[hooks/security] provide attribute "add" permission
As of today, the update permission on attributes is checked at entity
*creation* time. This forbids using update permissions the proper way.
We set it to be checked at entity update time only.
We introduce a specific 'add' permission rule for attributes.
For backward compatibility, its default value will be the same as the
current 'update' permission.
Notes:
* needs a new yams version (ticket #149216)
* introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr)
* if the update permission was () and the bw compat kicks in, the rule
is not enforced, to avoid un-creatable entity types -- this
restriction will be lifted when the bw compat is gone
* small internal refactoring on check_entity_attributes
* one small pre 3.6.1 bw compat snippet must be removed from schemaserial
Closes #2965518.
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: cubicweb
# Required-Start: $remote_fs $syslog $local_fs $network
# Required-Stop: $remote_fs $syslog $local_fs $network
# Should-Start: postgresql pyro-nsd
# Should-Stop: postgresql pyro-nsd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start cubicweb application at boot time
### END INIT INFO
# FIXME Seems to be inadequate here
# FIXME If related to pyro, try instead:
# export PYRO_STORAGE="/tmp"
cd /tmp
# FIXME Work-around about the following lintian error
# E: cubicweb-ctl: init.d-script-does-not-implement-required-option /etc/init.d/cubicweb start
#
# Check if we are sure to not want the start-stop-daemon machinery here
# Refer to Debian Policy Manual section 9.3.2 (Writing the scripts) for details.
case $1 in
force-reload)
python -W ignore /usr/bin/cubicweb-ctl reload --force
;;
status)
python -W ignore /usr/bin/cubicweb-ctl status
;;
start|stop|restart|*)
python -W ignore /usr/bin/cubicweb-ctl $1 --force
;;
esac