cubicweb: comparison web/uicfg.py

equal deleted inserted replaced

-:1acd90d0cb59
+:ede247bbbf62
 def get(self, *key):
 # overriden to avoid recomputing done in parent classes
 return self._tagdefs.get(key, ())
-def relations_by_section(self, entity, formtype, section,
+def relations_by_section(self, entity, formtype, section, permission,
-permission=None, strict=False):
+strict=False):
 """return a list of (relation schema, target schemas, role) for the
 given entity matching categories and permission.
 `strict`:
 bool telling if having local role is enough (strict = False) or not
 if entity.has_eid():
 eid = entity.eid
 else:
 eid = None
 strict = False
+if permission == 'update':
+assert section in ('attributes', 'metadata', 'hidden')
+relpermission = 'add'
+else:
+assert section not in ('attributes', 'metadata', 'hidden')
+relpermission = permission
 cw = entity._cw
 for rschema, targetschemas, role in eschema.relation_definitions(True):
-# check category first, potentially lower cost than checking
-# permission which may imply rql queries
 _targetschemas = []
 for tschema in targetschemas:
+# check section's tag first, potentially lower cost than
+# checking permission which may imply rql queries
 if not tag in self.etype_get(eschema, rschema, role, tschema):
 continue
 rdef = rschema.role_rdef(eschema, tschema, role)
-if permission is not None and \
+if rschema.final:
-not ((not strict and rdef.has_local_role(permission)) or
+if not rdef.has_perm(cw, permission, eid=eid):
-rdef.has_perm(cw, permission, fromeid=eid)):
+continue
-continue
+elif strict or not rdef.has_local_role(relpermission):
+if role == 'subject':
+if not rdef.has_perm(cw, relpermission, fromeid=eid):
+continue
+elif role == 'object':
+if not rdef.has_perm(cw, relpermission, toeid=eid):
+continue
 _targetschemas.append(tschema)
 if not _targetschemas:
 continue
 targetschemas = _targetschemas
-if permission is not None:
+rdef = eschema.rdef(rschema, role=role, targettype=targetschemas[0])
-rdef = eschema.rdef(rschema, role=role, targettype=targetschemas[0])
+# XXX tag allowing to hijack the permission machinery when
-# tag allowing to hijack the permission machinery when
+# permission is not verifiable until the entity is actually
-# permission is not verifiable until the entity is actually
+# created...
-# created...
+if eid is None and '%s_on_new' % permission in permsoverrides.etype_get(eschema, rschema, role):
-if eid is None and '%s_on_new' % permission in permsoverrides.etype_get(eschema, rschema, role):
+yield (rschema, targetschemas, role)
-yield (rschema, targetschemas, role)
+continue
+if not rschema.final and role == 'subject':
+# on relation with cardinality 1 or ?, we need delete perm as well
+# if the relation is already set
+if (relpermission == 'add'
+and rdef.role_cardinality(role) in '1?'
+and eid and entity.related(rschema.type, role)
+and not rdef.has_perm(cw, 'delete', fromeid=eid,
+toeid=entity.related(rschema.type, role)[0][0])):
 continue
-if rschema.final:
+elif role == 'object':
-if not rdef.has_perm(cw, permission, fromeid=eid):
+# on relation with cardinality 1 or ?, we need delete perm as well
-continue
+# if the relation is already set
-elif role == 'subject':
+if (relpermission == 'add'
-# on relation with cardinality 1 or ?, we need delete perm as well
+and rdef.role_cardinality(role) in '1?'
-# if the relation is already set
+and eid and entity.related(rschema.type, role)
-if (permission == 'add'
+and not rdef.has_perm(cw, 'delete', toeid=eid,
-and rdef.role_cardinality(role) in '1?'
+fromeid=entity.related(rschema.type, role)[0][0])):
-and eid and entity.related(rschema.type, role)
+continue
-and not rdef.has_perm(cw, 'delete', fromeid=eid,
-toeid=entity.related(rschema.type, role)[0][0])):
-continue
-elif role == 'object':
-# on relation with cardinality 1 or ?, we need delete perm as well
-# if the relation is already set
-if (permission == 'add'
-and rdef.role_cardinality(role) in '1?'
-and eid and entity.related(rschema.type, role)
-and not rdef.has_perm(cw, 'delete', toeid=eid,
-fromeid=entity.related(rschema.type, role)[0][0])):
-continue
 yield (rschema, targetschemas, role)
 autoform_section = AutoformSectionRelationTags('autoform_section')
 # relations'field class

branch	stable
changeset 4570	ede247bbbf62
parent 4565	9f991ee66e19
child 4607	55eab66c6592