Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[autoform] Allow overridding of permissions checks
authorDenis Laxalde <denis.laxalde@logilab.fr>
Thu, 01 Aug 2013 09:39:43 +0200
changeset 9376 2ed0d091e9b1
parent 9375 8e88576787c3
child 9377 4e0d8f06efbc
[autoform] Allow overridding of permissions checks Closes #3063930
web/views/autoform.py file | annotate | diff | comparison | revisions 
--- a/web/views/autoform.py	Wed Jan 08 12:09:44 2014 +0100
+++ b/web/views/autoform.py	Thu Aug 01 09:39:43 2013 +0200
@@ -892,23 +892,14 @@
                 formviews += self.inline_creation_form_view(rschema, ttype, role)
             # we can create more than one related entity, we thus display a link
             # to add new related entities
-            if self.should_display_add_new_relation_link(rschema, formviews, card):
-                rdef = entity.e_schema.rdef(rschema, role, ttype)
-                if entity.has_eid():
-                    if role == 'subject':
-                        rdefkwargs = {'fromeid': entity.eid}
-                    else:
-                        rdefkwargs = {'toeid': entity.eid}
-                else:
-                    rdefkwargs = {}
-                if (tschema.has_perm(self._cw, 'add')
-                    and rdef.has_perm(self._cw, 'add', **rdefkwargs)):
-                    addnewlink = self._cw.vreg['views'].select(
-                        'inline-addnew-link', self._cw,
-                        etype=ttype, rtype=rschema, role=role, card=card,
-                        peid=self.edited_entity.eid,
-                        petype=self.edited_entity.e_schema, pform=self)
-                    formviews.append(addnewlink)
+            if self.must_display_add_new_relation_link(rschema, role, tschema,
+                                                       ttype, formviews, card):
+                addnewlink = self._cw.vreg['views'].select(
+                    'inline-addnew-link', self._cw,
+                    etype=ttype, rtype=rschema, role=role, card=card,
+                    peid=self.edited_entity.eid,
+                    petype=self.edited_entity.e_schema, pform=self)
+                formviews.append(addnewlink)
             allformviews += formviews
         return allformviews
 
@@ -928,6 +919,36 @@
         """
         return not existant or card in '+*'
 
+    def must_display_add_new_relation_link(self, rschema, role, tschema,
+                                           ttype, existant, card):
+        """return true if we must add a link to add a new creation form
+        (through ajax call)
+
+        by default true if there is no related entity or if the relation has
+        multiple cardinality and it is permitted to add the inlined object and
+        relation.
+        """
+        return (self.should_display_add_new_relation_link(
+                    rschema, existant, card) and
+                self.check_inlined_rdef_permissions(
+                    rschema, role, tschema, ttype))
+
+    def check_inlined_rdef_permissions(self, rschema, role, tschema, ttype):
+        """return true if permissions are granted on the inlined object and
+        relation"""
+        entity = self.edited_entity
+        rdef = entity.e_schema.rdef(rschema, role, ttype)
+        if entity.has_eid():
+            if role == 'subject':
+                rdefkwargs = {'fromeid': entity.eid}
+            else:
+                rdefkwargs = {'toeid': entity.eid}
+        else:
+            rdefkwargs = {}
+        return (tschema.has_perm(self._cw, 'add')
+                and rdef.has_perm(self._cw, 'add', **rdefkwargs))
+
+
     def should_hide_add_new_relation_link(self, rschema, card):
         """return true if once an inlined creation form is added, the 'add new'
         link should be hidden
cubicweb