[Cubicweb] attributes security
denis.laxalde at logilab.fr
Tue Feb 18 17:37:17 CET 2014
Aurélien Campéas a écrit :
> On 18/02/2014 12:00, Sylvain Thénault wrote:
>> The pb is that when setting frozen to True, the permissions checking now occurs
>> after the can_write relation has been deleted, hence raise Unauthorized. This
>> used to work in cubicweb 3.17.
> Can you show the __permissions__ ?
(Not sure which permissions you're asking for.)
You can start with the test setup in collaboration cube:
And then follow what the setup helpers do, e.g.:
As well as hooks that complement the schema security:
More information about the Cubicweb