[Cubicweb] attributes security

Denis Laxalde denis.laxalde at logilab.fr
Tue Feb 18 17:37:17 CET 2014


Aurélien Campéas a écrit :
> On 18/02/2014 12:00, Sylvain Thénault wrote:
>> The pb is that when setting frozen to True, the permissions checking now occurs
>> after the can_write relation has been deleted, hence raise Unauthorized. This
>> used to work in cubicweb 3.17.
>
> Can you show the __permissions__ ?

(Not sure which permissions you're asking for.)

You can start with the test setup in collaboration cube: 
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/test/data/schema.py

And then follow what the setup helpers do, e.g.: 
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/__init__.py

As well as hooks that complement the schema security: 
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/hooks.py



More information about the Cubicweb mailing list