Mercurial Mercurial > pub > hg > cubicweb / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/views/owl.py
branchreldefsecurity
changeset 3877 7ca53fc72a0a
parent 3689 deb13e88e037
child 3890 d7a270f50f54 
--- a/web/views/owl.py	Wed Nov 18 09:16:38 2009 +0100
+++ b/web/views/owl.py	Thu Nov 19 12:55:47 2009 +0100
@@ -71,10 +71,8 @@
         if writeprefix:
             self.w(OWL_CLOSING_ROOT)
 
-    def should_display_rschema(self, rschema):
-        return not rschema in self.skiptypes and (
-            rschema.has_local_role('read') or
-            rschema.has_perm(self.req, 'read'))
+    def should_display_rschema(self, eschema, rschema, tschemas, role):
+        return rschema.may_have_permissions('read', self.req, eschema, role)
 
     def visit_schema(self, skiptypes):
         """get a layout for a whole schema"""
@@ -94,7 +92,7 @@
         self.w(u'<owl:Class rdf:ID="%s">'% eschema)
         self.w(u'<!-- relations -->')
         for rschema, targetschemas, role in eschema.relation_definitions():
-            if not self.should_display_rschema(rschema):
+            if not self.should_display_rschema(eschema, rschema, targetschemas, role):
                 continue
             for oeschema in targetschemas:
                 if role == 'subject':
@@ -112,7 +110,7 @@
 
         self.w(u'<!-- attributes -->')
         for rschema, aschema in eschema.attribute_definitions():
-            if not self.should_display_rschema(rschema):
+            if not self.should_display_rschema(eschema, rschema, (aschema,), 'subject'):
                 continue
             self.w(u'''<rdfs:subClassOf>
   <owl:Restriction>
@@ -125,7 +123,7 @@
     def visit_property_schema(self, eschema):
         """get a layout for property entity OWL schema"""
         for rschema, targetschemas, role in eschema.relation_definitions():
-            if not self.should_display_rschema(rschema):
+            if not self.should_display_rschema(eschema, rschema, targetschemas, role):
                 continue
             for oeschema in targetschemas:
                 self.w(u'''<owl:ObjectProperty rdf:ID="%s">
@@ -135,7 +133,7 @@
 
     def visit_property_object_schema(self, eschema):
         for rschema, aschema in eschema.attribute_definitions():
-            if not self.should_display_rschema(rschema):
+            if not self.should_display_rschema(eschema, rschema, (aschema,), 'subject'):
                 continue
             self.w(u'''<owl:DatatypeProperty rdf:ID="%s">
   <rdfs:domain rdf:resource="#%s"/>
@@ -174,7 +172,8 @@
         for rschema, aschema in eschema.attribute_definitions():
             if rschema.meta:
                 continue
-            if not (rschema.has_local_role('read') or rschema.has_perm(self.req, 'read')):
+            rdef = rschema.rdef(eschema, aschema)
+            if not rdef.may_have_permission('read', self.req):
                 continue
             aname = rschema.type
             if aname == 'eid':
@@ -189,8 +188,10 @@
         for rschema, targetschemas, role in eschema.relation_definitions():
             if rschema.meta:
                 continue
-            if not (rschema.has_local_role('read') or rschema.has_perm(self.req, 'read')):
-                continue
+            for tschema in targetschemas:
+                rdef = rschema.role_rdef(eschema, tschema, role)
+                if not rdef.may_have_permission('read', self.req):
+                    continue
             if role == 'object':
                 attr = 'reverse_%s' % rschema.type
             else:
cubicweb