diff -r 3c6569be1f86 -r 6c4f109c2b03 schemas/__init__.py --- a/schemas/__init__.py Mon Jan 18 19:05:08 2010 +0100 +++ b/schemas/__init__.py Mon Jan 18 19:21:30 2010 +0100 @@ -1,3 +1,14 @@ +"""some utilities to define schema permissions + +:organization: Logilab +:copyright: 2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved. +:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr +""" +__docformat__ = "restructuredtext en" + +from rql.utils import quote +from cubicweb.schema import ERQLExpression, RRQLExpression + # permissions for "meta" entity type (readable by anyone, can only be # added/deleted by managers) META_ETYPE_PERMS = { @@ -22,3 +33,60 @@ 'add': (), 'delete': (), } + +def _perm(names): + if isinstance(names, (list, tuple)): + if len(names) == 1: + names = quote(names[0]) + else: + names = 'IN (%s)' % (','.join(quote(name) for name in names)) + else: + names = quote(names) + #return u' require_permission P, P name %s, U in_group G, P require_group G' % names + return u' require_permission P, P name %s, U has_group_permission P' % names + + +def xperm(*names): + return 'X' + _perm(names) + +def xexpr(*names): + return ERQLExpression(xperm(*names)) + +def xrexpr(relation, *names): + return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names))) + +def xorexpr(relation, etype, *names): + return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names))) + + +def sexpr(*names): + return RRQLExpression('S' + _perm(names), 'S') + +def restricted_sexpr(restriction, *names): + rql = '%s, %s' % (restriction, 'S' + _perm(names)) + return RRQLExpression(rql, 'S') + +def restricted_oexpr(restriction, *names): + rql = '%s, %s' % (restriction, 'O' + _perm(names)) + return RRQLExpression(rql, 'O') + +def oexpr(*names): + return RRQLExpression('O' + _perm(names), 'O') + + +# def supdate_perm(): +# return RRQLExpression('U has_update_permission S', 'S') + +# def oupdate_perm(): +# return RRQLExpression('U has_update_permission O', 'O') + +def relxperm(rel, role, *names): + assert role in ('subject', 'object') + if role == 'subject': + zxrel = ', X %s Z' % rel + else: + zxrel = ', Z %s X' % rel + return 'Z' + _perm(names) + zxrel + +def relxexpr(rel, role, *names): + return ERQLExpression(relxperm(rel, role, *names))