示例#1
0
class EmailAddress(EntityType):
    """an electronic mail address associated to a short alias"""
    __permissions__ = {
        # application that wishes public email, or use it for something else
        # than users (eg Company, Person), should explicitly change permissions
        'read': ('managers', ERQLExpression('U use_email X')),
        'add': (
            'managers',
            'users',
        ),
        'delete': ('managers', 'owners',
                   ERQLExpression('P use_email X, U has_update_permission P')),
        'update': ('managers', 'owners',
                   ERQLExpression('P use_email X, U has_update_permission P')),
    }

    alias = String(fulltextindexed=True, maxsize=56)
    address = String(required=True,
                     fulltextindexed=True,
                     indexed=True,
                     unique=True,
                     maxsize=128)
    prefered_form = SubjectRelation(
        'EmailAddress',
        cardinality='?*',
        description=_('when multiple addresses are equivalent \
(such as [email protected] and [email protected]), set this \
to indicate which is the preferred form.'))
示例#2
0
class CWUser(WorkflowableEntityType):
    """define a CubicWeb user"""
    __permissions__ = {
        'read': ('managers', 'users', ERQLExpression('X identity U')),
        'add': ('managers', ),
        'delete': ('managers', ),
        'update': (
            'managers',
            ERQLExpression('X identity U, NOT U in_group G, G name "guests"'),
        ),
    }

    login = String(
        required=True,
        unique=True,
        maxsize=64,
        description=_('unique identifier used to connect to the application'))
    upassword = Password(
        required=True)  # password is a reserved word for mysql
    firstname = String(maxsize=64)
    surname = String(maxsize=64)
    last_login_time = TZDatetime(description=_('last connection date'))
    in_group = SubjectRelation(
        'CWGroup',
        cardinality='+*',
        constraints=[RQLConstraint('NOT O name "owners"')],
        description=_('groups grant permissions to the user'))
示例#3
0
 def test_expression(self):
     expr = ERQLExpression('U use_email X')
     rql, found, keyarg = expr.transform_has_permission()
     self.assertEqual(
         rql, 'Any X WHERE EXISTS(U use_email X, X eid %(x)s, U eid %(u)s)')
     self.assertEqual(found, None)
     self.assertEqual(keyarg, None)
示例#4
0
class Affaire(WorkflowableEntityType):
    __permissions__ = {
        'read': ('managers', ERQLExpression('X owned_by U'),
                 ERQLExpression('X concerne S?, S owned_by U')),
        'add': ('managers', ERQLExpression('X concerne S, S owned_by U')),
        'update':
        ('managers', 'owners',
         ERQLExpression('X in_state S, S name in ("pitetre", "en cours")')),
        'delete':
        ('managers', 'owners', ERQLExpression('X concerne S, S owned_by U')),
    }

    ref = String(fulltextindexed=True,
                 indexed=True,
                 constraints=[SizeConstraint(16)])
    sujet = String(fulltextindexed=True, constraints=[SizeConstraint(256)])
    descr = RichString(fulltextindexed=True,
                       description=_('more detailed description'))

    duration = Int()
    invoiced = Float()
    opt_attr = Bytes()

    depends_on = SubjectRelation('Affaire')
    require_permission = SubjectRelation('CWPermission')
    concerne = SubjectRelation(('Societe', 'Note'))
    todo_by = SubjectRelation('Personne', cardinality='?*')
    documented_by = SubjectRelation('Card')
示例#5
0
class Note(WorkflowableEntityType):
    date = String(maxsize=10)
    type = String(vocabulary=[u'todo', u'a', u'b', u'T', u'lalala'])
    para = String(maxsize=512,
                  __permissions__={
                      'add': ('managers',
                              ERQLExpression('X in_state S, S name "todo"')),
                      'read': ('managers', 'users', 'guests'),
                      'update':
                      ('managers',
                       ERQLExpression('X in_state S, S name "todo"')),
                  })
    something = String(maxsize=1,
                       __permissions__={
                           'read': ('managers', 'users', 'guests'),
                           'add': (ERQLExpression('NOT X para NULL'), ),
                           'update': ('managers', 'owners')
                       })
    migrated_from = SubjectRelation('Note')
    attachment = SubjectRelation('File')
    inline1 = SubjectRelation('Affaire',
                              inlined=True,
                              cardinality='?*',
                              constraints=[
                                  RQLUniqueConstraint(
                                      'S type T, S inline1 A1, A1 todo_by C, '
                                      'Y type T, Y inline1 A2, A2 todo_by C',
                                      'S,Y')
                              ])
    todo_by = SubjectRelation('CWUser')
示例#6
0
文件: schema.py 项目: zogzog/cubicweb
class Societe(EntityType):
    __permissions__ = {
        'read': ('managers', 'users', 'guests'),
        'update': ('managers', 'owners', ERQLExpression('U login L, X nom L')),
        'delete': ('managers', 'owners', ERQLExpression('U login L, X nom L')),
        'add': ('managers', 'users',)
        }
    nom = String()
示例#7
0
def project(etypeclass):
    """ decorator for the in-project entity types
    Sets the permissions
    """
    etypeclass.__permissions__ = {
        'read': ('managers', ERQLExpression('U canread P, X project P')),
        'add': ('managers', 'users'),  # can't really do it there
        'update': ('managers', ERQLExpression('U canwrite P, X project P')),
        'delete': ('managers', ERQLExpression('U canwrite P, X project P'))
    }
    return etypeclass
示例#8
0
文件: schema.py 项目: zogzog/cubicweb
class Affaire(EntityType):
    __permissions__ = {
        'read':   ('managers',
                   ERQLExpression('X owned_by U'), ERQLExpression('X concerne S?, S owned_by U')),
        'add':    ('managers', ERQLExpression('X concerne S, S owned_by U')),
        'update': ('managers', 'owners', ERQLExpression('X in_state S, S name in ("pitetre", "en cours")')),
        'delete': ('managers', 'owners', ERQLExpression('X concerne S, S owned_by U')),
        }
    ref = String(fulltextindexed=True, indexed=True, maxsize=16)
    documented_by = SubjectRelation('Card', cardinality='1*')
    concerne = SubjectRelation(('Societe', 'Note'), cardinality='1*')
示例#9
0
class Project(EntityType):
    name = String(required=True, fulltextindexed=True)
    __permissions__ = {
        'read': ('managers', ERQLExpression('X owned_by U'),
                 ERQLExpression('U canread X')),
        'add': ('managers', 'users'),
        'update': ('managers', ERQLExpression('U canwrite X')),
        'delete': ('managers', ERQLExpression('U canwrite X'))
    }
    subproject_of = SubjectRelation('Project',
                                    composite='object',
                                    inlined=True,
                                    cardinality='?*')
示例#10
0
 def test_erqlexpression(self):
     self.assertRaises(RQLSyntaxError, ERQLExpression, '1')
     expr = ERQLExpression('X travaille S, S owned_by U')
     self.assertEqual(
         str(expr),
         'Any X WHERE X travaille S, S owned_by U, X eid %(x)s, U eid %(u)s'
     )
     expr = ERQLExpression(
         'X foo S, S bar U, X baz XE, S quux SE HAVING XE > SE')
     self.assertEqual(
         str(expr),
         'Any X WHERE X foo S, S bar U, X baz XE, S quux SE, X eid %(x)s, '
         'U eid %(u)s HAVING XE > SE')
示例#11
0
文件: schema.py 项目: zogzog/cubicweb
class Affaire(EntityType):
    __permissions__ = {
        'read':   ('managers', 'users', 'guests'),
        'add':    ('managers', ERQLExpression('X concerne S, S owned_by U')),
        'update': ('managers', 'owners', ERQLExpression('X concerne S, S owned_by U')),
        'delete': ('managers', 'owners', ERQLExpression('X concerne S, S owned_by U')),
        }

    ref = String(fulltextindexed=True, indexed=True,
                 constraints=[SizeConstraint(16)])
    sujet = String(fulltextindexed=True,
                 constraints=[SizeConstraint(256)])
    concerne = SubjectRelation('Societe')
    opt_attr = Bytes()
示例#12
0
文件: schema.py 项目: zogzog/cubicweb
class Frozable(EntityType):
    __permissions__ = {
        'read':   ('managers', 'users'),
        'add':    ('managers', 'users'),
        'update': ('managers', ERQLExpression('X frozen False'),),
        'delete': ('managers', ERQLExpression('X frozen False'),)
    }
    name = String()
    frozen = Boolean(default=False,
                     __permissions__ = {
                         'read':   ('managers', 'users'),
                         'add':    ('managers', 'users'),
                         'update': ('managers', 'owners')
                         })
示例#13
0
class ExternalResource(EntityType):
    """ An entity used to to store a file path.

    Attributes
    ----------
    name: String (mandatory)
        the parameter name.
    filepath: String (mandatory)
        the file path.
    uploaded_by: SubjectRelation (mandatory)
        who has created the item.
    """
    # Set default permissions
    __permissions__ = {
        "read": (
            "managers",
            ERQLExpression("X uploaded_by U"),
        ),
        "add": ("managers", "users"),
        "delete": ("managers", ),
        "update": ("managers", ),
    }

    # Entity parameters
    name = String(required=True, indexed=False)
    filepath = String(required=True, indexed=False)

    # The link to the owner of the data
    uploaded_by = SubjectRelation("CWUser",
                                  cardinality="1*",
                                  composite="subject")
示例#14
0
class Basket(EntityType):
    """a basket contains a set of other entities"""
    __permissions__ = {
        'read': (
            'managers',
            ERQLExpression('X owned_by U'),
        ),
        'add': (
            'managers',
            'users',
        ),
        'delete': (
            'managers',
            'owners',
        ),
        'update': (
            'managers',
            'owners',
        ),
    }

    name = String(required=True,
                  indexed=True,
                  internationalizable=True,
                  maxsize=128)
    description = RichString(fulltextindexed=True)
示例#15
0
def post_build_callback(schema):
    config._CONTAINER_ETYPE_MAP.clear()

    project = config.Container('Project',
                               'project',
                               subcontainers=('Version', ))
    project.define_container(schema)
    version = config.Container('Version', 'version')
    version.define_container(schema)

    def project_rtypes_perms(role_to_container):
        # role_to_container is either 'S' or 'O'
        return {
            'read': ('managers', 'users'),
            'add':
            ('managers',
             RRQLExpression('%s project P, U canwrite P' % role_to_container)),
            'delete':
            ('managers',
             RRQLExpression('%s project P, U canwrite P' % role_to_container))
        }

    project.setup_rdefs_security(schema, project_rtypes_perms,
                                 project_rtypes_perms)

    # version container & security
    version.setup_rdefs_security(schema, PUB_SYSTEM_REL_PERMS,
                                 PUB_SYSTEM_REL_PERMS)

    for conf in (version, project):
        conf.setup_etypes_security(
            schema, {
                'read':
                ('managers',
                 ERQLExpression(
                     '(X owned_by U) OR (X %s C, U canread C)' % conf.crtype)),
                'add': ('managers', 'users'),
                'delete': ('managers', 'owners'),
                'update':
                ('managers', 'owners',
                 ERQLExpression('X %s C, U canwrite C' % conf.crtype)),
            })
示例#16
0
文件: schema.py 项目: zogzog/cubicweb
class Societe(EntityType):
    __unique_together__ = [('nom', 'type', 'cp')]
    __permissions__ = {
        'read': ('managers', 'users', 'guests'),
        'update': ('managers', 'owners', ERQLExpression('U login L, X nom L')),
        'delete': ('managers', 'owners', ERQLExpression('U login L, X nom L')),
        'add': ('managers', 'users',)
    }

    nom  = String(maxsize=64, fulltextindexed=True)
    web  = String(maxsize=128)
    type  = String(maxsize=128) # attribute in common with Note
    tel  = Int()
    fax  = Int()
    rncs = String(maxsize=128)
    ad1  = String(maxsize=128)
    ad2  = String(maxsize=128)
    ad3  = String(maxsize=128)
    cp   = String(maxsize=12)
    ville= String(maxsize=32)
示例#17
0
class CWSearch(EntityType):
    """ An entity used to save a search which may contains resources on the
    server file system.

    Attributes
    ----------
    title: String (mandatory)
        a short description of the file.
    path: String (mandatory)
        the rql request that will be saved.
    expiration_data: Date (mandatory)
        the expiration date of the current search.
    result: SubjectRelation (mandatory)
        a json file with all the server resources associated with the
        current search - {"rql": rql, "files": [], "nonexistent-files": []}
    rset: SubjectRelation (mandatory)
        the result set associated with the current search.
    rset_type: String (optional, default 'jsonexport')
        the type of the rset.
    """
    __permissions__ = {
        "read": (
            "managers",
            ERQLExpression("X owned_by U"),
        ),
        "add": ("managers", "users"),
        "delete": ("managers", "owners"),
        "update": ("managers", "owners"),
    }
    title = String(maxsize=256,
                   required=True,
                   constraints=[
                       RQLUniqueConstraint(
                           "X title N, S title N, X owned_by U, X is CWSearch",
                           mainvars="X",
                           msg=_("this name is already used"))
                   ],
                   description=_("Please set a unique subset name."))
    path = String(required=True,
                  description=_("the rql request we will save (do not edit "
                                "this field)."))
    expiration_date = Date(required=True, indexed=True)
    # json which contains resultset and filepath
    result = SubjectRelation("File",
                             cardinality="1*",
                             inlined=True,
                             composite="subject")
    rset = SubjectRelation("File",
                           cardinality="1*",
                           inlined=True,
                           composite="subject")
    # view regid to show rset
    rset_type = String(required=True, default="jsonexport", maxsize=50)
示例#18
0
class BlogEntry(WorkflowableEntityType):
    __permissions__ = {
        'read': (
            'managers',
            'users',
            ERQLExpression('X in_state S, S name "published"'),
        ),
        'add': ('managers', 'users'),
        'update': ('managers', 'owners'),
        'delete': ('managers', 'owners')
    }
    title = String(required=True, fulltextindexed=True, maxsize=256)
    content = RichString(required=True, fulltextindexed=True)
    entry_of = SubjectRelation('Blog')
    same_as = SubjectRelation('ExternalUri')
示例#19
0
文件: schema.py 项目: zogzog/cubicweb
class EmailPart(EntityType):
    """an email attachment"""
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),  # XXX if E parts X, U has_read_permission E
        'add': (
            'managers',
            ERQLExpression('E parts X, U has_update_permission E'),
        ),
        'delete':
        ('managers', ERQLExpression('E parts X, U has_update_permission E')),
        'update': (
            'managers',
            'owners',
        ),
    }

    content = String(fulltextindexed=True)
    content_format = String(required=True, maxsize=50)
    ordernum = Int(required=True)
    alternative = SubjectRelation('EmailPart', symmetric=True)
示例#20
0
 def test_yams_inheritance_and_security_bug(self):
     with self.temporary_permissions(Division={
             'read': ('managers', ERQLExpression('X owned_by U'))
     }):
         with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx:
             rqlst = self.repo.vreg.rqlhelper.parse(
                 'Any X WHERE X is_instance_of Societe')
             self.repo.vreg.solutions(cnx, rqlst, {})
             self.repo.vreg.rqlhelper.annotate(rqlst)
             plan = cnx.repo.querier.plan_factory(rqlst, {}, cnx)
             plan.preprocess(rqlst)
             self.assertEqual(
                 rqlst.as_string(),
                 '(Any X WHERE X is IN(Societe, SubDivision)) UNION '
                 '(Any X WHERE X is Division, EXISTS(X owned_by %(B)s))')
示例#21
0
文件: schema.py 项目: zogzog/cubicweb
class Note(Para):
    __specializes_schema__ = True

    __permissions__ = {'read':   ('managers', 'users', 'guests',),
                   'update': ('managers', 'owners',),
                   'delete': ('managers', ),
                   'add':    ('managers',
                              ERQLExpression('X ecrit_part PE, U in_group G, '
                                             'PE require_permission P, P name "add_note", '
                                             'P require_group G'),)}

    whatever = Int(default=0)  # keep it before `date` for unittest_migraction.test_add_attribute_int
    yesno = Boolean(default=False)
    date = Datetime()
    type = String(maxsize=1)
    unique_id = String(maxsize=1, required=True, unique=True)
    mydate = Date(default='TODAY')
    oldstyledefaultdate = Date(default='2013/01/01')
    newstyledefaultdate = Date(default=dt.date(2013, 1, 1))
    shortpara = String(maxsize=11, default='hop', vocabulary=['hop', 'hop hop', 'hop hop hop'])
    ecrit_par = SubjectRelation('Personne', constraints=[RQLConstraint('S concerne A, O concerne A')])
    attachment = SubjectRelation('File')
示例#22
0
class CWProcessing(EntityType):
    """ An entity used to to processing status and results.

    Attributes
    ----------
    status: String (mandatory)
        the processing status, one of ('error', 'sucess', 'scheduled', 'running').
    result_form: SubjectRelation (mandatory)
        the link to the result form.
    uploaded_by: SubjectRelation (mandatory)
        who has created the item.
    """
    # Set default permissions
    __permissions__ = {
        "read": (
            "managers",
            ERQLExpression("X uploaded_by U"),
        ),
        "add": ("managers", "users"),
        "delete": ("managers", ),
        "update": ("managers", ),
    }

    # Entity parameters
    status = String(required=True,
                    indexed=True,
                    vocabulary=("error", "sucess", "scheduled", "running"))

    # The link to the result data
    result_form = SubjectRelation("UploadForm",
                                  cardinality="**",
                                  composite="subject")

    # The link to the owner of the data
    uploaded_by = SubjectRelation("CWUser",
                                  cardinality="1*",
                                  composite="subject")
示例#23
0
class File(EntityType):
    """ A downloadable file which may contains binary data.
    """
    __permissions__ = {
        "read": (
            "managers",
            ERQLExpression("X owned_by U"),
        ),
        "add": ("managers", "users"),
        "delete": ("managers", "owners"),
        "update": ("managers", "owners"),
    }
    title = String(fulltextindexed=True, maxsize=256)
    data = Bytes(required=True,
                 fulltextindexed=True,
                 description=_("file to upload"))
    data_format = String(
        required=True,
        maxsize=128,
        description=_("MIME type of the file. Should be dynamically set at "
                      "upload time."))
    data_encoding = String(
        maxsize=32,
        description=_("encoding of the file when it applies (e.g. text). "
                      "Should be dynamically set at upload time."))
    data_name = String(
        required=True,
        fulltextindexed=True,
        description=_("name of the file. Should be dynamically set at upload "
                      "time."))
    data_sha1hex = String(
        maxsize=40,
        description=_("SHA1 sum of the file. May be set at upload time."))
    description = RichString(fulltextindexed=True,
                             internationalizable=True,
                             default_format="text/rest")
示例#24
0
 def test_has_update_permission(self):
     expr = ERQLExpression('P use_email X, U has_update_permission P')
     rql, found, keyarg = expr.transform_has_permission()
     self.assertEqual(rql, 'Any X,P WHERE P use_email X, X eid %(x)s')
     self.assertEqual(found, [(u'update', 1)])
     self.assertEqual(keyarg, None)
示例#25
0
 def test_comparison(self):
     self.assertEqual(ERQLExpression('X is CWUser', 'X', 0),
                      ERQLExpression('X is CWUser', 'X', 0))
     self.assertNotEqual(ERQLExpression('X is CWUser', 'X', 0),
                         ERQLExpression('X is CWGroup', 'X', 0))
示例#26
0
from cubicweb.schema import (CubicWebSchema, CubicWebSchemaLoader,
                             RQLConstraint, RQLUniqueConstraint,
                             RQLVocabularyConstraint, ERQLExpression,
                             RRQLExpression, normalize_expression,
                             order_eschemas, guess_rrqlexpr_mainvars,
                             build_schema_from_namespace)
from cubicweb.devtools.testlib import CubicWebTC

DATADIR = join(dirname(__file__), 'data')

# build a dummy schema ########################################################

PERSONNE_PERMISSIONS = {
    'read': ('managers', 'users', 'guests'),
    'update': ('managers', 'owners'),
    'add': ('managers', ERQLExpression('X travaille S, S owned_by U')),
    'delete': (
        'managers',
        'owners',
    ),
}

CONCERNE_PERMISSIONS = {
    'read': ('managers', 'users', 'guests'),
    'add': ('managers', RRQLExpression('U has_update_permission S')),
    'delete': ('managers', RRQLExpression('O owned_by U')),
}

schema = CubicWebSchema('Test Schema')
enote = schema.add_entity_type(EntityType('Note'))
eaffaire = schema.add_entity_type(EntityType('Affaire'))
示例#27
0
# CubicWeb import
from yams.buildobjs import EntityType
from yams.buildobjs import String
from yams.buildobjs import Bytes
from yams.buildobjs import RichString
from yams.buildobjs import RelationDefinition
from cubicweb.schema import ERQLExpression
from yams.buildobjs import SubjectRelation

###############################################################################
# Modification of the schema
###############################################################################

UPLOAD_PERMISSIONS = {
    "read": ("managers", ERQLExpression("X created_by U")),
    "add": ("managers", ),
    "update": ("managers", ),
    "delete": ("managers", ),
}

UPLOAD_RELATION_PERMISSIONS = {
    "read": ("managers", "users"),
    "add": ("managers", ),
    "delete": ("managers", ),
}


class UploadFile(EntityType):
    """ An entity used to upload file which may contain binary data.
示例#28
0
class toto(RelationType):
    __permissions__ = {
        'read': ('managers', ),
        'add': ('managers', ERQLExpression('S bla Y'),),
        'delete': ('managers',),
        }
示例#29
0
文件: security.py 项目: gareaut/piws
enable_upload = config["enable-upload"]
share_group_uploads = config["share_group_uploads"]
authorized_upload_groups = config["authorized-upload-groups"]
authorized_upload_groups = set(authorized_upload_groups)
for group_name in authorized_upload_groups:
    BASE_GROUPS.add(group_name)
authorized_upload_groups.add("managers")
UPLOAD_PERMISSIONS["add"] = tuple(authorized_upload_groups)
UPLOAD_RELATION_PERMISSIONS["add"] = UPLOAD_PERMISSIONS["add"]
UPLOAD_PUBLIC_ENTITIES = []
if enable_upload:
    UPLOAD_PUBLIC_ENTITIES = ["CWUser", "CWGroup"]
if share_group_uploads:
    UPLOAD_PERMISSIONS["read"] = (
        "managers",
        ERQLExpression(("X created_by Y, Y in_group GY, NOT GY name 'users', "
                        "U in_group GY")))

###############################################################################
# Define permission relations
###############################################################################


# CWGROUP
class can_read(RelationDefinition):
    """ Link a group to an assessment with this relation to give the group
    users read access to the assessment related entities.
    """
    inlined = False
    subject = "CWGroup"
    object = "Assessment"
    cardinality = "*+"
示例#30
0
from yams.buildobjs import EntityType, String, SubjectRelation, Bytes
from cubicweb.schema import RRQLExpression, ERQLExpression, PUB_SYSTEM_REL_PERMS

from cubes.container import config
from cubes.container.secutils import PERM, PERMS

# custom ad-hoc rules
PERMS['project'] = {
    'read': ('managers', ERQLExpression('(X owned_by U) OR (U canread X)')),
    'add': ('managers', 'users'),
    'delete': ('managers', 'owners'),
    'update': ('managers', 'owners', ERQLExpression('U canwrite X')),
}

PERMS['project-documentation'] = {
    'read': ('managers', 'users'),
    'add': ('managers', 'project_managers'),
    'delete': ('managers', 'project_managers')
}

PERMS['version-documentation'] = {
    'read': ('managers', 'users'),
    'add': ('managers', 'version_managers'),
    'delete': ('managers', 'version_managers')
}

PERMS['ticket-documentation'] = {
    'read': ('managers', 'users'),
    'add': ('managers', 'ticket_managers'),
    'delete': ('managers', 'ticket_managers')
}