Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
schemas/__init__.py
branchstable
changeset 4243 2621de25d15a
parent 2502 324ec2056d56
child 4754 6bf17f810975 
--- a/schemas/__init__.py	Thu Jan 14 11:28:32 2010 +0100
+++ b/schemas/__init__.py	Thu Jan 14 11:37:08 2010 +0100
@@ -1,3 +1,14 @@
+"""some utilities to define schema permissions
+
+:organization: Logilab
+:copyright: 2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr
+"""
+__docformat__ = "restructuredtext en"
+
+from rql.utils import quote
+from cubicweb.schema import ERQLExpression, RRQLExpression
+
 # permissions for "meta" entity type (readable by anyone, can only be
 # added/deleted by managers)
 META_ETYPE_PERMS = {
@@ -22,3 +33,60 @@
     'add':    (),
     'delete': (),
     }
+
+def _perm(names):
+    if isinstance(names, (list, tuple)):
+        if len(names) == 1:
+            names = quote(names[0])
+        else:
+            names = 'IN (%s)' % (','.join(quote(name) for name in names))
+    else:
+        names = quote(names)
+    #return u' require_permission P, P name %s, U in_group G, P require_group G' % names
+    return u' require_permission P, P name %s, U has_group_permission P' % names
+
+
+def xperm(*names):
+    return 'X' + _perm(names)
+
+def xexpr(*names):
+    return ERQLExpression(xperm(*names))
+
+def xrexpr(relation, *names):
+    return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names)))
+
+def xorexpr(relation, etype, *names):
+    return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names)))
+
+
+def sexpr(*names):
+    return RRQLExpression('S' + _perm(names), 'S')
+
+def restricted_sexpr(restriction, *names):
+    rql = '%s, %s' % (restriction, 'S' + _perm(names))
+    return RRQLExpression(rql, 'S')
+
+def restricted_oexpr(restriction, *names):
+    rql = '%s, %s' % (restriction, 'O' + _perm(names))
+    return RRQLExpression(rql, 'O')
+
+def oexpr(*names):
+    return RRQLExpression('O' + _perm(names), 'O')
+
+
+# def supdate_perm():
+#     return RRQLExpression('U has_update_permission S', 'S')
+
+# def oupdate_perm():
+#     return RRQLExpression('U has_update_permission O', 'O')
+
+def relxperm(rel, role, *names):
+    assert role in ('subject', 'object')
+    if role == 'subject':
+        zxrel = ', X %s Z' % rel
+    else:
+        zxrel = ', Z %s X' % rel
+    return 'Z' + _perm(names) + zxrel
+
+def relxexpr(rel, role, *names):
+    return ERQLExpression(relxperm(rel, role, *names))
cubicweb