[Cubicweb] CW - Security Model

Florent Cayré florent at secondweb.fr
Sun Feb 7 21:07:30 CET 2010

Hi Carlos,

the problem (a classic one) may be that your user must also be a member of
the "users" group. Try to add in your postcreate.py :

rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C in_group G
WHERE G is CWGroup, G name "users"')


2010/2/7 Carlos Balderas <carlos.balderas at gmail.com>

> Hi everyone, I was trying to create some new group-user to manage
> permissions over some entities, but I think I could be missing some step...
> does anybody could give me a clue please?
> here is a simple example
> 1.- I defined in precreate.py file the instruction to add the group
>     create_entity('CWGroup', name=u'rh')
> 2.- In schema.py
> class Employee(EntityType):
>     permissions = {'read':('managers', 'rh'), 'add':('managers', 'rh'),
> 'update':('managers', 'rh'), 'delete':('managers','rh')}
>     firstname = String(maxsize=64, description=_('first name'),
> required=True)
>     surname = String(maxsize=64, description=_('surname'))
> 3.- In poscreate.py file put the instruccion to add a default user to the
> group
>      rql('INSERT CWUser C: C login "rh_user", C upassword "rh", C in_group
> G WHERE G is CWGroup, G name "rh"')
> 4.- After building database and cube instance, I try to use the rh user to
> add, update, etc, actions, according to the permissions defined in schema
> but I this user only get to see the list of the employees entities, if the
> user access the primary view none attributes are shown, same case to add or
> modify an existing employee entity, only the buttons of : validate, apply
> and cancel are displayed.
> 5.- If I change these permissions (schema.py) to be used by the standard
> group 'guests',  everything seems to work fine.
> So thats why I think I could be missing a step here, due if I use the
> guests group-users, I get the correct permissions.
> Thank you, I appreciate  very much all your help
> Best Regards
> Carlos Balderas
> _______________________________________________
> Cubicweb mailing list
> Cubicweb at lists.cubicweb.org
> http://lists.cubicweb.org/mailman/listinfo/cubicweb

Ce message est la propriété de SecondWeb et peut contenir des informations
confidentielles. Si vous n'êtes pas le destinataire désigné, nous vous
remercions de bien vouloir nous en aviser immédiatement et de nous retourner
ce message ou de le détruire, sans faire un quelconque usage de son contenu,
ni le communiquer ou le diffuser, ni en prendre copie, électronique ou non.

This message is the property of SecondWeb and may contain confidential
information. If you are not the designated recipient, please notify us
immediately and return the message to us or destroy it, without making any
use whatsoever of the contents thereof. Furthermore you should not forward
or copy the message by electronic or other means.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20100207/7da867dc/attachment-0187.html>

More information about the Cubicweb mailing list