Mercurial Mercurial > pub > hg > cubicweb / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
schemas/__init__.py
author Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
Thu, 22 Oct 2009 09:30:10 +0200
branchstable
changeset 3781 c7ef58db0e4b
parent 2502 324ec2056d56
child 4243 2621de25d15a
permissions -rw-r--r--
[javascript] asURL now escapes request arguments I can't see no good reason for not escaping parameters. The two main locations where asURL is used are : - edition view: here, the change should have no effect - facets: escaping is clearly needed in that case

# permissions for "meta" entity type (readable by anyone, can only be
# added/deleted by managers)
META_ETYPE_PERMS = {
    'read':   ('managers', 'users', 'guests',),
    'add':    ('managers',),
    'delete': ('managers',),
    'update': ('managers', 'owners',),
    }

# permissions for "meta" relation type (readable by anyone, can only be
# added/deleted by managers)
META_RTYPE_PERMS = {
    'read':   ('managers', 'users', 'guests',),
    'add':    ('managers',),
    'delete': ('managers',),
    }

# permissions for relation type that should only set by hooks using unsafe
# execute, readable by anyone
HOOKS_RTYPE_PERMS = {
    'read':   ('managers', 'users', 'guests',),
    'add':    (),
    'delete': (),
    }
cubicweb