[Cubicweb] attributes security
Denis Laxalde
denis.laxalde at logilab.fr
Tue Feb 18 17:37:17 CET 2014
Aurélien Campéas a écrit :
> On 18/02/2014 12:00, Sylvain Thénault wrote:
>> The pb is that when setting frozen to True, the permissions checking now occurs
>> after the can_write relation has been deleted, hence raise Unauthorized. This
>> used to work in cubicweb 3.17.
>
> Can you show the __permissions__ ?
(Not sure which permissions you're asking for.)
You can start with the test setup in collaboration cube:
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/test/data/schema.py
And then follow what the setup helpers do, e.g.:
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/__init__.py
As well as hooks that complement the schema security:
http://hg.logilab.org/review/cubes/collaboration/file/abd0dd979060/hooks.py
More information about the Cubicweb
mailing list