[hooks/security] provide attribute "add" permission
As of today, the update permission on attributes is checked at entity
*creation* time. This forbids using update permissions the proper way.
We set it to be checked at entity update time only.
We introduce a specific 'add' permission rule for attributes.
For backward compatibility, its default value will be the same as the
current 'update' permission.
Notes:
* needs a new yams version (ticket #149216)
* introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr)
* if the update permission was () and the bw compat kicks in, the rule
is not enforced, to avoid un-creatable entity types -- this
restriction will be lifted when the bw compat is gone
* small internal refactoring on check_entity_attributes
* one small pre 3.6.1 bw compat snippet must be removed from schemaserial
Closes #2965518.
# Author: David Goodger# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr## This file is part of CubicWeb.## CubicWeb is free software: you can redistribute it and/or modify it under the# terms of the GNU Lesser General Public License as published by the Free# Software Foundation, either version 2.1 of the License, or (at your option)# any later version.## CubicWeb is distributed in the hope that it will be useful, but WITHOUT# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more# details.## You should have received a copy of the GNU Lesser General Public License along# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.""""""# Contact: goodger@users.sourceforge.net# Revision: $Revision: 1.2 $# Date: $Date: 2005-07-04 16:36:50 $# Copyright: This module has been placed in the public domain."""Simple HyperText Markup Language document tree Writer.The output conforms to the HTML 4.01 Transitional DTD and to the ExtensibleHTML version 1.0 Transitional DTD (*almost* strict). The output contains aminimum of formatting information. A cascading style sheet ("default.css" bydefault) is required for proper viewing with a modern graphical browser.http://cvs.zope.org/Zope/lib/python/docutils/writers/Attic/html4zope.py?rev=1.1.2.2&only_with_tag=ajung-restructuredtext-integration-branch&content-type=text/vnd.viewcvs-markup"""__docformat__='reStructuredText'importosfromlogilab.mtconverterimportxml_escapefromdocutilsimportnodesfromdocutils.writers.html4css1importWriterasCSS1Writerfromdocutils.writers.html4css1importHTMLTranslatorasCSS1HTMLTranslatordefault_level=int(os.environ.get('STX_DEFAULT_LEVEL',3))classWriter(CSS1Writer):"""css writer using our html translator"""def__init__(self,base_url):CSS1Writer.__init__(self)self.translator_class=URLBinder(base_url,HTMLTranslator)defapply_template(self):"""overriding this is necessary with docutils >= 0.5"""returnself.visitor.astext()classURLBinder:def__init__(self,url,klass):self.base_url=urlself.translator_class=HTMLTranslatordef__call__(self,document):translator=self.translator_class(document)translator.base_url=self.base_urlreturntranslatorclassHTMLTranslator(CSS1HTMLTranslator):"""ReST tree to html translator"""defastext(self):"""return the extracted html"""return''.join(self.body)defvisit_title(self,node):"""Only 6 section levels are supported by HTML."""ifisinstance(node.parent,nodes.topic):self.body.append(self.starttag(node,'p','',CLASS='topic-title'))ifnode.parent.hasattr('id'):self.body.append(self.starttag({},'a','',name=node.parent['id']))self.context.append('</a></p>\n')else:self.context.append('</p>\n')elifself.section_level==0:# document titleself.head.append('<title>%s</title>\n'%self.encode(node.astext()))self.body.append(self.starttag(node,'h%d'%default_level,'',CLASS='title'))self.context.append('</h%d>\n'%default_level)else:self.body.append(self.starttag(node,'h%s'%(default_level+self.section_level-1),''))atts={}ifnode.hasattr('refid'):atts['class']='toc-backref'atts['href']='%s#%s'%(self.base_url,node['refid'])self.body.append(self.starttag({},'a','',**atts))self.context.append('</a></h%s>\n'%(default_level+self.section_level-1))defvisit_subtitle(self,node):"""format a subtitle"""ifisinstance(node.parent,nodes.sidebar):self.body.append(self.starttag(node,'p','',CLASS='sidebar-subtitle'))self.context.append('</p>\n')else:self.body.append(self.starttag(node,'h%s'%(default_level+1),'',CLASS='subtitle'))self.context.append('</h%s>\n'%(default_level+1))defvisit_document(self,node):"""syt: i don't want the enclosing <div class="document">"""defdepart_document(self,node):"""syt: i don't want the enclosing <div class="document">"""defvisit_reference(self,node):"""syt: i want absolute urls"""if'refuri'innode:href=node['refuri']if(self.settings.cloak_email_addressesandhref.startswith('mailto:')):href=self.cloak_mailto(href)self.in_mailto=1else:assert'refid'innode, \'References must have "refuri" or "refid" attribute.'href='%s#%s'%(self.base_url,node['refid'])atts={'href':href,'class':'reference'}ifnotisinstance(node.parent,nodes.TextElement):assertlen(node)==1andisinstance(node[0],nodes.image)atts['class']+=' image-reference'self.body.append(self.starttag(node,'a','',**atts))## override error messages to avoid XHTML problems ########################defvisit_problematic(self,node):passdefdepart_problematic(self,node):passdefvisit_system_message(self,node):backref_text=''iflen(node['backrefs']):backrefs=node['backrefs']iflen(backrefs)==1:backref_text='; <em>backlink</em>'else:i=1backlinks=[]forbackrefinbackrefs:backlinks.append(str(i))i+=1backref_text=('; <em>backlinks: %s</em>'%', '.join(backlinks))ifnode.hasattr('line'):line=', line %s'%node['line']else:line=''a_start=a_end=''error=u'System Message: %s%s/%s%s (%s%s)%s</p>\n'%(a_start,node['type'],node['level'],a_end,self.encode(node['source']),line,backref_text)self.body.append(u'<div class="system-message"><b>ReST / HTML errors:</b>%s</div>'%xml_escape(error))defdepart_system_message(self,node):pass