# HG changeset patch # User Sylvain Thénault # Date 1263465428 -3600 # Node ID 2621de25d15a8abb31e8f13706a59bf4d07ecfc9 # Parent b4b39745d26e3c5b610e43200e012e8911d205c6 backport tracker permission utility functions into the cw.schemas package diff -r b4b39745d26e -r 2621de25d15a schemas/__init__.py --- a/schemas/__init__.py Thu Jan 14 11:28:32 2010 +0100 +++ b/schemas/__init__.py Thu Jan 14 11:37:08 2010 +0100 @@ -1,3 +1,14 @@ +"""some utilities to define schema permissions + +:organization: Logilab +:copyright: 2008 LOGILAB S.A. (Paris, FRANCE), all rights reserved. +:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr +""" +__docformat__ = "restructuredtext en" + +from rql.utils import quote +from cubicweb.schema import ERQLExpression, RRQLExpression + # permissions for "meta" entity type (readable by anyone, can only be # added/deleted by managers) META_ETYPE_PERMS = { @@ -22,3 +33,60 @@ 'add': (), 'delete': (), } + +def _perm(names): + if isinstance(names, (list, tuple)): + if len(names) == 1: + names = quote(names[0]) + else: + names = 'IN (%s)' % (','.join(quote(name) for name in names)) + else: + names = quote(names) + #return u' require_permission P, P name %s, U in_group G, P require_group G' % names + return u' require_permission P, P name %s, U has_group_permission P' % names + + +def xperm(*names): + return 'X' + _perm(names) + +def xexpr(*names): + return ERQLExpression(xperm(*names)) + +def xrexpr(relation, *names): + return ERQLExpression('X %s Y, Y %s' % (relation, _perm(names))) + +def xorexpr(relation, etype, *names): + return ERQLExpression('Y %s X, X is %s, Y %s' % (relation, etype, _perm(names))) + + +def sexpr(*names): + return RRQLExpression('S' + _perm(names), 'S') + +def restricted_sexpr(restriction, *names): + rql = '%s, %s' % (restriction, 'S' + _perm(names)) + return RRQLExpression(rql, 'S') + +def restricted_oexpr(restriction, *names): + rql = '%s, %s' % (restriction, 'O' + _perm(names)) + return RRQLExpression(rql, 'O') + +def oexpr(*names): + return RRQLExpression('O' + _perm(names), 'O') + + +# def supdate_perm(): +# return RRQLExpression('U has_update_permission S', 'S') + +# def oupdate_perm(): +# return RRQLExpression('U has_update_permission O', 'O') + +def relxperm(rel, role, *names): + assert role in ('subject', 'object') + if role == 'subject': + zxrel = ', X %s Z' % rel + else: + zxrel = ', Z %s X' % rel + return 'Z' + _perm(names) + zxrel + +def relxexpr(rel, role, *names): + return ERQLExpression(relxperm(rel, role, *names))