[Cubicweb] RRQLExpression and ERQLExpression

Sylvain Thénault sylvain.thenault at logilab.fr
Tue Apr 15 16:35:25 CEST 2014


On 15 avril 16:02, mr.li.jinpeng at gmail.com wrote:
> On 04/15/2014 03:23 PM, Sylvain Thénault wrote:
> >On 15 avril 14:26, Jinpeng Li wrote:
> >your case #1 should be the right way to do this.
> >
> >>1: Study.name doesn't inherit permissions from Study
> >there is the problem. Which cubicweb/yams version are you using?
> >What's the result of `schema['Study'].rdef('name').permissions`?
> This is from case #1:
> 
> # cubicweb-ctl shell test_permission
> 
> >>> import cubicweb
> >>> print cubicweb.__version__
> 3.18.4
> >>> import yams
> >>> print(yams.__version__)
> 0.39.1
> >>> print(schema['Study'].rdef('name').permissions)
> {'read': (u'managers', u'users', u'guests'), 'add': (u'managers',
> ERQLExpression(Any X WHERE U has_add_permission X, X eid %(x)s, U
> eid %(u)s)), 'update': (u'managers', ERQLExpression(Any X WHERE U
> has_update_permission X, X eid %(x)s, U eid %(u)s))}

I get it: the problem is that all users should be in the 'users' group else you
go into such weirdness. There are currently some thinking about that, but until
a better day you'll need this. Take a look at the above (default) attribute
permissions, this is quite instructive.

> >>2: Study.get_relation("name").__permissions__ cannot use neither
> >>RRQLExpression nor ERQLExpression.
> >to precise things a bit:
> >
> >* attribute permissions should use ERQLExpression, RRQLExpression is for (non
> >   final) relations only
> >
> >* you can't use rql expression in 'read' permissions for both attributes and
> >   relations
> Therefore how could I visit these attributes under those permission
> control? I think that it is linked to the first question.

the idea wrt attribute read permissions is to grant them to anybody (eg
'managers', 'users' and 'guests' groups), so it will rely on their entity's read
permissions. For 'update'/'add' permissions, similar achievments is done use
special 'has_update_permission' and 'has_add_permission' relations.

-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the Cubicweb mailing list