[Cubicweb] Delicate permissions

Sylvain Thénault sylvain.thenault at logilab.fr
Wed Sep 19 09:43:56 CEST 2012

On 19 septembre 09:24, Stéphane Bugat wrote:
> Dear all,

> I want to modify the visibility of email and phone numbers so that the user can choose to hide them from everybody, or to make them readable only by people in contact with them (for the record I have defined a "in_contact_with" relationship between Persons).
> For that I've defined a new attribute "visiblity" (Boolean) in PhoneNumber and EmailAddress, and modified the permissions accordingly. For instance, for email::
>         'read': ('managers', 'owners',
>                 ERQLExpression('X visibility TRUE, P is_user U,'
>                                'P in_contact_with S, S use_email X', 'P'),
>                 ERQLExpression('NOT EXISTS(P is Person, P use_email X)'),),
>         'add': ('managers', 'users'),
>         'update': ('managers', 'owners'),
>         'delete': ('managers', 'owners'),
>     }
> However such perms do not work, and people in contact with the email user cannot see his email at all when visibility is set to True. What's wrong with the definition of these permissions?

At a first glance your expression looks fine. A few questions may help:

Isn't it only a permissions synchronization pb?
Is in_contact_with a symetric relation?
Why do you select 'P' as main variable in your first rql expr?

Sylvain Thénault, LOGILAB, Paris ( - Toulouse (
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org

More information about the Cubicweb mailing list