[hooks/security] provide attribute "add" permission As of today, the update permission on attributes is checked at entity *creation* time. This forbids using update permissions the proper way. We set it to be checked at entity update time only. We introduce a specific 'add' permission rule for attributes. For backward compatibility, its default value will be the same as the current 'update' permission. Notes: * needs a new yams version (ticket #149216) * introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr) * if the update permission was () and the bw compat kicks in, the rule is not enforced, to avoid un-creatable entity types -- this restriction will be lifted when the bw compat is gone * small internal refactoring on check_entity_attributes * one small pre 3.6.1 bw compat snippet must be removed from schemaserial Closes #2965518.

"""This module compare the Schema on the file system to the one in the database"""

from cStringIO import StringIO
from cubicweb.web.schemaviewer import SchemaViewer
from logilab.common.ureports import TextWriter
import difflib

viewer = SchemaViewer()
layout_db = viewer.visit_schema(schema, display_relations=True)
layout_fs = viewer.visit_schema(fsschema, display_relations=True)
writer = TextWriter()
stream_db = StringIO()
stream_fs = StringIO()
writer.format(layout_db, stream=stream_db)
writer.format(layout_fs, stream=stream_fs)

stream_db.seek(0)
stream_fs.seek(0)
db = stream_db.getvalue().splitlines()
fs = stream_fs.getvalue().splitlines()
open('db_schema.txt', 'w').write(stream_db.getvalue())
open('fs_schema.txt', 'w').write(stream_fs.getvalue())
#for diff in difflib.ndiff(fs, db):
#    print diff