[CWEP002] refactor rql read security checking
Split 'check_read_perms' into 'check_relations_perms' which checks relations
'read' permissions and 'get_local_checks' which build dictionary of local
security checks (rql expression) for variables.
This allows to check relations 'read' permissions earlier in the process and so
to prepare insertion of the rql rewriter: we want to check permissions of the
computed relation, not permissions of relations introduced by the associated
rule, to conform to the CWEP.
Related to #3546717
====
Book
====
----
Part
----
Chapter
=======
.. _Level1AnchorForLaterReference:
Level 1 section
---------------
Level 2 section
~~~~~~~~~~~~~~~
Level 3 section
```````````````
*CubicWeb*
inline directives:
:file:`directory/file`
:envvar:`AN_ENV_VARIABLE`
:command:`command --option arguments`
:ref:, :mod:
.. sourcecode:: python
class SomePythonCode:
...
.. XXX a comment, wont be rendered
a [foot note]_
.. [foot note] the foot note content
Boxes
=====
- warning box:
.. warning::
Warning content
- note box:
.. note::
Note content
Cross references
================
To arbitrary section
--------------------
:ref:`identifier` ou :ref:`label <identifier>`
Label required of referencing node which as no title, else the node's title will be used.
To API objects
--------------
See the autodoc sphinx extension documentation. Quick overview:
* ref to a class: :class:`cubicweb.devtools.testlib.AutomaticWebTest`
* if you can to see only the class name in the generated documentation, add a ~:
:class:`~cubicweb.devtools.testlib.AutomaticWebTest`
* you can also use :mod: (module), :exc: (exception), :func: (function), :meth: (method)...
* syntax explained above to specify label explicitly may also be used