[Cubicweb] How to customize permissions on relations ?

Aurélien Campéas aurelien.campeas at logilab.fr
Tue Jan 7 15:16:34 CET 2014


Hello,

On 07/01/2014 14:54, Yann Cointepas wrote:
> I am trying to define permissions for all entities and relations used in
> a cube. At the end of schema.py of my cube I import all the
> entities/relations I use and call set_permissions on them. It works for
> entities but on relations, Cubicweb complains :
> 
> yams._exceptions.BadSchemaDefinition: conflicting values {'read':
> ('managers', 'users'), 'add': ('managers', RRQLExpression(Any S,U WHERE
> S belong_to ST, U can_modify ST, S eid %(s)s, U eid %(u)s)), 'delete':
> ('managers', RRQLExpression(Any S,U WHERE S belong_to ST, U can_modify
> ST, S eid %(s)s, U eid %(u)s))}/{'read': ('managers', 'users',
> 'guests'), 'add': ('managers', 'users'), 'delete': ('managers',
> RRQLExpression(Any S,U WHERE S owned_by U, S eid %(s)s, U eid %(u)s))}
> for property __permissions__ of relation 'comments'
> 
> 
> The "comments" relation have the following definition (in
> cubicweb-brainomics) :
> 
> class comments(RelationDefinition):
>     subject = 'Comment'
>     object = COMMENTED_ENTITIES
> 
> 
> I am trying to set the following permissions:
> 
> RELATION_PERMISSIONS = {
>   'read':   ( 'managers', 'users' ),
>   'add':    ( 'managers', RRQLExpression( 'S belong_to ST, U can_modify
> ST' ) ),
>   'delete': ( 'managers', RRQLExpression( 'S belong_to ST, U can_modify
> ST' ) )
> }
> 
> 

This is because of a "bug" (or at least a controversial feature) where
defining permissions on a RelationType forbids refining permissions
on RelationDefinitions.

Unfortunately, the comment cube does the following::

 class comments(RelationType):
     __permissions__ = {
         'read':   ('managers', 'users', 'guests'),
         'add':    ('managers', 'users',),
         'delete': ('managers', RRQLExpression('S owned_by U'),),
         }

Hence the yams exception.

I'm all for a definitive fix for this in yams.

Regards,
Aurélien.




More information about the Cubicweb mailing list