[hooks/security] provide attribute "add" permission
As of today, the update permission on attributes is checked at entity
*creation* time. This forbids using update permissions the proper way.
We set it to be checked at entity update time only.
We introduce a specific 'add' permission rule for attributes.
For backward compatibility, its default value will be the same as the
current 'update' permission.
Notes:
* needs a new yams version (ticket #149216)
* introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr)
* if the update permission was () and the bw compat kicks in, the rule
is not enforced, to avoid un-creatable entity types -- this
restriction will be lifted when the bw compat is gone
* small internal refactoring on check_entity_attributes
* one small pre 3.6.1 bw compat snippet must be removed from schemaserial
Closes #2965518.
function datetuple(d) {
return [d.getFullYear(), d.getMonth()+1, d.getDate(),
d.getHours(), d.getMinutes()];
}
function pprint(obj) {
print('{');
for(k in obj) {
print(' ' + k + ' = ' + obj[k]);
}
print('}');
}
function arrayrepr(array) {
return '[' + array.join(', ') + ']';
}
function assertArrayEquals(array1, array2) {
if (array1.length != array2.length) {
throw new crosscheck.AssertionFailure(array1.join(', ') + ' != ' + array2.join(', '));
}
for (var i=0; i<array1.length; i++) {
if (array1[i] != array2[i]) {
throw new crosscheck.AssertionFailure(arrayrepr(array1) + ' and ' + arrayrepr(array2)
+ ' differs at index ' + i);
}
}
}