[Cubicweb] Delicate permissions

St├ęphane Bugat stephane.bugat at free.fr
Wed Sep 19 09:24:15 CEST 2012


Dear all,

I want to modify the visibility of email and phone numbers so that the user can choose to hide them from everybody, or to make them readable only by people in contact with them (for the record I have defined a "in_contact_with" relationship between Persons).

For that I've defined a new attribute "visiblity" (Boolean) in PhoneNumber and EmailAddress, and modified the permissions accordingly. For instance, for email::

    VISIBLE_EMAIL_PERMS = {
        'read': ('managers', 'owners',
                ERQLExpression('X visibility TRUE, P is_user U,'
                               'P in_contact_with S, S use_email X', 'P'),
                ERQLExpression('NOT EXISTS(P is Person, P use_email X)'),),
        'add': ('managers', 'users'),
        'update': ('managers', 'owners'),
        'delete': ('managers', 'owners'),
    }

However such perms do not work, and people in contact with the email user cannot see his email at all when visibility is set to True. What's wrong with the definition of these permissions?

Thanks

Stephane



More information about the Cubicweb mailing list