[schema] restrictive email address read permission. Closes #2148141
You may have to update your application schema if you were based on previous settings!
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/3.15.rst Wed Jan 11 18:29:21 2012 +0100
@@ -0,0 +1,33 @@
+Whats new in CubicWeb 3.15
+==========================
+
+
+API changes
+-----------
+
+
+
+Unintrusive API changes
+-----------------------
+
+
+
+RQL
+---
+
+
+
+User interface changes
+----------------------
+
+
+
+Configuration
+-------------
+
+Base schema changes
+-------------------
+Email address 'read' permission is now more restrictive: only managers and
+users to which an address belong may see them. Application that wish other
+settings should set them explicitly.
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/migration/3.15.0_Any.py Wed Jan 11 18:29:21 2012 +0100
@@ -0,0 +1,1 @@
+sync_schema_props_perms('EmailAddress')
--- a/schemas/base.py Tue Jan 10 16:33:27 2012 +0100
+++ b/schemas/base.py Wed Jan 11 18:29:21 2012 +0100
@@ -51,7 +51,9 @@
class EmailAddress(EntityType):
"""an electronic mail address associated to a short alias"""
__permissions__ = {
- 'read': ('managers', 'users', 'guests',), # XXX if P use_email X, U has_read_permission P
+ # application that wishes public email, or use it for something else
+ # than users (eg Company, Person), should explicitly change permissions
+ 'read': ('managers', ERQLExpression('U use_email X')),
'add': ('managers', 'users',),
'delete': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')),
'update': ('managers', 'owners', ERQLExpression('P use_email X, U has_update_permission P')),