Commit 869b69d3 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

[xml/rdf views] handle case where the user hasn't read access to a relation (closes #1984598)

The view shouldn't crash in such case.
Also refactor xmlrelateditem view and its call on the way.

--HG--
branch : stable
parent 71c70bf482cf
......@@ -722,12 +722,21 @@ class Entity(AppObject):
self.cw_attr_cache[name] = value = None
return value
def related(self, rtype, role='subject', limit=None, entities=False): # XXX .cw_related
def related(self, rtype, role='subject', limit=None, entities=False, # XXX .cw_related
safe=False):
"""returns a resultset of related entities
:param role: is the role played by 'self' in the relation ('subject' or 'object')
:param limit: resultset's maximum size
:param entities: if True, the entites are returned; if False, a result set is returned
:param rtype:
the name of the relation, aka relation type
:param role:
the role played by 'self' in the relation ('subject' or 'object')
:param limit:
resultset's maximum size
:param entities:
if True, the entites are returned; if False, a result set is returned
:param safe:
if True, an empty rset/list of entities will be returned in case of
:exc:`Unauthorized`, else (the default), the exception is propagated
"""
try:
return self._cw_relation_cache(rtype, role, entities, limit)
......@@ -738,7 +747,12 @@ class Entity(AppObject):
return []
return self._cw.empty_rset()
rql = self.cw_related_rql(rtype, role)
rset = self._cw.execute(rql, {'x': self.eid})
try:
rset = self._cw.execute(rql, {'x': self.eid})
except Unauthorized:
if not safe:
raise
rset = self._cw.empty_rset()
self.cw_set_relation_cache(rtype, role, rset)
return self.related(rtype, role, limit, entities)
......
......@@ -89,15 +89,17 @@ if rdflib is not None:
except xy.UnsupportedVocabulary:
pass
else:
for related in entity.related(rtype, role, entities=True):
if role == 'subject':
add( (cwuri, CW[rtype], URIRef(related.cwuri)) )
try:
for item in xy.xeq('%s %s' % (entity.e_schema.type, rtype)):
add( (cwuri, urijoin(item), URIRef(related.cwuri)) )
except xy.UnsupportedVocabulary:
pass
else:
add( (URIRef(related.cwuri), CW[rtype], cwuri) )
try:
for related in entity.related(rtype, role, entities=True, safe=True):
if role == 'subject':
add( (cwuri, CW[rtype], URIRef(related.cwuri)) )
try:
for item in xy.xeq('%s %s' % (entity.e_schema.type, rtype)):
add( (cwuri, urijoin(item), URIRef(related.cwuri)) )
except xy.UnsupportedVocabulary:
pass
else:
add( (URIRef(related.cwuri), CW[rtype], cwuri) )
except Unauthorized:
pass
......@@ -115,14 +115,14 @@ class XMLItemView(EntityView):
self.error('unexisting relation %r', relstr)
continue
self.w(u' <%s role="%s">\n' % (rtype, role))
for related in entity.related(rtype, role, entities=True):
related.view('xmlrelateditem', w=self.w)
self.wview('xmlrelateditem', entity.related(rtype, role, safe=True), 'null')
self.w(u' </%s>\n' % rtype)
self.w(u'</%s>\n' % (entity.e_schema))
class XMLRelatedItemView(EntityView):
__regid__ = 'xmlrelateditem'
add_div_section = False
def entity_call(self, entity):
# XXX put unique attributes as xml attribute, they are much probably
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment