[multi-sources] support for moving an entity from an external source (closes #343818)
Original need is to move a user from a ldap source to the system source so
we can delete it from ldap without loosing information into the cubicweb
instance.
We can't wait for the user to be deleted from the ldap since it will be too
late then to get back user attributes, so it has to be a manual operation to
operate before actual deletion. This makes sense for other sources as well.
So the idea is to make the "Any cw_source CWSource" relation editable by
managers, and to watch changes of it. We then check the move is possible
(ie from an external source to the system source) and do necessary stuff
(essentially changing source information and copying data into the system
source).
Remaining pb is that we don't want the moved entity to be reimported later.
To distinguish this state, the trick is to change the associated record in
the 'entities' system table with eid=-eid while leaving other fields
unchanged, and to add a new record with eid=eid, source='system'. External
source will then have consider case where `extid2eid` return a negative eid
as 'this entity was known but has been moved, ignore it'.
Notice no ui is provided yet, it has currently to be done in a c-c shell.
# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
#
# This file is part of CubicWeb.
#
# CubicWeb is free software: you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
#
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
#
# You should have received a copy of the GNU Lesser General Public License along
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.
"""core CubicWeb schema, but not necessary at bootstrap time"""
__docformat__ = "restructuredtext en"
_ = unicode
from yams.buildobjs import (EntityType, RelationType, RelationDefinition,
SubjectRelation, String, Datetime, Password, Interval)
from cubicweb.schema import (
RQLConstraint, WorkflowableEntityType, ERQLExpression, RRQLExpression,
PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, PUB_SYSTEM_ATTR_PERMS)
class CWUser(WorkflowableEntityType):
"""define a CubicWeb user"""
__permissions__ = {
'read': ('managers', 'users', ERQLExpression('X identity U')),
'add': ('managers',),
'delete': ('managers',),
'update': ('managers', ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),),
}
login = String(required=True, unique=True, maxsize=64,
description=_('unique identifier used to connect to the application'))
upassword = Password(required=True) # password is a reserved word for mysql
firstname = String(maxsize=64)
surname = String(maxsize=64)
last_login_time = Datetime(description=_('last connection date'))
# allowing an email to be the primary email of multiple entities is necessary for
# test at least :-/
primary_email = SubjectRelation('EmailAddress', cardinality='??',
description=_('email address to use for notification'))
use_email = SubjectRelation('EmailAddress', cardinality='*?', composite='subject')
in_group = SubjectRelation('CWGroup', cardinality='+*',
constraints=[RQLConstraint('NOT O name "owners"')],
description=_('groups grant permissions to the user'))
class EmailAddress(EntityType):
"""an electronic mail address associated to a short alias"""
__permissions__ = {
'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P
'add': ('managers', 'users',),
'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')),
'update': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')),
}
alias = String(fulltextindexed=True, maxsize=56)
address = String(required=True, fulltextindexed=True,
indexed=True, unique=True, maxsize=128)
prefered_form = SubjectRelation('EmailAddress', cardinality='?*',
description=_('when multiple addresses are equivalent \
(such as python-projects@logilab.org and python-projects@lists.logilab.org), set this \
to indicate which is the preferred form.'))
class use_email(RelationType):
""" """
__permissions__ = {
'read': ('managers', 'users', 'guests',),
'add': ('managers', RRQLExpression('U has_update_permission S'),),
'delete': ('managers', RRQLExpression('U has_update_permission S'),),
}
fulltext_container = 'subject'
class primary_email(RelationType):
"""the prefered email"""
__permissions__ = use_email.__permissions__
class prefered_form(RelationType):
__permissions__ = {
'read': ('managers', 'users', 'guests',),
# XXX should have update __permissions__ on both subject and object,
# though by doing this we will probably have no way to add
# this relation in the web ui. The easiest way to acheive this
# is probably to be able to have "U has_update_permission O" as
# RQLConstraint of the relation definition, though this is not yet
# possible
'add': ('managers', RRQLExpression('U has_update_permission S'),),
'delete': ('managers', RRQLExpression('U has_update_permission S'),),
}
class in_group(RelationType):
"""core relation indicating a user's groups"""
__permissions__ = PUB_SYSTEM_REL_PERMS
class owned_by(RelationType):
"""core relation indicating owners of an entity. This relation
implicitly put the owner into the owners group for the entity
"""
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers', RRQLExpression('S owned_by U'),),
'delete': ('managers', RRQLExpression('S owned_by U'),),
}
# 0..n cardinality for entities created by internal session (no attached user)
# and to support later deletion of a user which has created some entities
cardinality = '**'
subject = '*'
object = 'CWUser'
class created_by(RelationType):
"""core relation indicating the original creator of an entity"""
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers',),
'delete': ('managers',),
}
# 0..1 cardinality for entities created by internal session (no attached user)
# and to support later deletion of a user which has created some entities
cardinality = '?*'
subject = '*'
object = 'CWUser'
class creation_date(RelationType):
"""creation time of an entity"""
__permissions__ = PUB_SYSTEM_ATTR_PERMS
cardinality = '11'
subject = '*'
object = 'Datetime'
class modification_date(RelationType):
"""latest modification time of an entity"""
__permissions__ = PUB_SYSTEM_ATTR_PERMS
cardinality = '11'
subject = '*'
object = 'Datetime'
class cwuri(RelationType):
"""internal entity uri"""
__permissions__ = PUB_SYSTEM_ATTR_PERMS
cardinality = '11'
subject = '*'
object = 'String'
# XXX find a better relation name
class for_user(RelationType):
"""link a property to the user which want this property customization. Unless
you're a site manager, this relation will be handled automatically.
"""
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers',),
'delete': ('managers',),
}
inlined = True
subject = 'CWProperty'
object = 'CWUser'
composite = 'object'
cardinality = '?*'
class CWPermission(EntityType):
"""entity type that may be used to construct some advanced security configuration
"""
__permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True, maxsize=100,
description=_('name or identifier of the permission'))
label = String(required=True, internationalizable=True, maxsize=100,
description=_('distinct label to distinguate between other '
'permission entity of the same name'))
require_group = SubjectRelation('CWGroup',
description=_('groups to which the permission is granted'))
# explicitly add X require_permission CWPermission for each entity that should have
# configurable security
class require_permission(RelationType):
"""link a permission to the entity. This permission should be used in the
security definition of the entity's type to be useful.
"""
__permissions__ = PUB_SYSTEM_REL_PERMS
class require_group(RelationType):
"""used to grant a permission to a group"""
__permissions__ = PUB_SYSTEM_REL_PERMS
class ExternalUri(EntityType):
"""a URI representing an object in external data store"""
uri = String(required=True, unique=True, maxsize=256,
description=_('the URI of the object'))
class same_as(RelationType):
"""generic relation to specify that an external entity represent the same
object as a local one:
http://www.w3.org/TR/owl-ref/#sameAs-def
"""
#NOTE: You'll have to explicitly declare which entity types can have a
#same_as relation
__permissions__ = {
'read': ('managers', 'users', 'guests',),
'add': ('managers', 'users'),
'delete': ('managers', 'owners'),
}
cardinality = '**'
symmetric = True
# NOTE: the 'object = ExternalUri' declaration will still be mandatory
# in the cube's schema.
object = 'ExternalUri'
class CWCache(EntityType):
"""a simple cache entity characterized by a name and
a validity date.
The target application is responsible for updating timestamp
when necessary to invalidate the cache (typically in hooks).
Also, checkout the AppObject.get_cache() method.
"""
# XXX only handle by hooks, shouldn't be readable/editable at all through
# the ui and so no permissions should be granted, no?
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers',),
'update': ('managers', 'users',), # XXX
'delete': ('managers',),
}
name = String(required=True, unique=True, maxsize=128,
description=_('name of the cache'))
timestamp = Datetime(default='NOW')
class CWSource(EntityType):
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers',),
'update': ('managers',),
'delete': ('managers',),
}
name = String(required=True, unique=True, maxsize=128,
description=_('name of the source'))
type = String(required=True, maxsize=20, description=_('type of the source'))
config = String(description=_('source\'s configuration. One key=value per '
'line, authorized keys depending on the '
'source\'s type'),
__permissions__={
'read': ('managers',),
'update': ('managers',),
})
# put this here and not in a subclass even if it's only for some sources
# since having subclasses on generic relation (cw_source) double the number
# of rdef in the schema, and make ms planning harder since queries solutions
# may changes when sources are specified
url = String(description=_('URLs from which content will be imported. You can put one url per line'))
parser = String(description=_('parser to use to extract entities from content retrieved at given URLs.'))
latest_retrieval = Datetime(description=_('latest synchronization time'))
ENTITY_MANAGERS_PERMISSIONS = {
'read': ('managers',),
'add': ('managers',),
'update': ('managers',),
'delete': ('managers',),
}
RELATION_MANAGERS_PERMISSIONS = {
'read': ('managers',),
'add': ('managers',),
'delete': ('managers',),
}
class CWSourceHostConfig(EntityType):
__permissions__ = ENTITY_MANAGERS_PERMISSIONS
__unique_together__ = [('match_host', 'cw_host_config_of')]
match_host = String(required=True, maxsize=128,
description=_('regexp matching host(s) to which this config applies'))
config = String(required=True,
description=_('Source\'s configuration for a particular host. '
'One key=value per line, authorized keys '
'depending on the source\'s type, overriding '
'values defined on the source.'),
__permissions__={
'read': ('managers',),
'update': ('managers',),
})
class cw_host_config_of(RelationDefinition):
__permissions__ = RELATION_MANAGERS_PERMISSIONS
subject = 'CWSourceHostConfig'
object = 'CWSource'
cardinality = '1*'
composite = 'object'
inlined = True
class cw_source(RelationDefinition):
__permissions__ = {
'read': ('managers', 'users', 'guests'),
'add': ('managers',),
'delete': ('managers',),
}
subject = '*'
object = 'CWSource'
cardinality = '1*'
composite = 'object'
class CWSourceSchemaConfig(EntityType):
__permissions__ = ENTITY_MANAGERS_PERMISSIONS
__unique_together__ = [('cw_for_source', 'cw_schema')]
cw_for_source = SubjectRelation(
'CWSource', inlined=True, cardinality='1*', composite='object',
__permissions__=RELATION_MANAGERS_PERMISSIONS)
cw_schema = SubjectRelation(
('CWEType', 'CWRType', 'CWAttribute', 'CWRelation'),
inlined=True, cardinality='1*', composite='object',
__permissions__=RELATION_MANAGERS_PERMISSIONS)
options = String(description=_('allowed options depends on the source type'))
# "abtract" relation types, no definition in cubicweb itself ###################
class identical_to(RelationType):
"""identical to"""
symmetric = True
__permissions__ = {
'read': ('managers', 'users', 'guests',),
# XXX should have update __permissions__ on both subject and object,
# though by doing this we will probably have no way to add
# this relation in the web ui. The easiest way to acheive this
# is probably to be able to have "U has_update_permission O" as
# RQLConstraint of the relation definition, though this is not yet
# possible
'add': ('managers', RRQLExpression('U has_update_permission S'),),
'delete': ('managers', RRQLExpression('U has_update_permission S'),),
}
class see_also(RelationType):
"""generic relation to link one entity to another"""
symmetric = True
__permissions__ = {
'read': ('managers', 'users', 'guests',),
'add': ('managers', RRQLExpression('U has_update_permission S'),),
'delete': ('managers', RRQLExpression('U has_update_permission S'),),
}