示例#1
0
文件: schema.py 项目: zogzog/cubicweb
class travaille(RelationDefinition):
    __permissions__ = {
        'read':   ('managers', 'users', 'guests'),
        'add':    ('managers', RRQLExpression('U has_update_permission S')),
        'delete': ('managers', RRQLExpression('O owned_by U')),
        }
    subject = 'Personne'
    object = 'Societe'
    constraints = [RQLVocabularyConstraint('S owned_by U'),
                   RQLVocabularyConstraint('S created_by U')]
示例#2
0
 def inner_rdefs_perms(role_to_container):
     # role_to_container is either 'S' or 'O'
     return {
         'read': ('managers', 'users', 'guests'),
         'add':
         ('managers',
          RRQLExpression('%s project P, U canwrite P' % role_to_container)),
         'delete':
         ('managers',
          RRQLExpression('%s project P, U canwrite P' % role_to_container)),
     }
示例#3
0
class bookmarked_by(RelationType):
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),
        # test user in users group to avoid granting permission to anonymous user
        'add': ('managers',
                RRQLExpression('O identity U, U in_group G, G name "users"')),
        'delete':
        ('managers',
         RRQLExpression('O identity U, U in_group G, G name "users"')),
    }
 def test_check_inlined_rdef_permissions(self):
     # try to check permissions when creating an entity ('user' below is a
     # fresh entity without an eid)
     with self.admin_access.web_request() as req:
         ttype = 'EmailAddress'
         rschema = self.schema['use_email']
         rdef = rschema.rdefs[('CWUser', ttype)]
         tschema = self.schema[ttype]
         role = 'subject'
         with self.temporary_permissions((rdef, {'add': ()})):
             user = self.vreg['etypes'].etype_class('CWUser')(req)
             autoform = self.vreg['forms'].select('edition',
                                                  req,
                                                  entity=user)
             self.assertFalse(
                 autoform.check_inlined_rdef_permissions(
                     rschema, role, tschema, ttype))
         # we actually don't care about the actual expression,
         # may_have_permission only checks the presence of such expressions
         expr = RRQLExpression('S use_email O')
         with self.temporary_permissions((rdef, {'add': (expr, )})):
             user = self.vreg['etypes'].etype_class('CWUser')(req)
             autoform = self.vreg['forms'].select('edition',
                                                  req,
                                                  entity=user)
             self.assertTrue(
                 autoform.check_inlined_rdef_permissions(
                     rschema, role, tschema, ttype))
示例#5
0
 def test_rrqlexpression(self):
     self.assertRaises(Exception, RRQLExpression, '1')
     self.assertRaises(RQLSyntaxError, RRQLExpression, 'O X Y')
     expr = RRQLExpression('U has_update_permission O')
     self.assertEqual(
         str(expr),
         'Any O,U WHERE U has_update_permission O, O eid %(o)s, U eid %(u)s'
     )
示例#6
0
文件: schema.py 项目: zogzog/cubicweb
class ecrit_par(RelationType):
    __permissions__ = {'read':   ('managers', 'users', 'guests',),
                   'delete': ('managers', ),
                   'add':    ('managers',
                              RRQLExpression('O require_permission P, P name "add_note", '
                                             'U in_group G, P require_group G'),)
                   }
    inlined = True
    cardinality = '?*'
示例#7
0
class toto(RelationType):
    __permissions__ = {
        'read': (
            'managers',
            RRQLExpression('S bla Y'),
        ),
        'add': ('managers', ),
        'delete': ('managers', ),
    }
示例#8
0
class see_also(RelationType):
    """generic relation to link one entity to another"""
    symmetric = True
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),
        'add': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
        'delete': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
    }
示例#9
0
class ToTo(EntityType):
    __permissions__ = {
        'read': (
            'managers',
            RRQLExpression('S bla Y'),
        ),
        'add': ('managers', ),
        'update': ('managers', ),
        'delete': ('managers', ),
    }
    attr = String()
示例#10
0
class owned_by(RelationType):
    """core relation indicating owners of an entity. This relation
    implicitly put the owner into the owners group for the entity
    """
    __permissions__ = {
        'read': ('managers', 'users', 'guests'),
        'add': (
            'managers',
            RRQLExpression('S owned_by U'),
        ),
        'delete': (
            'managers',
            RRQLExpression('S owned_by U'),
        ),
    }
    # 0..n cardinality for entities created by internal session (no attached user)
    # and to support later deletion of a user which has created some entities
    cardinality = '**'
    subject = '*'
    object = 'CWUser'
示例#11
0
class primary_email(RelationDefinition):
    """the prefered email"""
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),
        'add': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
        'delete': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
    }
    subject = "CWUser"
    object = "EmailAddress"
    cardinality = '??'
    constraints = [RQLConstraint('S use_email O')]
示例#12
0
class prefered_form(RelationType):
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),
        # XXX should have update __permissions__ on both subject and object,
        #     though by doing this we will probably have no way to add
        #     this relation in the web ui. The easiest way to acheive this
        #     is probably to be able to have "U has_update_permission O" as
        #     RQLConstraint of the relation definition, though this is not yet
        #     possible
        'add': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
        'delete': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
    }
示例#13
0
class use_email_relation(RelationDefinition):
    """user's email account"""
    name = "use_email"
    __permissions__ = {
        'read': (
            'managers',
            'users',
            'guests',
        ),
        'add': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
        'delete': (
            'managers',
            RRQLExpression('U has_update_permission S'),
        ),
    }
    subject = "CWUser"
    object = "EmailAddress"
    cardinality = '*?'
    composite = 'subject'
示例#14
0
文件: schema.py 项目: zogzog/cubicweb
class comments(RelationType):
    __permissions__ = {
        'read': ('managers', 'users', 'guests'),
        'add': (
            'managers',
            'users',
        ),
        'delete': (
            'managers',
            RRQLExpression('S owned_by U'),
        ),
    }
    inlined = True
    composite = 'object'
    cardinality = '1*'
示例#15
0
class concerne(RelationType):
    __permissions__ = {
        'read': ('managers', 'users', 'guests'),
        'add': ('managers', RRQLExpression('U has_update_permission S')),
        'delete': ('managers', RRQLExpression('O owned_by U')),
    }
示例#16
0
Do not deal with composition relation properties since the generated databases
are not expected to be dynamics.
"""

# Cubicweb import
from yams.buildobjs import RelationDefinition
from yams.buildobjs import SubjectRelation
from cubicweb.schema import RRQLExpression

# Local import
from cubes.brainomics2.schema.neuroimaging import SCAN_DATA

RELATION_PERMISSIONS = {
    "read": ("managers", "users"),
    "add": ("managers",
            RRQLExpression("S in_assessment A, U in_group G, G can_update A")),
    "delete":
    ("managers",
     RRQLExpression("S in_assessment A, U in_group G, G can_update A"))
}


class questionnaire_runs(RelationDefinition):
    __permissions__ = RELATION_PERMISSIONS
    inlined = False
    subject = "Assessment"
    object = "QuestionnaireRun"
    cardinality = "*1"


class questionnaire_questionnaire_runs(RelationDefinition):
示例#17
0
class attr(RelationType):
    __permissions__ = {
        'read': ('managers', ),
        'update': ('managers', RRQLExpression('S bla Y'),),
        'add': ('managers', RRQLExpression('S bla Y'),),
        }
示例#18
0
# build a dummy schema ########################################################

PERSONNE_PERMISSIONS = {
    'read': ('managers', 'users', 'guests'),
    'update': ('managers', 'owners'),
    'add': ('managers', ERQLExpression('X travaille S, S owned_by U')),
    'delete': (
        'managers',
        'owners',
    ),
}

CONCERNE_PERMISSIONS = {
    'read': ('managers', 'users', 'guests'),
    'add': ('managers', RRQLExpression('U has_update_permission S')),
    'delete': ('managers', RRQLExpression('O owned_by U')),
}

schema = CubicWebSchema('Test Schema')
enote = schema.add_entity_type(EntityType('Note'))
eaffaire = schema.add_entity_type(EntityType('Affaire'))
eperson = schema.add_entity_type(
    EntityType('Personne', __permissions__=PERSONNE_PERMISSIONS))
esociete = schema.add_entity_type(EntityType('Societe'))

RELS = (
    # attribute relations
    ('Note date String'),
    ('Note type String'),
    ('Affaire sujet String'),
示例#19
0
    __permissions__ = {
        'read': ('managers', ERQLExpression('X owned_by U'),
                 ERQLExpression('U canread X')),
        'add': ('managers', 'users'),
        'update': ('managers', ERQLExpression('U canwrite X')),
        'delete': ('managers', ERQLExpression('U canwrite X'))
    }
    subproject_of = SubjectRelation('Project',
                                    composite='object',
                                    inlined=True,
                                    cardinality='?*')


PERMS['project-meta-perms'] = {
    'read': ('managers', 'users', 'guests'),
    'add': ('managers', RRQLExpression('O owned_by S')),
    'delete': ('managers', RRQLExpression('O owned_by S'))
}


# a standard read-write permission scheme
class canread(RelationDefinition):
    __permissions__ = PERM('project-meta-perms')
    subject = 'CWUser'
    object = 'Project'


class canwrite(RelationDefinition):
    __permissions__ = PERM('project-meta-perms')
    subject = 'CWUser'
    object = 'Project'
示例#20
0
class computed(ComputedRelation):
    rule = 'S relation O'
    __permissions__ = {'read': (RRQLExpression('S is ET'), )}
示例#21
0
 def _rqlexpr(self):
     if self.exprtype == 'ERQLExpression':
         return ERQLExpression(self.expression, self.mainvars, self.eid)
     #if self.exprtype == 'RRQLExpression':
     return RRQLExpression(self.expression, self.mainvars, self.eid)