[hooks/security] provide attribute "add" permission
As of today, the update permission on attributes is checked at entity
*creation* time. This forbids using update permissions the proper way.
We set it to be checked at entity update time only.
We introduce a specific 'add' permission rule for attributes.
For backward compatibility, its default value will be the same as the
current 'update' permission.
Notes:
* needs a new yams version (ticket #149216)
* introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr)
* if the update permission was () and the bw compat kicks in, the rule
is not enforced, to avoid un-creatable entity types -- this
restriction will be lifted when the bw compat is gone
* small internal refactoring on check_entity_attributes
* one small pre 3.6.1 bw compat snippet must be removed from schemaserial
Closes #2965518.
<table class="attributeForm" style="width:100%;"
tal:attributes="id tab_id | nothing;
class tab_class | nothing;">
<tr tal:iter="widget lines">
<th class="labelCol" tal:content="structure python:widget.render_label(entity)">attrname</th>
<td tal:define="error python:widget.render_error(entity)" style="width:100%;"
tal:attributes="class python:error and 'error' or nothing">
<div tal:replace="structure error">error message if any</div>
<div tal:replace="structure python:widget.edit_render(entity)" >widget (input, textarea, etc.)</div>
<div tal:replace="structure python:widget.render_help(entity)">format help if any</div>
</td>
</tr>
</table>