--- a/schemaviewer.py Tue Apr 28 19:12:52 2009 +0200
+++ b/schemaviewer.py Tue Apr 28 19:14:37 2009 +0200
@@ -157,7 +157,7 @@
return layout
_ = self.req._
if self.req.user.matching_groups('managers'):
- layout.append(self.format_acls(eschema, ('read', 'add', 'delete', 'update')))
+ # layout.append(self.format_acls(eschema, ('read', 'add', 'delete', 'update')))
# possible views for this entity type
views = [_(view.title) for view in self.possible_views(etype)]
layout.append(Section(children=(Table(cols=1, rheaders=1,
--- a/server/sources/rql2sql.py Tue Apr 28 19:12:52 2009 +0200
+++ b/server/sources/rql2sql.py Tue Apr 28 19:14:37 2009 +0200
@@ -951,6 +951,8 @@
if rel is not None:
rel._q_needcast = value
return self.keyword_map[value]()
+ if constant.type == 'Boolean':
+ value = self.dbms_helper.boolean_value(value)
if constant.type == 'Substitute':
_id = constant.value
if isinstance(_id, unicode):
--- a/web/data/cubicweb.acl.css Tue Apr 28 19:12:52 2009 +0200
+++ b/web/data/cubicweb.acl.css Tue Apr 28 19:14:37 2009 +0200
@@ -9,19 +9,90 @@
/* security edition form (views/management.py) */
/******************************************************************************/
+h2.schema{
+ background : #ff7700;
+ color: #fff;
+ font-weight: bold;
+ padding : 0.1em 0.3em;
+}
+
+
+h3.schema{
+ font-weight: bold;
+}
+
+h4 a,
+h4 a:link,
+h4 a:visited{
+ color:#000;
+ }
+
table.schemaInfo {
- margin: 1ex 1em;
+ margin: 1em 0em;
text-align: left;
border: 1px solid black;
border-collapse: collapse;
+ width:100%;
}
table.schemaInfo th,
table.schemaInfo td {
- padding: 0em 1em;
- border: 1px solid black;
+ padding: .3em .5em;
+ border: 1px solid grey;
+ width:33%;
+}
+
+
+table.schemaInfo tr th {
+ padding: 0.2em 0px 0.2em 5px;
+ background-image:none;
+ background-color:#dfdfdf;
+}
+
+table.schemaInfo thead tr {
+ border: 1px solid #dfdfdf;
+}
+
+table.schemaInfo td {
+ padding: 3px 10px 3px 5px;
+
}
+.users{
+ color : #00CC33;
+ font-weight: bold }
+
+.guests{
+ color : #ff7700;
+ font-weight: bold;
+}
+
+.staff{
+ color : #0083ab;
+ font-weight: bold;
+}
+
+.owners{
+ color : #8b0000;
+ font-weight: bold;
+}
+
+.discret,
+a.grey{
+ color:#666;
+}
+
+a.grey:hover{
+ color:#000;
+}
+
+.red{
+ color : #ff7700;
+ }
+
+div#schema_security{
+ width:780px;
+ }
/******************************************************************************/
/* user groups edition form (views/euser.py) */
/******************************************************************************/
--- a/web/data/external_resources Tue Apr 28 19:12:52 2009 +0200
+++ b/web/data/external_resources Tue Apr 28 19:14:37 2009 +0200
@@ -52,3 +52,4 @@
DOWNLOAD_ICON = DATADIR/download.gif
UPLOAD_ICON = DATADIR/upload.gif
GMARKER_ICON = DATADIR/gmap_blue_marker.png
+UP_ICON = DATADIR/up.gif
Binary file web/data/up.gif has changed
--- a/web/views/management.py Tue Apr 28 19:12:52 2009 +0200
+++ b/web/views/management.py Tue Apr 28 19:14:37 2009 +0200
@@ -22,8 +22,47 @@
SUBMIT_MSGID = _('Submit bug report')
MAIL_SUBMIT_MSGID = _('Submit bug report by mail')
+class SecurityViewMixIn(object):
+ """display security information for a given schema """
+ def schema_definition(self, eschema, link=True, access_types=None):
+ w = self.w
+ _ = self.req._
+ if not access_types:
+ access_types = eschema.ACTIONS
+ w(u'<table class="schemaInfo">')
+ w(u'<tr><th>%s</th><th>%s</th><th>%s</th></tr>' % (
+ _("permission"), _('granted to groups'), _('rql expressions')))
+ for access_type in access_types:
+ w(u'<tr>')
+ w(u'<td>%s</td>' % _('%s_perm' % access_type))
+ groups = eschema.get_groups(access_type)
+ l = []
+ groups = [(_(group), group) for group in groups]
+ for trad, group in sorted(groups):
+ if link:
+ l.append(u'<a href="%s" class="%s">%s</a><br/>' % (
+ self.build_url('egroup/%s' % group), group, trad))
+ else:
+ l.append(u'<div class="%s">%s</div>' % (group, trad))
+ w(u'<td>%s</td>' % u''.join(l))
+ rqlexprs = eschema.get_rqlexprs(access_type)
+ w(u'<td>%s</td>' % u'<br/><br/>'.join(expr.expression for expr in rqlexprs))
+ w(u'</tr>\n')
+ w(u'</table>')
-class SecurityManagementView(EntityView):
+ def has_schema_modified_permissions(self, eschema, access_types):
+ """ return True if eschema's actual permissions are diffrents
+ from the default ones
+ """
+ for access_type in access_types:
+ if eschema.get_rqlexprs(access_type):
+ return True
+ if eschema.get_groups(access_type) != \
+ frozenset(eschema.get_default_groups()[access_type]):
+ return True
+ return False
+
+class SecurityManagementView(EntityView, SecurityViewMixIn):
"""display security information for a given entity"""
id = 'security'
title = _('security')
@@ -40,7 +79,7 @@
html_escape(entity.dc_title())))
# first show permissions defined by the schema
self.w('<h2>%s</h2>' % _('schema\'s permissions definitions'))
- self.schema_definition(entity)
+ self.schema_definition(entity.e_schema)
self.w('<h2>%s</h2>' % _('manage security'))
# ownership information
if self.schema.rschema('owned_by').has_perm(self.req, 'add',
@@ -56,26 +95,6 @@
if reqpermschema.has_perm(self.req, 'add', fromeid=entity.eid):
self.require_permission_edit_form(entity)
- def schema_definition(self, entity):
- w = self.w
- _ = self.req._
- w(u'<table class="schemaInfo">')
- w(u'<tr><th>%s</th><th>%s</th><th>%s</th></tr>' % (
- _("access type"), _('granted to groups'), _('rql expressions')))
- for access_type in ('read', 'add', 'update', 'delete'):
- w(u'<tr>')
- w(u'<th>%s</th>' % self.req.__('%s_permission' % access_type))
- groups = entity.e_schema.get_groups(access_type)
- l = []
- for group in groups:
- l.append(u'<a href="%s">%s</a>' % (
- self.build_url('egroup/%s' % group), _(group)))
- w(u'<td>%s</td>' % u', '.join(l))
- rqlexprs = entity.e_schema.get_rqlexprs(access_type)
- w(u'<td>%s</td>' % u'<br/>'.join(expr.expression for expr in rqlexprs))
- w(u'</tr>\n')
- w(u'</table>')
-
def owned_by_edit_form(self, entity):
self.w('<h3>%s</h3>' % self.req._('ownership'))
msg = self.req._('ownerships have been changed')
--- a/web/views/startup.py Tue Apr 28 19:12:52 2009 +0200
+++ b/web/views/startup.py Tue Apr 28 19:14:37 2009 +0200
@@ -10,10 +10,12 @@
from logilab.common.textutils import unormalize
from logilab.mtconverter import html_escape
-from cubicweb.view import StartupView
-from cubicweb.common.uilib import ureport_as_html, ajax_replace_url
+from cubicweb.common.uilib import ureport_as_html, unormalize, ajax_replace_url
+from cubicweb.common.view import StartupView
+from cubicweb.common.selectors import match_user_group
from cubicweb.web.httpcache import EtagHTTPCacheManager
-
+from cubicweb.web.views.management import SecurityViewMixIn
+from copy import deepcopy
_ = unicode
@@ -159,25 +161,135 @@
def call(self):
"""display schema information"""
self.req.add_js('cubicweb.ajax.js')
- self.req.add_css('cubicweb.schema.css')
+ self.req.add_css(('cubicweb.schema.css','cubicweb.acl.css'))
withmeta = int(self.req.form.get('withmeta', 0))
+ section = self.req.form.get('sec', '')
self.w(u'<img src="%s" alt="%s"/>\n' % (
html_escape(self.req.build_url('view', vid='schemagraph', withmeta=withmeta)),
self.req._("graphical representation of the application'schema")))
if withmeta:
self.w(u'<div><a href="%s">%s</a></div>' % (
- self.build_url('schema', withmeta=0),
+ html_escape(self.build_url('schema', withmeta=0, sec=section)),
self.req._('hide meta-data')))
else:
self.w(u'<div><a href="%s">%s</a></div>' % (
- self.build_url('schema', withmeta=1),
+ html_escape(self.build_url('schema', withmeta=1, sec=section)),
self.req._('show meta-data')))
- self.w(u'<div id="detailed_schema"><a href="%s">%s</a></div>' %
+ self.w(u'<a href="%s">%s</a><br/>' %
(html_escape(ajax_replace_url('detailed_schema', '', 'schematext',
skipmeta=int(not withmeta))),
self.req._('detailed schema view')))
+ if self.req.user.matching_groups('managers'):
+ self.w(u'<a href="%s">%s</a>' %
+ (html_escape(ajax_replace_url('detailed_schema', '', 'schema_security',
+ skipmeta=int(not withmeta))),
+ self.req._('security')))
+ self.w(u'<div id="detailed_schema">')
+ if section:
+ self.wview(section, None)
+ self.w(u'</div>')
+
+
+class ManagerSchemaPermissionsView(StartupView, SecurityViewMixIn):
+ id = 'schema_security'
+ require_groups = ('managers',)
+ __selectors__ = StartupView.__selectors__ + (match_user_group,)
+
+ def call(self, display_relations=True,
+ skiprels=('is', 'is_instance_of', 'identity', 'owned_by', 'created_by')):
+ _ = self.req._
+ formparams = {}
+ formparams['sec'] = self.id
+ formparams['withmeta'] = int(self.req.form.get('withmeta', True))
+ schema = self.schema
+ # compute entities
+ entities = [eschema for eschema in schema.entities()
+ if not eschema.is_final()]
+ if not formparams['withmeta']:
+ entities = [eschema for eschema in entities
+ if not eschema.meta]
+ # compute relations
+ relations = []
+ if display_relations:
+ relations = [rschema for rschema in schema.relations()
+ if not (rschema.is_final() or rschema.type in skiprels)]
+ if not formparams['withmeta']:
+ relations = [rschema for rschema in relations
+ if not rschema.meta]
+ # index
+ self.w(u'<div id="schema_security"><a id="index" href="index"/>')
+ self.w(u'<h2 class="schema">%s</h2>' % _('index').capitalize())
+ self.w(u'<h4>%s</h4>' % _('Entities').capitalize())
+ ents = []
+ for eschema in sorted(entities):
+ url = html_escape(self.build_url('schema', **formparams) + '#' + eschema.type)
+ ents.append(u'<a class="grey" href="%s">%s</a> (%s)' % (url, eschema.type, _(eschema.type)))
+ self.w('%s' % ', '.join(ents))
+ self.w(u'<h4>%s</h4>' % (_('relations').capitalize()))
+ rels = []
+ for eschema in sorted(relations):
+ url = html_escape(self.build_url('schema', **formparams) + '#' + eschema.type)
+ rels.append(u'<a class="grey" href="%s">%s</a> (%s), ' % (url , eschema.type, _(eschema.type)))
+ self.w('%s' % ', '.join(ents))
+ # entities
+ self.display_entities(entities, formparams)
+ # relations
+ if relations:
+ self.display_relations(relations, formparams)
+ self.w(u'</div>')
+
+ def display_entities(self, entities, formparams):
+ _ = self.req._
+ self.w(u'<a id="entities" href="entities"/>')
+ self.w(u'<h2 class="schema">%s</h2>' % _('permissions for entities').capitalize())
+ for eschema in sorted(entities):
+ self.w(u'<a id="%s" href="%s"/>' % (eschema.type, eschema.type))
+ self.w(u'<h3 class="schema">%s (%s) ' % (eschema.type, _(eschema.type)))
+ url = html_escape(self.build_url('schema', **formparams) + '#index')
+ self.w(u'<a href="%s"><img src="%s" alt="%s"/></a>' % (url, self.req.external_resource('UP_ICON'), _('up')))
+ self.w(u'</h3>')
+ self.w(u'<div style="margin: 0px 1.5em">')
+ self.schema_definition(eschema, link=False)
+
+ # display entity attributes only if they have some permissions modified
+ modified_attrs = []
+ for attr, etype in eschema.attribute_definitions():
+ if self.has_schema_modified_permissions(attr, attr.ACTIONS):
+ modified_attrs.append(attr)
+ if modified_attrs:
+ self.w(u'<h4>%s</h4>' % _('attributes with modified permissions:').capitalize())
+ self.w(u'</div>')
+ self.w(u'<div style="margin: 0px 6em">')
+ for attr in modified_attrs:
+ self.w(u'<h4 class="schema">%s (%s)</h4> ' % (attr.type, _(attr.type)))
+ self.schema_definition(attr, link=False)
+ self.w(u'</div>')
+ else:
+ self.w(u'</div>')
+ def display_relations(self, relations, formparams):
+ _ = self.req._
+ self.w(u'<a id="relations" href="relations"/>')
+ self.w(u'<h2 class="schema">%s </h2>' % _('permissions for relations').capitalize())
+ for rschema in sorted(relations):
+ self.w(u'<a id="%s" href="%s"/>' % (rschema.type, rschema.type))
+ self.w(u'<h3 class="schema">%s (%s) ' % (rschema.type, _(rschema.type)))
+ url = html_escape(self.build_url('schema', **formparams) + '#index')
+ self.w(u'<a href="%s"><img src="%s" alt="%s"/></a>' % (url, self.req.external_resource('UP_ICON'), _('up')))
+ self.w(u'</h3>')
+ self.w(u'<div style="margin: 0px 1.5em">')
+ subjects = [str(subj) for subj in rschema.subjects()]
+ self.w(u'<div><strong>%s</strong> %s (%s)</div>' % (_('subject_plural:'),
+ ', '.join( [str(subj) for subj in rschema.subjects()]),
+ ', '.join( [_(str(subj)) for subj in rschema.subjects()])))
+ self.w(u'<div><strong>%s</strong> %s (%s)</div>' % (_('object_plural:'),
+ ', '.join( [str(obj) for obj in rschema.objects()]),
+ ', '.join( [_(str(obj)) for obj in rschema.objects()])))
+ self.schema_definition(rschema, link=False)
+ self.w(u'</div>')
+
+
class SchemaUreportsView(StartupView):
id = 'schematext'