[Cubicweb] CW - Security Model

Carlos Balderas carlos.balderas at gmail.com
Sun Feb 7 19:09:20 CET 2010

Hi everyone, I was trying to create some new group-user to manage
permissions over some entities, but I think I could be missing some step...
does anybody could give me a clue please?

here is a simple example

1.- I defined in precreate.py file the instruction to add the group
    create_entity('CWGroup', name=u'rh')

2.- In schema.py
class Employee(EntityType):
    permissions = {'read':('managers', 'rh'), 'add':('managers', 'rh'),
'update':('managers', 'rh'), 'delete':('managers','rh')}
    firstname = String(maxsize=64, description=_('first name'),
    surname = String(maxsize=64, description=_('surname'))

3.- In poscreate.py file put the instruccion to add a default user to the
     rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C in_group G
WHERE G is CWGroup, G name "rh"')

4.- After building database and cube instance, I try to use the rh user to
add, update, etc, actions, according to the permissions defined in schema
but I this user only get to see the list of the employees entities, if the
user access the primary view none attributes are shown, same case to add or
modify an existing employee entity, only the buttons of : validate, apply
and cancel are displayed.

5.- If I change these permissions (schema.py) to be used by the standard
group 'guests',  everything seems to work fine.

So thats why I think I could be missing a step here, due if I use the guests
group-users, I get the correct permissions.

Thank you, I appreciate  very much all your help
Best Regards
Carlos Balderas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100207/ac7db38b/attachment-0186.html>

More information about the Cubicweb mailing list