[Cubicweb] Cubicweb Digest, Vol 12, Issue 1

Carlos Balderas carlos.balderas at gmail.com
Mon Feb 8 16:24:06 CET 2010


Hi, Florent !

I added the rh_user in users group and it works fine now :-)

What I am trying to do is build a cubicweb security at entities level, then
I will try to make this same security at attributes and relations level.
e.i. speaking about employees not everyone can access certain data that just
concern to the employee and the company, but the general users of the
application can look for the office number, email, photo, etc.

Let's see how it goes.... =)

Thank you very much.
Best Regards
Carlos Balderas



On Mon, Feb 8, 2010 at 5:00 AM, <cubicweb-request at lists.cubicweb.org> wrote:

> Send Cubicweb mailing list submissions to
>        cubicweb at lists.cubicweb.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.cubicweb.org/mailman/listinfo/cubicweb
> or, via email, send a message with subject or body 'help' to
>        cubicweb-request at lists.cubicweb.org
>
> You can reach the person managing the list at
>        cubicweb-owner at lists.cubicweb.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Cubicweb digest..."
>
>
> Today's Topics:
>
>   1. CW - Security Model (Carlos Balderas)
>   2. Re: CW - Security Model (Florent Cayr?)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 7 Feb 2010 12:09:20 -0600
> From: Carlos Balderas <carlos.balderas at gmail.com>
> Subject: [Cubicweb] CW - Security Model
> To: cubicweb at lists.cubicweb.org
> Message-ID:
>        <cafa12b91002071009k57a3cc4fu59ec2df6aae9bf05 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi everyone, I was trying to create some new group-user to manage
> permissions over some entities, but I think I could be missing some step...
> does anybody could give me a clue please?
>
> here is a simple example
>
> 1.- I defined in precreate.py file the instruction to add the group
>    create_entity('CWGroup', name=u'rh')
>
> 2.- In schema.py
> class Employee(EntityType):
>    permissions = {'read':('managers', 'rh'), 'add':('managers', 'rh'),
> 'update':('managers', 'rh'), 'delete':('managers','rh')}
>    firstname = String(maxsize=64, description=_('first name'),
> required=True)
>    surname = String(maxsize=64, description=_('surname'))
>
> 3.- In poscreate.py file put the instruccion to add a default user to the
> group
>     rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C in_group G
> WHERE G is CWGroup, G name "rh"')
>
> 4.- After building database and cube instance, I try to use the rh user to
> add, update, etc, actions, according to the permissions defined in schema
> but I this user only get to see the list of the employees entities, if the
> user access the primary view none attributes are shown, same case to add or
> modify an existing employee entity, only the buttons of : validate, apply
> and cancel are displayed.
>
> 5.- If I change these permissions (schema.py) to be used by the standard
> group 'guests',  everything seems to work fine.
>
> So thats why I think I could be missing a step here, due if I use the
> guests
> group-users, I get the correct permissions.
>
>
> Thank you, I appreciate  very much all your help
> Best Regards
> Carlos Balderas
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100207/ac7db38b/attachment.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 7 Feb 2010 21:07:30 +0100
> From: Florent Cayr? <florent at secondweb.fr>
> Subject: Re: [Cubicweb] CW - Security Model
> To: Carlos Balderas <carlos.balderas at gmail.com>
> Cc: cubicweb at lists.cubicweb.org
> Message-ID:
>        <dbf017781002071207n5cd5326dg4e6ab59a7e70741c at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Carlos,
>
> the problem (a classic one) may be that your user must also be a member of
> the "users" group. Try to add in your postcreate.py :
>
> rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C in_group G
> WHERE G is CWGroup, G name "users"')
>
> Regards,
> Florent.
>
> 2010/2/7 Carlos Balderas <carlos.balderas at gmail.com>
>
> > Hi everyone, I was trying to create some new group-user to manage
> > permissions over some entities, but I think I could be missing some
> step...
> > does anybody could give me a clue please?
> >
> > here is a simple example
> >
> > 1.- I defined in precreate.py file the instruction to add the group
> >     create_entity('CWGroup', name=u'rh')
> >
> > 2.- In schema.py
> > class Employee(EntityType):
> >     permissions = {'read':('managers', 'rh'), 'add':('managers', 'rh'),
> > 'update':('managers', 'rh'), 'delete':('managers','rh')}
> >     firstname = String(maxsize=64, description=_('first name'),
> > required=True)
> >     surname = String(maxsize=64, description=_('surname'))
> >
> > 3.- In poscreate.py file put the instruccion to add a default user to the
> > group
> >      rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C
> in_group
> > G WHERE G is CWGroup, G name "rh"')
> >
> > 4.- After building database and cube instance, I try to use the rh user
> to
> > add, update, etc, actions, according to the permissions defined in schema
> > but I this user only get to see the list of the employees entities, if
> the
> > user access the primary view none attributes are shown, same case to add
> or
> > modify an existing employee entity, only the buttons of : validate, apply
> > and cancel are displayed.
> >
> > 5.- If I change these permissions (schema.py) to be used by the standard
> > group 'guests',  everything seems to work fine.
> >
> > So thats why I think I could be missing a step here, due if I use the
> > guests group-users, I get the correct permissions.
> >
> >
> > Thank you, I appreciate  very much all your help
> > Best Regards
> > Carlos Balderas
> >
> > _______________________________________________
> > Cubicweb mailing list
> > Cubicweb at lists.cubicweb.org
> > http://lists.cubicweb.org/mailman/listinfo/cubicweb
> >
> >
>
>
> --
> Ce message est la propri?t? de SecondWeb et peut contenir des informations
> confidentielles. Si vous n'?tes pas le destinataire d?sign?, nous vous
> remercions de bien vouloir nous en aviser imm?diatement et de nous
> retourner
> ce message ou de le d?truire, sans faire un quelconque usage de son
> contenu,
> ni le communiquer ou le diffuser, ni en prendre copie, ?lectronique ou non.
>
> This message is the property of SecondWeb and may contain confidential
> information. If you are not the designated recipient, please notify us
> immediately and return the message to us or destroy it, without making any
> use whatsoever of the contents thereof. Furthermore you should not forward
> or copy the message by electronic or other means.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100207/7da867dc/attachment-0001.htm
> >
>
> ------------------------------
>
> _______________________________________________
> Cubicweb mailing list
> Cubicweb at lists.cubicweb.org
> http://lists.cubicweb.org/mailman/listinfo/cubicweb
>
>
> End of Cubicweb Digest, Vol 12, Issue 1
> ***************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100208/73502c9f/attachment-0001.html>


More information about the Cubicweb mailing list