[PATCH 3 of 3 saem_ref] [security] Fix permissions of the new_version_of relation

Denis Laxalde denis.laxalde at logilab.fr
Tue Apr 11 08:56:42 CEST 2017


Sylvain Thenault a écrit :
> # HG changeset patch
> # User Sylvain Thénault <sylvain.thenault at logilab.fr>
> # Date 1491835322 -7200
> #      Mon Apr 10 16:42:02 2017 +0200
> # Node ID 1698394f6ad80892f7c8210b2458b1117c584101
> # Parent  d9321a717e44617f8c70f334591b25623d50c0d7
> [security] Fix permissions of the new_version_of relation
>
> unexpectedly overwritten by the seda graph traversal setting permissions.
> Adding it to GRAPH_SKIP_RTYPES will avoid this, but existing instance still have
> to be updated.
>
> Closes extranet #16387508
>
> diff --git a/cubicweb_saem_ref/migration/0.15.1_Any.py b/cubicweb_saem_ref/migration/0.15.1_Any.py
> --- a/cubicweb_saem_ref/migration/0.15.1_Any.py
> +++ b/cubicweb_saem_ref/migration/0.15.1_Any.py
> @@ -1,6 +1,6 @@
> -for ertype in ('generated', 'used', 'associated_with', 'place_address'):
> +for ertype in ('generated', 'used', 'associated_with', 'place_address', 'new_version_of'):
>      sync_schema_props_perms(ertype)
>
>
>  sql("DELETE FROM container_relation WHERE EXISTS("
>      "SELECT FROM entities WHERE eid_to=eid AND "
> diff --git a/cubicweb_saem_ref/site_cubicweb.py b/cubicweb_saem_ref/site_cubicweb.py
> --- a/cubicweb_saem_ref/site_cubicweb.py
> +++ b/cubicweb_saem_ref/site_cubicweb.py
> @@ -154,10 +154,11 @@ def get_store(cnx):
>
>  # configure seda compound graph to discard Activity and its relations, else it causes problem
>  # because it belongs to several graphs with different compound implementation (using "container"
>  # relation or not)
>  seda.GRAPH_SKIP_ETYPES.add('Activity')
> +seda.GRAPH_SKIP_RTYPES.add('new_version_of')

The comment above becomes inaccurate (or I don't see the relation).
(Besides, wrapping to 80 characters wouldn't hurt.)

>
>  ####################################################################################################
>  # temporary monkey-patches #########################################################################
>  ####################################################################################################
> diff --git a/test/test_security.py b/test/test_security.py
> --- a/test/test_security.py
> +++ b/test/test_security.py
> @@ -47,10 +47,14 @@ class NonManagerUserTC(CubicWebTC):
>          with self.new_access(self.login).cnx() as cnx:
>              profile = testutils.setup_profile(cnx)
>              cnx.commit()
>              profile.cw_set(user_annotation=u'meh')
>              cnx.commit()
> +            profile.cw_adapt_to('IWorkflowable').fire_transition('publish')
> +            cnx.commit()
> +            testutils.setup_profile(cnx, title=u'Clone', new_version_of=profile)
> +            cnx.commit()
>
>      def test_create_update_vocabulary(self):
>          with self.admin_access.cnx() as cnx:
>              admin_scheme = testutils.scheme_for_type(cnx, u'seda_keyword_type_to', None,
>                                                       u'type1')
>



More information about the saem-devel mailing list