when some inlined relation is set using cw_edited, its security shouldn't be checked.
It's currently checked anyway because upon modification of `cw_edited`,
`entity.skip_security` is updated to avoid security checking, but this is only
considered for attributes, not relations.
Closes #5477315
# copyright 2003-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr## This file is part of CubicWeb.## CubicWeb is free software: you can redistribute it and/or modify it under the# terms of the GNU Lesser General Public License as published by the Free# Software Foundation, either version 2.1 of the License, or (at your option)# any later version.## CubicWeb is distributed in the hope that it will be useful, but WITHOUT# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more# details.## You should have received a copy of the GNU Lesser General Public License along# with CubicWeb. If not, see <http://www.gnu.org/licenses/>."""core CubicWeb schema, but not necessary at bootstrap time"""__docformat__="restructuredtext en"_=unicodefromyams.buildobjsimport(EntityType,RelationType,RelationDefinition,SubjectRelation,String,TZDatetime,Datetime,Password,Interval,Boolean)fromcubicweb.schemaimport(RQLConstraint,WorkflowableEntityType,ERQLExpression,RRQLExpression,PUB_SYSTEM_ENTITY_PERMS,PUB_SYSTEM_REL_PERMS,PUB_SYSTEM_ATTR_PERMS,RO_ATTR_PERMS)classCWUser(WorkflowableEntityType):"""define a CubicWeb user"""__permissions__={'read':('managers','users',ERQLExpression('X identity U')),'add':('managers',),'delete':('managers',),'update':('managers',ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),),}login=String(required=True,unique=True,maxsize=64,description=_('unique identifier used to connect to the application'))upassword=Password(required=True)# password is a reserved word for mysqlfirstname=String(maxsize=64)surname=String(maxsize=64)last_login_time=TZDatetime(description=_('last connection date'))in_group=SubjectRelation('CWGroup',cardinality='+*',constraints=[RQLConstraint('NOT O name "owners"')],description=_('groups grant permissions to the user'))classEmailAddress(EntityType):"""an electronic mail address associated to a short alias"""__permissions__={# application that wishes public email, or use it for something else# than users (eg Company, Person), should explicitly change permissions'read':('managers',ERQLExpression('U use_email X')),'add':('managers','users',),'delete':('managers','owners',ERQLExpression('P use_email X, U has_update_permission P')),'update':('managers','owners',ERQLExpression('P use_email X, U has_update_permission P')),}alias=String(fulltextindexed=True,maxsize=56)address=String(required=True,fulltextindexed=True,indexed=True,unique=True,maxsize=128)prefered_form=SubjectRelation('EmailAddress',cardinality='?*',description=_('when multiple addresses are equivalent \(such as python-projects@logilab.org and python-projects@lists.logilab.org), set this \to indicate which is the preferred form.'))classuse_email(RelationType):fulltext_container='subject'classuse_email_relation(RelationDefinition):"""user's email account"""name="use_email"__permissions__={'read':('managers','users','guests',),'add':('managers',RRQLExpression('U has_update_permission S'),),'delete':('managers',RRQLExpression('U has_update_permission S'),),}subject="CWUser"object="EmailAddress"cardinality='*?'composite='subject'classprimary_email(RelationDefinition):"""the prefered email"""__permissions__={'read':('managers','users','guests',),'add':('managers',RRQLExpression('U has_update_permission S'),),'delete':('managers',RRQLExpression('U has_update_permission S'),),}subject="CWUser"object="EmailAddress"cardinality='??'constraints=[RQLConstraint('S use_email O')]classprefered_form(RelationType):__permissions__={'read':('managers','users','guests',),# XXX should have update __permissions__ on both subject and object,# though by doing this we will probably have no way to add# this relation in the web ui. The easiest way to acheive this# is probably to be able to have "U has_update_permission O" as# RQLConstraint of the relation definition, though this is not yet# possible'add':('managers',RRQLExpression('U has_update_permission S'),),'delete':('managers',RRQLExpression('U has_update_permission S'),),}classin_group(RelationType):"""core relation indicating a user's groups"""__permissions__=PUB_SYSTEM_REL_PERMSclassowned_by(RelationType):"""core relation indicating owners of an entity. This relation implicitly put the owner into the owners group for the entity """__permissions__={'read':('managers','users','guests'),'add':('managers',RRQLExpression('S owned_by U'),),'delete':('managers',RRQLExpression('S owned_by U'),),}# 0..n cardinality for entities created by internal session (no attached user)# and to support later deletion of a user which has created some entitiescardinality='**'subject='*'object='CWUser'classcreated_by(RelationType):"""core relation indicating the original creator of an entity"""__permissions__={'read':('managers','users','guests'),'add':('managers',),'delete':('managers',),}# 0..1 cardinality for entities created by internal session (no attached user)# and to support later deletion of a user which has created some entitiescardinality='?*'subject='*'object='CWUser'classcreation_date(RelationType):"""creation time of an entity"""__permissions__=PUB_SYSTEM_ATTR_PERMScardinality='11'subject='*'object='Datetime'classmodification_date(RelationType):"""latest modification time of an entity"""__permissions__=PUB_SYSTEM_ATTR_PERMScardinality='11'subject='*'object='Datetime'classcwuri(RelationType):"""internal entity uri"""__permissions__=RO_ATTR_PERMScardinality='11'subject='*'object='String'# XXX find a better relation nameclassfor_user(RelationType):"""link a property to the user which want this property customization. Unless you're a site manager, this relation will be handled automatically. """__permissions__={'read':('managers','users','guests'),'add':('managers',),'delete':('managers',),}inlined=Truesubject='CWProperty'object='CWUser'composite='object'cardinality='?*'classExternalUri(EntityType):"""a URI representing an object in external data store"""uri=String(required=True,unique=True,maxsize=256,description=_('the URI of the object'))classsame_as(RelationType):"""generic relation to specify that an external entity represent the same object as a local one: http://www.w3.org/TR/owl-ref/#sameAs-def """#NOTE: You'll have to explicitly declare which entity types can have a#same_as relation__permissions__={'read':('managers','users','guests',),'add':('managers','users'),'delete':('managers','owners'),}cardinality='**'symmetric=True# NOTE: the 'object = ExternalUri' declaration will still be mandatory# in the cube's schema.object='ExternalUri'classCWCache(EntityType):"""a simple cache entity characterized by a name and a validity date. The target application is responsible for updating timestamp when necessary to invalidate the cache (typically in hooks). Also, checkout the AppObject.get_cache() method. """# XXX only handle by hooks, shouldn't be readable/editable at all through# the ui and so no permissions should be granted, no?__permissions__={'read':('managers','users','guests'),'add':('managers',),'update':('managers','users',),# XXX'delete':('managers',),}name=String(required=True,unique=True,maxsize=128,description=_('name of the cache'))timestamp=TZDatetime(default='NOW')classCWSource(EntityType):__permissions__={'read':('managers','users','guests'),'add':('managers',),'update':('managers',),'delete':('managers',),}name=String(required=True,unique=True,maxsize=128,description=_('name of the source'))type=String(required=True,maxsize=20,description=_('type of the source'))config=String(description=_('source\'s configuration. One key=value per ''line, authorized keys depending on the ''source\'s type'),__permissions__={'read':('managers',),'add':('managers',),'update':('managers',),})# put this here and not in a subclass even if it's only for some sources# since having subclasses on generic relation (cw_source) double the number# of rdef in the schema, and make ms planning harder since queries solutions# may changes when sources are specifiedurl=String(description=_('URLs from which content will be imported. You can put one url per line'))parser=String(description=_('parser to use to extract entities from content retrieved at given URLs.'))latest_retrieval=TZDatetime(description=_('latest synchronization time'))in_synchronization=TZDatetime(description=_('start timestamp of the currently in synchronization, or NULL when no synchronization in progress.'))ENTITY_MANAGERS_PERMISSIONS={'read':('managers',),'add':('managers',),'update':('managers',),'delete':('managers',),}RELATION_MANAGERS_PERMISSIONS={'read':('managers',),'add':('managers',),'delete':('managers',),}classCWSourceHostConfig(EntityType):__permissions__=ENTITY_MANAGERS_PERMISSIONS__unique_together__=[('match_host','cw_host_config_of')]match_host=String(required=True,maxsize=128,description=_('regexp matching host(s) to which this config applies'))config=String(required=True,description=_('Source\'s configuration for a particular host. ''One key=value per line, authorized keys ''depending on the source\'s type, overriding ''values defined on the source.'),__permissions__={'read':('managers',),'add':('managers',),'update':('managers',),})classcw_host_config_of(RelationDefinition):__permissions__=RELATION_MANAGERS_PERMISSIONSsubject='CWSourceHostConfig'object='CWSource'cardinality='1*'composite='object'inlined=Trueclasscw_source(RelationDefinition):__permissions__={'read':('managers','users','guests'),'add':('managers',),'delete':('managers',),}subject='*'object='CWSource'cardinality='1*'composite='object'classCWDataImport(EntityType):__permissions__=ENTITY_MANAGERS_PERMISSIONSstart_timestamp=TZDatetime()end_timestamp=TZDatetime()log=String()status=String(required=True,internationalizable=True,indexed=True,default='in progress',vocabulary=[_('in progress'),_('success'),_('failed')])classcw_import_of(RelationDefinition):__permissions__=RELATION_MANAGERS_PERMISSIONSsubject='CWDataImport'object='CWSource'cardinality='1*'composite='object'classCWSourceSchemaConfig(EntityType):__permissions__=ENTITY_MANAGERS_PERMISSIONScw_for_source=SubjectRelation('CWSource',inlined=True,cardinality='1*',composite='object',__permissions__=RELATION_MANAGERS_PERMISSIONS)options=String(description=_('allowed options depends on the source type'))classrtype_cw_schema(RelationDefinition):__permissions__=RELATION_MANAGERS_PERMISSIONSname='cw_schema'subject='CWSourceSchemaConfig'object=('CWEType','CWRType')inlined=Truecardinality='1*'composite='object'constraints=[RQLConstraint('NOT O final TRUE')]classrdef_cw_schema(RelationDefinition):__permissions__=RELATION_MANAGERS_PERMISSIONSname='cw_schema'subject='CWSourceSchemaConfig'object='CWRelation'inlined=Truecardinality='1*'composite='object'# "abtract" relation types, no definition in cubicweb itself ###################classidentical_to(RelationType):"""identical to"""symmetric=True__permissions__={'read':('managers','users','guests',),# XXX should have update __permissions__ on both subject and object,# though by doing this we will probably have no way to add# this relation in the web ui. The easiest way to acheive this# is probably to be able to have "U has_update_permission O" as# RQLConstraint of the relation definition, though this is not yet# possible'add':('managers',RRQLExpression('U has_update_permission S'),),'delete':('managers',RRQLExpression('U has_update_permission S'),),}classsee_also(RelationType):"""generic relation to link one entity to another"""symmetric=True__permissions__={'read':('managers','users','guests',),'add':('managers',RRQLExpression('U has_update_permission S'),),'delete':('managers',RRQLExpression('U has_update_permission S'),),}