363 if not ((not strict and rdef.has_local_role(permission)) or |
363 rdef.has_perm(entity._cw, permission, fromeid=eid)): |
364 rdef.has_perm(cw, permission, fromeid=eid)): |
364 continue |
365 continue |
365 _targetschemas.append(tschema) |
366 _targetschemas.append(tschema) |
366 if not _targetschemas: |
367 if not _targetschemas: |
367 continue |
368 continue |
368 targetschemas = _targetschemas |
369 targetschemas = _targetschemas |
369 if permission is not None: |
370 if permission is not None: |
|
371 rdef = eschema.rdef(rschema, targettype=targetschemas[0]) |
370 # tag allowing to hijack the permission machinery when |
372 # tag allowing to hijack the permission machinery when |
371 # permission is not verifiable until the entity is actually |
373 # permission is not verifiable until the entity is actually |
372 # created... |
374 # created... |
373 if eid is None and '%s_on_new' % permission in permsoverrides.etype_get(eschema, rschema, role): |
375 if eid is None and '%s_on_new' % permission in permsoverrides.etype_get(eschema, rschema, role): |
374 yield (rschema, targetschemas, role) |
376 yield (rschema, targetschemas, role) |
375 continue |
377 continue |
376 if rschema.final: |
378 if rschema.final: |
377 if not eschema.rdef(rschema).has_perm(entity._cw, permission, fromeid=eid): |
379 if not rdef.has_perm(cw, permission, fromeid=eid): |
378 continue |
380 continue |
379 elif role == 'subject': |
381 elif role == 'subject': |
380 # on relation with cardinality 1 or ?, we need delete perm as well |
382 # on relation with cardinality 1 or ?, we need delete perm as well |
381 # if the relation is already set |
383 # if the relation is already set |
382 if (permission == 'add' |
384 if (permission == 'add' |
383 and rschema.cardinality(eschema, targetschemas[0], role) in '1?' |
385 and rdef.role_cardinality(role) in '1?' |
384 and eid and entity.related(rschema.type, role) |
386 and eid and entity.related(rschema.type, role) |
385 and not rschema.has_perm(entity._cw, 'delete', fromeid=eid, |
387 and not rdef.has_perm(cw, 'delete', fromeid=eid, |
386 toeid=entity.related(rschema.type, role)[0][0])): |
388 toeid=entity.related(rschema.type, role)[0][0])): |
387 continue |
389 continue |
388 elif role == 'object': |
390 elif role == 'object': |
389 # on relation with cardinality 1 or ?, we need delete perm as well |
391 # on relation with cardinality 1 or ?, we need delete perm as well |
390 # if the relation is already set |
392 # if the relation is already set |
391 if (permission == 'add' |
393 if (permission == 'add' |
392 and rschema.cardinality(targetschemas[0], eschema, role) in '1?' |
394 and rdef.role_cardinality(role) in '1?' |
393 and eid and entity.related(rschema.type, role) |
395 and eid and entity.related(rschema.type, role) |
394 and not rschema.has_perm(entity._cw, 'delete', toeid=eid, |
396 and not rdef.has_perm(cw, 'delete', toeid=eid, |
395 fromeid=entity.related(rschema.type, role)[0][0])): |
397 fromeid=entity.related(rschema.type, role)[0][0])): |
396 continue |
398 continue |
397 yield (rschema, targetschemas, role) |
399 yield (rschema, targetschemas, role) |
398 |
400 |
399 autoform_section = AutoformSectionRelationTags('autoform_section') |
401 autoform_section = AutoformSectionRelationTags('autoform_section') |
400 |
402 |