[security] check attributes: dispatch on the "add" action if entity was just created
cw_set on a just-created entity (i.e. created in the same transaction)
should behave the same as setting the attribute directly on creation:
check the 'add' permissions, not 'update'.
Closes #4740310.
# copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved.# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr## This file is part of CubicWeb.## CubicWeb is free software: you can redistribute it and/or modify it under the# terms of the GNU Lesser General Public License as published by the Free# Software Foundation, either version 2.1 of the License, or (at your option)# any later version.## CubicWeb is distributed in the hope that it will be useful, but WITHOUT# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more# details.## You should have received a copy of the GNU Lesser General Public License along# with CubicWeb. If not, see <http://www.gnu.org/licenses/>."""entity classes for optional library entities"""__docformat__="restructuredtext en"fromwarningsimportwarnfromurlparseimporturlsplit,urlunsplitfromdatetimeimportdatetimefromlogilab.mtconverterimportxml_escapefromcubicwebimportUnknownPropertyfromcubicweb.entityimport_markerfromcubicweb.entitiesimportAnyEntity,fetch_configdefmangle_email(address):try:name,host=address.split('@',1)exceptValueError:returnaddressreturn'%s at %s'%(name,host.replace('.',' dot '))classEmailAddress(AnyEntity):__regid__='EmailAddress'fetch_attrs,cw_fetch_order=fetch_config(['address','alias'])rest_attr='eid'defdc_title(self):ifself.alias:return'%s <%s>'%(self.alias,self.display_address())returnself.display_address()@propertydefemail_of(self):returnself.reverse_use_emailandself.reverse_use_email[0]orNone@propertydefprefered(self):returnself.prefered_formandself.prefered_form[0]orselfdefrelated_emails(self,skipeids=None):# XXX move to eemail# check email relations are in the schema firstsubjrels=self.e_schema.object_relations()ifnot('sender'insubjrelsand'recipients'insubjrels):returnrset=self._cw.execute('DISTINCT Any X, S, D ORDERBY D DESC ''WHERE X sender Y or X recipients Y, ''X subject S, X date D, Y eid %(y)s',{'y':self.eid})ifskipeidsisNone:skipeids=set()foriinxrange(len(rset)):eid=rset[i][0]ifeidinskipeids:continueskipeids.add(eid)yieldrset.get_entity(i,0)defdisplay_address(self):ifself._cw.vreg.config['mangle-emails']:returnmangle_email(self.address)returnself.addressdefprintable_value(self,attr,value=_marker,attrtype=None,format='text/html'):"""overriden to return displayable address when necessary"""ifattr=='address':address=self.display_address()ifformat=='text/html':address=xml_escape(address)returnaddressreturnsuper(EmailAddress,self).printable_value(attr,value,attrtype,format)classBookmark(AnyEntity):"""customized class for Bookmark entities"""__regid__='Bookmark'fetch_attrs,cw_fetch_order=fetch_config(['title','path'])defactual_url(self):url=self._cw.build_url(self.path)ifself.title:urlparts=list(urlsplit(url))ifurlparts[3]:urlparts[3]+='&vtitle=%s'%self._cw.url_quote(self.title)else:urlparts[3]='vtitle=%s'%self._cw.url_quote(self.title)url=urlunsplit(urlparts)returnurldefaction_url(self):returnself.absolute_url()+'/follow'classCWProperty(AnyEntity):__regid__='CWProperty'fetch_attrs,cw_fetch_order=fetch_config(['pkey','value'])rest_attr='pkey'deftyped_value(self):returnself._cw.vreg.typed_value(self.pkey,self.value)defdc_description(self,format='text/plain'):try:returnself._cw._(self._cw.vreg.property_info(self.pkey)['help'])exceptUnknownProperty:returnu''classCWCache(AnyEntity):"""Cache"""__regid__='CWCache'fetch_attrs,cw_fetch_order=fetch_config(['name'])def__init__(self,*args,**kwargs):warn('[3.19] CWCache entity type is going away soon. ''Other caching mechanisms can be used more reliably ''to the same effect.',DeprecationWarning)super(CWCache,self).__init__(*args,**kwargs)deftouch(self):self._cw.execute('SET X timestamp %(t)s WHERE X eid %(x)s',{'t':datetime.now(),'x':self.eid})defvalid(self,date):ifdate:returndate>self.timestampreturnFalse