379 in which `X` represents the entity the attribute belongs to |
379 in which `X` represents the entity the attribute belongs to |
380 |
380 |
381 - the permissions `add` and `delete` are equivalent. Only `add`/`read` |
381 - the permissions `add` and `delete` are equivalent. Only `add`/`read` |
382 are actually taken in consideration. |
382 are actually taken in consideration. |
383 |
383 |
384 :Note on the use of RQL expression for `add` permission: |
384 .. note:: |
385 |
385 |
386 Potentially, the use of an RQL expression to add an entity or a |
386 Potentially, the `use of an RQL expression to add an entity or a |
387 relation can cause problems for the user interface, because if the |
387 relation` can cause problems for the user interface, because if the |
388 expression uses the entity or the relation to create, then we are |
388 expression uses the entity or the relation to create, then we are |
389 not able to verify the permissions before we actually add the entity |
389 not able to verify the permissions before we actually add the entity |
390 (please note that this is not a problem for the RQL server at all, |
390 (please note that this is not a problem for the RQL server at all, |
391 because the permissions checks are done after the creation). In such |
391 because the permissions checks are done after the creation). In such |
392 case, the permission check methods (CubicWebEntitySchema.check_perm |
392 case, the permission check methods (CubicWebEntitySchema.check_perm |
393 and has_perm) can indicate that the user is not allowed to create |
393 and has_perm) can indicate that the user is not allowed to create |
394 this entity but can obtain the permission. |
394 this entity but can obtain the permission. To compensate this |
395 To compensate this problem, it is usually necessary, for such case, |
395 problem, it is usually necessary, for such case, to use an action |
396 to use an action that reflects the schema permissions but which enables |
396 that reflects the schema permissions but which enables to check |
397 to check properly the permissions so that it would show up if necessary. |
397 properly the permissions so that it would show up if necessary. |
398 |
398 |
399 |
399 |
400 Use of RQL expression for reading rights |
400 Use of RQL expression for reading rights |
401 ```````````````````````````````````````` |
401 ```````````````````````````````````````` |
402 |
402 |