# HG changeset patch # User Sylvain Thénault # Date 1267541006 -3600 # Node ID 6bf17f8109755afeaf7946b04737f5d748069522 # Parent fac80328a6a31a10e5312bef6bb3a2ffe8933038 [schema] new constants for permissions definitions diff -r fac80328a6a3 -r 6bf17f810975 schema.py --- a/schema.py Tue Mar 02 14:39:06 2010 +0100 +++ b/schema.py Tue Mar 02 15:43:26 2010 +0100 @@ -63,6 +63,31 @@ ybo.RDEF_PROPERTIES += ('eid',) +PUB_SYSTEM_ENTITY_PERMS = { + 'read': ('managers', 'users', 'guests',), + 'add': ('managers',), + 'delete': ('managers',), + 'update': ('managers',), + } +PUB_SYSTEM_REL_PERMS = { + 'read': ('managers', 'users', 'guests',), + 'add': ('managers',), + 'delete': ('managers',), + } +PUB_SYSTEM_ATTR_PERMS = { + 'read': ('managers', 'users', 'guests',), + 'update': ('managers',), + } +RO_REL_PERMS = { + 'read': ('managers', 'users', 'guests',), + 'add': (), + 'delete': (), + } +RO_ATTR_PERMS = { + 'read': ('managers', 'users', 'guests',), + 'update': (), + } + # XXX same algorithm as in reorder_cubes and probably other place, # may probably extract a generic function def order_eschemas(eschemas): diff -r fac80328a6a3 -r 6bf17f810975 schemas/__init__.py --- a/schemas/__init__.py Tue Mar 02 14:39:06 2010 +0100 +++ b/schemas/__init__.py Tue Mar 02 15:43:26 2010 +0100 @@ -7,32 +7,19 @@ __docformat__ = "restructuredtext en" from rql.utils import quote -from cubicweb.schema import ERQLExpression, RRQLExpression +from cubicweb.schema import RO_REL_PERMS, RO_ATTR_PERMS, \ + PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, \ + ERQLExpression, RRQLExpression # permissions for "meta" entity type (readable by anyone, can only be # added/deleted by managers) -META_ETYPE_PERMS = { - 'read': ('managers', 'users', 'guests',), - 'add': ('managers',), - 'delete': ('managers',), - 'update': ('managers', 'owners',), - } - +META_ETYPE_PERMS = PUB_SYSTEM_ENTITY_PERMS # XXX deprecates # permissions for "meta" relation type (readable by anyone, can only be # added/deleted by managers) -META_RTYPE_PERMS = { - 'read': ('managers', 'users', 'guests',), - 'add': ('managers',), - 'delete': ('managers',), - } - +META_RTYPE_PERMS = PUB_SYSTEM_REL_PERMS # XXX deprecates # permissions for relation type that should only set by hooks using unsafe # execute, readable by anyone -HOOKS_RTYPE_PERMS = { - 'read': ('managers', 'users', 'guests',), - 'add': (), - 'delete': (), - } +HOOKS_RTYPE_PERMS = RO_REL_PERMS # XXX deprecates def _perm(names): if isinstance(names, (list, tuple)): diff -r fac80328a6a3 -r 6bf17f810975 schemas/base.py --- a/schemas/base.py Tue Mar 02 14:39:06 2010 +0100 +++ b/schemas/base.py Tue Mar 02 15:43:26 2010 +0100 @@ -10,9 +10,9 @@ from yams.buildobjs import (EntityType, RelationType, SubjectRelation, String, Datetime, Password) -from cubicweb.schema import (RQLConstraint, WorkflowableEntityType, - ERQLExpression, RRQLExpression) -from cubicweb.schemas import META_ETYPE_PERMS, META_RTYPE_PERMS +from cubicweb.schema import ( + RQLConstraint, WorkflowableEntityType, ERQLExpression, RRQLExpression, + PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, PUB_SYSTEM_ATTR_PERMS) class CWUser(WorkflowableEntityType): """define a CubicWeb user""" @@ -85,7 +85,7 @@ class in_group(RelationType): """core relation indicating a user's groups""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS class owned_by(RelationType): """core relation indicating owners of an entity. This relation @@ -155,7 +155,7 @@ class CWPermission(EntityType): """entity type that may be used to construct some advanced security configuration """ - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS name = String(required=True, indexed=True, internationalizable=True, maxsize=100, description=_('name or identifier of the permission')) @@ -170,11 +170,11 @@ """link a permission to the entity. This permission should be used in the security definition of the entity's type to be useful. """ - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS class require_group(RelationType): """used to grant a permission to a group""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS class ExternalUri(EntityType): diff -r fac80328a6a3 -r 6bf17f810975 schemas/bootstrap.py --- a/schemas/bootstrap.py Tue Mar 02 14:39:06 2010 +0100 +++ b/schemas/bootstrap.py Tue Mar 02 15:43:26 2010 +0100 @@ -10,14 +10,16 @@ from yams.buildobjs import (EntityType, RelationType, RelationDefinition, SubjectRelation, RichString, String, Boolean, Int) -from cubicweb.schema import RQLConstraint -from cubicweb.schemas import META_ETYPE_PERMS, META_RTYPE_PERMS +from cubicweb.schema import ( + RQLConstraint, + PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, PUB_SYSTEM_ATTR_PERMS + ) # not restricted since as "is" is handled as other relations, guests need # access to this class CWEType(EntityType): """define an entity type, used to build the instance schema""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS name = String(required=True, indexed=True, internationalizable=True, unique=True, maxsize=64) description = RichString(internationalizable=True, @@ -28,7 +30,7 @@ class CWRType(EntityType): """define a relation type, used to build the instance schema""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS name = String(required=True, indexed=True, internationalizable=True, unique=True, maxsize=64) description = RichString(internationalizable=True, @@ -48,7 +50,7 @@ used to build the instance schema """ - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS relation_type = SubjectRelation('CWRType', cardinality='1*', constraints=[RQLConstraint('O final TRUE')], composite='object') @@ -85,7 +87,7 @@ used to build the instance schema """ - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS relation_type = SubjectRelation('CWRType', cardinality='1*', constraints=[RQLConstraint('O final FALSE')], composite='object') @@ -116,7 +118,7 @@ # not restricted since it has to be read when checking allowed transitions class RQLExpression(EntityType): """define a rql expression used to define permissions""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS exprtype = String(required=True, vocabulary=['ERQLExpression', 'RRQLExpression']) mainvars = String(maxsize=8, description=_('name of the main variables which should be ' @@ -134,14 +136,14 @@ class CWConstraint(EntityType): """define a schema constraint""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS cstrtype = SubjectRelation('CWConstraintType', cardinality='1*') value = String(description=_('depends on the constraint type')) class CWConstraintType(EntityType): """define a schema constraint type""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS name = String(required=True, indexed=True, internationalizable=True, unique=True, maxsize=64) @@ -149,7 +151,7 @@ # not restricted since it has to be read when checking allowed transitions class CWGroup(EntityType): """define a CubicWeb users group""" - __permissions__ = META_ETYPE_PERMS + __permissions__ = PUB_SYSTEM_ENTITY_PERMS name = String(required=True, indexed=True, internationalizable=True, unique=True, maxsize=64) @@ -173,32 +175,32 @@ class relation_type(RelationType): """link a relation definition to its relation type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS inlined = True class from_entity(RelationType): """link a relation definition to its subject entity type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS inlined = True class to_entity(RelationType): """link a relation definition to its object entity type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS inlined = True class constrained_by(RelationType): """constraints applying on this relation""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS class cstrtype(RelationType): """constraint factory""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS inlined = True class read_permission_cwgroup(RelationDefinition): """groups allowed to read entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'read_permission' subject = ('CWEType', 'CWAttribute', 'CWRelation') object = 'CWGroup' @@ -206,7 +208,7 @@ class add_permission_cwgroup(RelationDefinition): """groups allowed to add entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'add_permission' subject = ('CWEType', 'CWRelation') object = 'CWGroup' @@ -214,7 +216,7 @@ class delete_permission_cwgroup(RelationDefinition): """groups allowed to delete entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'delete_permission' subject = ('CWEType', 'CWRelation') object = 'CWGroup' @@ -222,7 +224,7 @@ class update_permission_cwgroup(RelationDefinition): """groups allowed to update entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'update_permission' subject = ('CWEType', 'CWAttribute') object = 'CWGroup' @@ -230,7 +232,7 @@ class read_permission_rqlexpr(RelationDefinition): """rql expression allowing to read entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'read_permission' subject = ('CWEType', 'CWAttribute', 'CWRelation') object = 'RQLExpression' @@ -239,7 +241,7 @@ class add_permission_rqlexpr(RelationDefinition): """rql expression allowing to add entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'add_permission' subject = ('CWEType', 'CWRelation') object = 'RQLExpression' @@ -248,7 +250,7 @@ class delete_permission_rqlexpr(RelationDefinition): """rql expression allowing to delete entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'delete_permission' subject = ('CWEType', 'CWRelation') object = 'RQLExpression' @@ -257,7 +259,7 @@ class update_permission_rqlexpr(RelationDefinition): """rql expression allowing to update entities/relations of this type""" - __permissions__ = META_RTYPE_PERMS + __permissions__ = PUB_SYSTEM_REL_PERMS name = 'update_permission' subject = ('CWEType', 'CWAttribute') object = 'RQLExpression'