# HG changeset patch
# User Sandrine Ribeau <sandrine.ribeau@logilab.fr>
# Date 1241517308 25200
# Node ID 67162cb05b4b737433ca06bab42c749d1579e86b
# Parent  35861bfca7489f19272cdebd66c4d2cb1abdc388
[doc] Add FAQ entries based on answers from forum.

diff -r 35861bfca748 -r 67162cb05b4b doc/book/en/D010-faq.en.txt
--- a/doc/book/en/D010-faq.en.txt	Tue May 05 02:03:45 2009 -0700
+++ b/doc/book/en/D010-faq.en.txt	Tue May 05 02:55:08 2009 -0700
@@ -99,6 +99,60 @@
 
   [we use jquery and things on top of that]
 
+What is the CubicWeb datatype corresponding to GAE datastore's UserProperty?
+----------------------------------------------------------------------------
+
+  If you take a look at your application schema and
+  click on "display detailed view of metadata" you will see that there
+  is a Euser entity in there. That's the one that is modeling users. The
+  thing that corresponds to a UserProperty is a relationship between
+  your entity and the Euser entity. As in ::
+
+    class TodoItem(EntityType):
+       text = String()
+       todo_by = SubjectRelation('Euser')
+
+  [XXX check that cw handle users better by
+  mapping Google Accounts to local Euser entities automatically]
+
+
+How to implement security?
+--------------------------
+
+  This is an example of how it works in our framework::
+
+    class Version(EntityType):
+    """a version is defining the content of a particular project's
+    release"""
+    # definition of attributes is voluntarily missing
+    permissions = {'read': ('managers', 'users', 'guests',),
+                   'update': ('managers', 'logilab', 'owners',),
+                   'delete': ('managers', ),
+                   'add': ('managers', 'logilab',
+                        ERQLExpression('X version_of PROJ, U in_group G, PROJ
+                        require_permission P, P name "add_version", P require_group G'),)}
+
+  The above means that permission to read a Version is granted to any
+  user that is part of one of the groups 'managers', 'users', 'guests'.
+  The 'add' permission is granted to users in group 'managers' or
+  'logilab' and to users in group G, if G is linked by a permission
+  entity named "add_version" to the version's project.
+  ::
+
+    class version_of(RelationType):
+        """link a version to its project. A version is necessarily linked
+        to one and only one project. """
+        # some lines voluntarily missing
+        permissions = {'read': ('managers', 'users', 'guests',), 
+                       'delete': ('managers', ),
+                       'add': ('managers', 'logilab',
+                            RRQLExpression('O require_permission P, P name "add_version",
+                            'U in_group G, P require_group G'),) }
+
+  You can find additional information in the section :ref:`security`.
+
+  [XXX what does the second example means in addition to the first one?]
+
 `Error while publishing rest text ...`
 --------------------------------------