[Cubicweb] attributes security

Denis Laxalde denis.laxalde at logilab.fr
Tue Feb 18 17:37:17 CET 2014

Aurélien Campéas a écrit :
> On 18/02/2014 12:00, Sylvain Thénault wrote:
>> The pb is that when setting frozen to True, the permissions checking now occurs
>> after the can_write relation has been deleted, hence raise Unauthorized. This
>> used to work in cubicweb 3.17.
> Can you show the __permissions__ ?

(Not sure which permissions you're asking for.)

You can start with the test setup in collaboration cube: 

And then follow what the setup helpers do, e.g.: 

As well as hooks that complement the schema security: 

More information about the Cubicweb mailing list