[Cubicweb] A few questions regarding CubicWeb customization

Adrien Di Mascio adimasci at gmail.com
Tue Sep 20 21:47:32 CEST 2011


Hi Fidel,

On Tue, Sep 20, 2011 at 9:22 PM, Fidel Viegas
<development at kazomosolutions.biz> wrote:
> Well, I wanted to hide it in the main area (manage), but given that you have
> said that all entities are inevitably visible, someone knowledgeable could
> manipulate the url in order to access the hidden entities.

Completely inhibiting standard actions on a given entity type might be
possible but would require a fair amount of tweaks. There's a few
things that could be done, though.

The first thing would be to remove your entity type from the index /
manage page. This can be done with uicfg [1] instructions : only
entity types tagged with the 'application' tag are listed there.
Notice that if your entity is a "composed" entity type (i.e. declared
using the *composite* keyword argument in your schema, as in [2]),
this should be done automatically.

Then, you would have to disable all standard URL resolvers for this
given type to make them un-dereferenceable : this is probably the
trickiest part as it would require to override some default URL
components [3] and URL rewriters [4]. And then, you would still have
have to make sure your entity type is not accessible with an explicit
RQL query in a URL. Thus, even if all of this would be completely
doable, the easiest trick would be the one suggested by Aurélien to
redefine the *primary* view of your entity type and make it redirect
to the *parent* entity's primary view.

[1] http://docs.cubicweb.org/devweb/rtags.html?highlight=uicfg#index-view-configuration
[2] http://hg.logilab.org/cubicweb/file/1ec9fe1dfba9/schemas/base.py#l82
[3] http://hg.logilab.org/cubicweb/file/1ec9fe1dfba9/web/views/urlpublishing.py#l154
[4] http://hg.logilab.org/cubicweb/file/1ec9fe1dfba9/web/views/urlrewrite.py#l104

Regards,
Adrien



More information about the Cubicweb mailing list