[PATCH 3 of 3 saem_ref] [security] Fix permissions of the new_version_of relation

Sylvain Thenault sylvain.thenault at logilab.fr
Mon Apr 10 17:50:50 CEST 2017


# HG changeset patch
# User Sylvain Thénault <sylvain.thenault at logilab.fr>
# Date 1491835322 -7200
#      Mon Apr 10 16:42:02 2017 +0200
# Node ID 1698394f6ad80892f7c8210b2458b1117c584101
# Parent  d9321a717e44617f8c70f334591b25623d50c0d7
[security] Fix permissions of the new_version_of relation

unexpectedly overwritten by the seda graph traversal setting permissions.
Adding it to GRAPH_SKIP_RTYPES will avoid this, but existing instance still have
to be updated.

Closes extranet #16387508

diff --git a/cubicweb_saem_ref/migration/0.15.1_Any.py b/cubicweb_saem_ref/migration/0.15.1_Any.py
--- a/cubicweb_saem_ref/migration/0.15.1_Any.py
+++ b/cubicweb_saem_ref/migration/0.15.1_Any.py
@@ -1,6 +1,6 @@
-for ertype in ('generated', 'used', 'associated_with', 'place_address'):
+for ertype in ('generated', 'used', 'associated_with', 'place_address', 'new_version_of'):
     sync_schema_props_perms(ertype)
 
 
 sql("DELETE FROM container_relation WHERE EXISTS("
     "SELECT FROM entities WHERE eid_to=eid AND "
diff --git a/cubicweb_saem_ref/site_cubicweb.py b/cubicweb_saem_ref/site_cubicweb.py
--- a/cubicweb_saem_ref/site_cubicweb.py
+++ b/cubicweb_saem_ref/site_cubicweb.py
@@ -154,10 +154,11 @@ def get_store(cnx):
 
 # configure seda compound graph to discard Activity and its relations, else it causes problem
 # because it belongs to several graphs with different compound implementation (using "container"
 # relation or not)
 seda.GRAPH_SKIP_ETYPES.add('Activity')
+seda.GRAPH_SKIP_RTYPES.add('new_version_of')
 
 
 ####################################################################################################
 # temporary monkey-patches #########################################################################
 ####################################################################################################
diff --git a/test/test_security.py b/test/test_security.py
--- a/test/test_security.py
+++ b/test/test_security.py
@@ -47,10 +47,14 @@ class NonManagerUserTC(CubicWebTC):
         with self.new_access(self.login).cnx() as cnx:
             profile = testutils.setup_profile(cnx)
             cnx.commit()
             profile.cw_set(user_annotation=u'meh')
             cnx.commit()
+            profile.cw_adapt_to('IWorkflowable').fire_transition('publish')
+            cnx.commit()
+            testutils.setup_profile(cnx, title=u'Clone', new_version_of=profile)
+            cnx.commit()
 
     def test_create_update_vocabulary(self):
         with self.admin_access.cnx() as cnx:
             admin_scheme = testutils.scheme_for_type(cnx, u'seda_keyword_type_to', None,
                                                      u'type1')


More information about the saem-devel mailing list