[Cubicweb] A few questions regarding CubicWeb customization

aurélien campéas aurelien.campeas at gmail.com
Tue Sep 20 21:50:58 CEST 2011


2011/9/20 Fidel Viegas <development at kazomosolutions.biz>

>  Hi Aurélien,
>
>
> On 20/09/11 08:35, aurélien campéas wrote:
>
>  where do you want to hide them? In the invoice entity (primary) view? On
>> their dedicated page (/<line items>)?
>>
>
>  All the entities are inevitably always available ... I mean browseable in
> some way or another.
>
>  Now if you want to never show end-users some line under
> http://..../eid/42 (that would be a line item) one solution is to redefine
> the line item primary view to redirect to the enclosing/containing invoice
> entity (primary view).
>
>
>
> Thanks for your explanations.
>
>
>  Is this the kind of things you are looking for ?
>
>
> Well, I wanted to hide it in the main area (manage), but given that you
> have said that all entities are inevitably visible, someone knowledgeable
> could manipulate the url in order to access the hidden entities.
>


Please note that the management view is only a default, and a well rounded
app likely will have its own notion of what is the index page. I haven't
worked on a cubicweb app that actually used this view except for exceptional
admin stuff.

I think in theory you could hide/inhibit access to some entity types but
this isn't something I would strive to do because:
* if something has to be protected, then you need a proper security model
(and by chance cubicweb provides awesome security mechanisms out of the box)
* if some knowledgeable person can take a shortcut to some entity by using
some url, what's the problem if the security model actually allows this
(hint: security is defined on data, not on views) ?

What's important is the common visitable area that is defined by the
application ui.

Last point, you can of course control the meaning/behaviour of urls in
cubicweb like with any other framework (but the doc does not insist on this
as it is a rather low-level and imho uninteresting aspect).

Regards,
Aurélien.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20110920/5a3ceca2/attachment-0186.html>


More information about the Cubicweb mailing list