--- a/schema.py Tue Mar 02 14:39:06 2010 +0100
+++ b/schema.py Tue Mar 02 15:43:26 2010 +0100
@@ -63,6 +63,31 @@
ybo.RDEF_PROPERTIES += ('eid',)
+PUB_SYSTEM_ENTITY_PERMS = {
+ 'read': ('managers', 'users', 'guests',),
+ 'add': ('managers',),
+ 'delete': ('managers',),
+ 'update': ('managers',),
+ }
+PUB_SYSTEM_REL_PERMS = {
+ 'read': ('managers', 'users', 'guests',),
+ 'add': ('managers',),
+ 'delete': ('managers',),
+ }
+PUB_SYSTEM_ATTR_PERMS = {
+ 'read': ('managers', 'users', 'guests',),
+ 'update': ('managers',),
+ }
+RO_REL_PERMS = {
+ 'read': ('managers', 'users', 'guests',),
+ 'add': (),
+ 'delete': (),
+ }
+RO_ATTR_PERMS = {
+ 'read': ('managers', 'users', 'guests',),
+ 'update': (),
+ }
+
# XXX same algorithm as in reorder_cubes and probably other place,
# may probably extract a generic function
def order_eschemas(eschemas):
--- a/schemas/__init__.py Tue Mar 02 14:39:06 2010 +0100
+++ b/schemas/__init__.py Tue Mar 02 15:43:26 2010 +0100
@@ -7,32 +7,19 @@
__docformat__ = "restructuredtext en"
from rql.utils import quote
-from cubicweb.schema import ERQLExpression, RRQLExpression
+from cubicweb.schema import RO_REL_PERMS, RO_ATTR_PERMS, \
+ PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, \
+ ERQLExpression, RRQLExpression
# permissions for "meta" entity type (readable by anyone, can only be
# added/deleted by managers)
-META_ETYPE_PERMS = {
- 'read': ('managers', 'users', 'guests',),
- 'add': ('managers',),
- 'delete': ('managers',),
- 'update': ('managers', 'owners',),
- }
-
+META_ETYPE_PERMS = PUB_SYSTEM_ENTITY_PERMS # XXX deprecates
# permissions for "meta" relation type (readable by anyone, can only be
# added/deleted by managers)
-META_RTYPE_PERMS = {
- 'read': ('managers', 'users', 'guests',),
- 'add': ('managers',),
- 'delete': ('managers',),
- }
-
+META_RTYPE_PERMS = PUB_SYSTEM_REL_PERMS # XXX deprecates
# permissions for relation type that should only set by hooks using unsafe
# execute, readable by anyone
-HOOKS_RTYPE_PERMS = {
- 'read': ('managers', 'users', 'guests',),
- 'add': (),
- 'delete': (),
- }
+HOOKS_RTYPE_PERMS = RO_REL_PERMS # XXX deprecates
def _perm(names):
if isinstance(names, (list, tuple)):
--- a/schemas/base.py Tue Mar 02 14:39:06 2010 +0100
+++ b/schemas/base.py Tue Mar 02 15:43:26 2010 +0100
@@ -10,9 +10,9 @@
from yams.buildobjs import (EntityType, RelationType, SubjectRelation,
String, Datetime, Password)
-from cubicweb.schema import (RQLConstraint, WorkflowableEntityType,
- ERQLExpression, RRQLExpression)
-from cubicweb.schemas import META_ETYPE_PERMS, META_RTYPE_PERMS
+from cubicweb.schema import (
+ RQLConstraint, WorkflowableEntityType, ERQLExpression, RRQLExpression,
+ PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, PUB_SYSTEM_ATTR_PERMS)
class CWUser(WorkflowableEntityType):
"""define a CubicWeb user"""
@@ -85,7 +85,7 @@
class in_group(RelationType):
"""core relation indicating a user's groups"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
class owned_by(RelationType):
"""core relation indicating owners of an entity. This relation
@@ -155,7 +155,7 @@
class CWPermission(EntityType):
"""entity type that may be used to construct some advanced security configuration
"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True, maxsize=100,
description=_('name or identifier of the permission'))
@@ -170,11 +170,11 @@
"""link a permission to the entity. This permission should be used in the
security definition of the entity's type to be useful.
"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
class require_group(RelationType):
"""used to grant a permission to a group"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
class ExternalUri(EntityType):
--- a/schemas/bootstrap.py Tue Mar 02 14:39:06 2010 +0100
+++ b/schemas/bootstrap.py Tue Mar 02 15:43:26 2010 +0100
@@ -10,14 +10,16 @@
from yams.buildobjs import (EntityType, RelationType, RelationDefinition,
SubjectRelation, RichString, String, Boolean, Int)
-from cubicweb.schema import RQLConstraint
-from cubicweb.schemas import META_ETYPE_PERMS, META_RTYPE_PERMS
+from cubicweb.schema import (
+ RQLConstraint,
+ PUB_SYSTEM_ENTITY_PERMS, PUB_SYSTEM_REL_PERMS, PUB_SYSTEM_ATTR_PERMS
+ )
# not restricted since as "is" is handled as other relations, guests need
# access to this
class CWEType(EntityType):
"""define an entity type, used to build the instance schema"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True,
unique=True, maxsize=64)
description = RichString(internationalizable=True,
@@ -28,7 +30,7 @@
class CWRType(EntityType):
"""define a relation type, used to build the instance schema"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True,
unique=True, maxsize=64)
description = RichString(internationalizable=True,
@@ -48,7 +50,7 @@
used to build the instance schema
"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
relation_type = SubjectRelation('CWRType', cardinality='1*',
constraints=[RQLConstraint('O final TRUE')],
composite='object')
@@ -85,7 +87,7 @@
used to build the instance schema
"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
relation_type = SubjectRelation('CWRType', cardinality='1*',
constraints=[RQLConstraint('O final FALSE')],
composite='object')
@@ -116,7 +118,7 @@
# not restricted since it has to be read when checking allowed transitions
class RQLExpression(EntityType):
"""define a rql expression used to define permissions"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
exprtype = String(required=True, vocabulary=['ERQLExpression', 'RRQLExpression'])
mainvars = String(maxsize=8,
description=_('name of the main variables which should be '
@@ -134,14 +136,14 @@
class CWConstraint(EntityType):
"""define a schema constraint"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
cstrtype = SubjectRelation('CWConstraintType', cardinality='1*')
value = String(description=_('depends on the constraint type'))
class CWConstraintType(EntityType):
"""define a schema constraint type"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True,
unique=True, maxsize=64)
@@ -149,7 +151,7 @@
# not restricted since it has to be read when checking allowed transitions
class CWGroup(EntityType):
"""define a CubicWeb users group"""
- __permissions__ = META_ETYPE_PERMS
+ __permissions__ = PUB_SYSTEM_ENTITY_PERMS
name = String(required=True, indexed=True, internationalizable=True,
unique=True, maxsize=64)
@@ -173,32 +175,32 @@
class relation_type(RelationType):
"""link a relation definition to its relation type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
inlined = True
class from_entity(RelationType):
"""link a relation definition to its subject entity type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
inlined = True
class to_entity(RelationType):
"""link a relation definition to its object entity type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
inlined = True
class constrained_by(RelationType):
"""constraints applying on this relation"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
class cstrtype(RelationType):
"""constraint factory"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
inlined = True
class read_permission_cwgroup(RelationDefinition):
"""groups allowed to read entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'read_permission'
subject = ('CWEType', 'CWAttribute', 'CWRelation')
object = 'CWGroup'
@@ -206,7 +208,7 @@
class add_permission_cwgroup(RelationDefinition):
"""groups allowed to add entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'add_permission'
subject = ('CWEType', 'CWRelation')
object = 'CWGroup'
@@ -214,7 +216,7 @@
class delete_permission_cwgroup(RelationDefinition):
"""groups allowed to delete entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'delete_permission'
subject = ('CWEType', 'CWRelation')
object = 'CWGroup'
@@ -222,7 +224,7 @@
class update_permission_cwgroup(RelationDefinition):
"""groups allowed to update entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'update_permission'
subject = ('CWEType', 'CWAttribute')
object = 'CWGroup'
@@ -230,7 +232,7 @@
class read_permission_rqlexpr(RelationDefinition):
"""rql expression allowing to read entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'read_permission'
subject = ('CWEType', 'CWAttribute', 'CWRelation')
object = 'RQLExpression'
@@ -239,7 +241,7 @@
class add_permission_rqlexpr(RelationDefinition):
"""rql expression allowing to add entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'add_permission'
subject = ('CWEType', 'CWRelation')
object = 'RQLExpression'
@@ -248,7 +250,7 @@
class delete_permission_rqlexpr(RelationDefinition):
"""rql expression allowing to delete entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'delete_permission'
subject = ('CWEType', 'CWRelation')
object = 'RQLExpression'
@@ -257,7 +259,7 @@
class update_permission_rqlexpr(RelationDefinition):
"""rql expression allowing to update entities/relations of this type"""
- __permissions__ = META_RTYPE_PERMS
+ __permissions__ = PUB_SYSTEM_REL_PERMS
name = 'update_permission'
subject = ('CWEType', 'CWAttribute')
object = 'RQLExpression'