[hooks/security] provide attribute "add" permission As of today, the update permission on attributes is checked at entity *creation* time. This forbids using update permissions the proper way. We set it to be checked at entity update time only. We introduce a specific 'add' permission rule for attributes. For backward compatibility, its default value will be the same as the current 'update' permission. Notes: * needs a new yams version (ticket #149216) * introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr) * if the update permission was () and the bw compat kicks in, the rule is not enforced, to avoid un-creatable entity types -- this restriction will be lifted when the bw compat is gone * small internal refactoring on check_entity_attributes * one small pre 3.6.1 bw compat snippet must be removed from schemaserial Closes #2965518.

config['rql-cache-size'] = config['rql-cache-size'] * 10

add_entity_type('CWDataImport')

from cubicweb.schema import CONSTRAINTS, guess_rrqlexpr_mainvars
for rqlcstr in rql('Any X,XT,XV WHERE X is CWConstraint, X cstrtype XT, X value XV,'
                   'X cstrtype XT, XT name IN ("RQLUniqueConstraint","RQLConstraint","RQLVocabularyConstraint"),'
                   'NOT X value ~= ";%"').entities():
    expression = rqlcstr.value
    mainvars = guess_rrqlexpr_mainvars(expression)
    yamscstr = CONSTRAINTS[rqlcstr.type](expression, mainvars)
    rqlcstr.cw_set(value=yamscstr.serialize())
    print 'updated', rqlcstr.type, rqlcstr.value.strip()