[Cubicweb] RRQLExpression and ERQLExpression

Aurélien Campéas aurelien.campeas at logilab.fr
Tue Apr 15 18:05:18 CEST 2014

On 15/04/2014 17:44, Jinpeng Li wrote:
> I can read a lot of other information from the system. From this point,
> I don't know if it is a good idea that "all users should be in the
> 'users' group".

This is a very lenient default and could be tightened, indeed.

In practice, application writers may want their own policy for
"users", or even a subtle partition over those (e.g. from "registered
but read-only people") to some kind of power users.

It is not completely easy ... I guess this is what Sylvain alludes to
when he says we're thinking about it.

You can always:

* monkeypatch the relevant etype/rtype permissions (right up to
  cubicweb and the cubes you depend on)

* monkeypatch the _default_ permission dictionaries if needed. Here be
  some dragons but it is doable.


More information about the Cubicweb mailing list