[PATCH saem] [security] Fix permissions for EAC relation entity types

Sylvain Thénault sylvain.thenault at logilab.fr
Tue Apr 25 15:05:29 CEST 2017



Le 21/04/2017 à 18:07, Denis Laxalde a écrit :
> Sylvain Thenault a écrit :
>> # HG changeset patch
>> # User Sylvain Thénault <sylvain.thenault at logilab.fr>
>> # Date 1492766455 -7200
>> #      Fri Apr 21 11:20:55 2017 +0200
>> # Node ID 36fac1f477381b6cebc2199b905b3a0c48caeb6e
>> # Parent  390a4f075ad402d3fc81dbb7e45f1634efa58e30
>> # Available At http://hg.logilab.org/review/cubes/saem_ref
>> #              hg pull http://hg.logilab.org/review/cubes/saem_ref -r
>> 36fac1f47738
>> [security] Fix permissions for EAC relation entity types
>>
>> They are not part of the compound graph, hence have default
>> permission where
>> only owner can update, which is not what we expect.
>>
>> Add more testing about this.
>>
>> Closes extranet #18336405
>>
>> diff --git a/cubicweb_saem_ref/migration/0.15.2_Any.py
>> b/cubicweb_saem_ref/migration/0.15.2_Any.py
>> new file mode 100644
>> --- /dev/null
>> +++ b/cubicweb_saem_ref/migration/0.15.2_Any.py
>> @@ -0,0 +1,2 @@
>> +for etype in ('ChronologicalRelation', 'HierarchicalRelation',
>> 'AssociationRelation'):
>> +    sync_schema_props_perms(etype)
>> diff --git a/cubicweb_saem_ref/schema.py b/cubicweb_saem_ref/schema.py
>> --- a/cubicweb_saem_ref/schema.py
>> +++ b/cubicweb_saem_ref/schema.py
>> @@ -102,10 +102,21 @@ eac.agent_kind.constraints = [
>>                    'EXISTS(OU authority_record S, OU is IN
>> (Organization, OrganizationUnit), '
>>                    '       O name "authority")',
>>                    msg=_('This record is used by a relation
>> forbidding to change its type')),
>>  ]
>>
>> +for etype_def, from_rdef, to_rdef in [
>> +        (eac.ChronologicalRelation, eac.chronological_predecessor,
>> eac.chronological_successor),
>> +        (eac.HierarchicalRelation, eac.hierarchical_parent,
>> eac.hierarchical_child),
>> +        (eac.AssociationRelation, eac.association_from,
>> eac.association_to)]:
>> +    etype_def.__permissions__ = {
>> +        'read': ('managers', 'users', 'guests'),
>> +        'add': ('managers', 'users'),
>> +        'update': ('managers', 'users'),
>> +        'delete': ('managers', 'users'),
>> +    }
>> +
>
> AFAICT from_rdef and to_rdef variables are not used.
>
right, will send a V2.

-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the saem-devel mailing list