Commit 96146eb1 authored by Sylvain Thénault's avatar Sylvain Thénault
Browse files

proper attribute permissions: should now use 'update' instead of 'add'/'delete'

parent e82608b4e792
ChangeLog for yams
------------------
--
* proper attribute permissions: should now use 'update' instead of 'add'/'delete'
2010-02-10 -- 0.27.0
* symetric respelled to symmetric
......
......@@ -94,10 +94,14 @@ def register_base_types(schema):
schema.add_entity_type(edef)
# XXX use a "frozendict"
_default_relperms = {'read': ('managers', 'users', 'guests',),
_DEFAULT_RELPERMS = {'read': ('managers', 'users', 'guests',),
'delete': ('managers', 'users'),
'add': ('managers', 'users',)}
_DEFAULT_ATTRPERMS = {'read': ('managers', 'users', 'guests',),
'update': ('managers', 'owners'),
}
class Relation(object):
"""Abstract class which have to be defined before the metadefinition
meta-class.
......@@ -137,9 +141,11 @@ class Definition(object):
raise NotImplementedError()
@iclassmethod
def get_permissions(cls):
def get_permissions(cls, final=False):
if cls.__permissions__ is MARKER:
return _default_relperms
if final:
return _DEFAULT_ATTRPERMS
return _DEFAULT_RELPERMS
return cls.__permissions__
@classmethod
......@@ -500,7 +506,8 @@ class RelationDefinition(Definition):
if self.subject == '**' or self.object == '**':
warn('[yams 0.25] ** is deprecated, use * (%s)' % rtype, DeprecationWarning)
if self.__permissions__ is MARKER:
permissions = rtype.get_permissions()
final = iter(_actual_types(schema, self.object)).next() in BASE_TYPES
permissions = rtype.get_permissions(final)
else:
permissions = self.__permissions__
for subj in _actual_types(schema, self.subject):
......
......@@ -27,8 +27,15 @@ def check_permission_definitions(schema):
"""check permissions are correctly defined"""
# already initialized, check everything is fine
for action, groups in schema.permissions.items():
assert action in schema.ACTIONS, \
'unknown action %s for %s' % (action, schema)
# bw compat
if action in ('add', 'delete') and isinstance(schema, RelationDefinitionSchema) and schema.final:
warnings.warn('[yams 0.28] %s: "delete"/"add" permissions on attribute '
'have been replaced by "update"' % schema,
DeprecationWarning)
schema.permissions['update'] = schema.permissions['add']
else:
assert action in schema.ACTIONS, \
'unknown action %s for %s' % (action, schema)
assert isinstance(groups, tuple), \
('permission for action %s of %s isn\'t a tuple as '
'expected' % (action, schema))
......@@ -771,7 +778,7 @@ class RelationSchema(ERSchema):
for prop, default in rdef.rproperties().iteritems():
rdefval = getattr(buildrdef, prop, MARKER)
if rdefval is MARKER and prop == 'permissions':
rdefval = buildrdef.get_permissions().copy()
rdefval = buildrdef.get_permissions(self.final).copy()
if rdefval is MARKER:
if prop == 'cardinality':
default = (object in BASE_TYPES) and '?1' or '**'
......@@ -880,7 +887,7 @@ class RelationDefinitionSchema(PermissionMixIn):
<subject type> <relation type> <object type>
"""
ACTIONS = ('read', 'add', 'delete')
_RPROPERTIES = {'cardinality': None,
'constraints': (),
'order': 9999,
......@@ -902,6 +909,13 @@ class RelationDefinitionSchema(PermissionMixIn):
self.rtype = rtype
self.object = object
@property
def ACTIONS(self):
if self.rtype.final:
return ('read', 'update')
else:
return ('read', 'add', 'delete')
def update(self, values):
# XXX check we're copying existent properties
self.__dict__.update(values)
......
......@@ -22,15 +22,19 @@ class Person(EntityType):
adel = String(maxsize=128)
ass = String(maxsize=128)
web = String(maxsize=128)
tel = Int()
tel = Int(__permissions__={'read': (),
'add': ('managers',),
'update': ('managers',)})
fax = Int()
datenaiss = Date()
test = Boolean()
salary = Float()
travaille = SubjectRelation('Societe',
__permissions__={'delete': ('managers',),
'read': (), 'add': ()})
__permissions__={'read': (),
'add': (),
'delete': ('managers',),
})
evaluee = SubjectRelation('Note')
......
......@@ -210,41 +210,6 @@ class SchemaLoaderTC(TestCase):
self.assertEquals(rschema.inlined, True)
def test_relation_permissions(self):
rschema = schema.rschema('state_of')
self.assertEquals(rschema.rdef('State', 'Eetype').permissions,
{'read': ('managers', 'users', 'guests'),
'delete': ('managers',),
'add': ('managers',)})
rschema = schema.rschema('next_state')
self.assertEquals(rschema.rdef('State', 'State').permissions,
{'read': ('managers', 'users', 'guests',),
'add': ('managers',),
'delete': ('managers',)})
rschema = schema.rschema('initial_state')
self.assertEquals(rschema.rdef('Eetype', 'State').permissions,
{'read': ('managers', 'users', 'guests',),
'add': ('managers', 'users',),
'delete': ('managers', 'users',)})
rschema = schema.rschema('nom')
self.assertEquals(rschema.rdef('Person', 'String').permissions,
{'read': ('managers', 'users', 'guests'),
'add': ('managers', 'users'),
'delete': ('managers', 'users')})
self.assertEquals(rschema.rdef('Societe', 'String').permissions,
{'read': ('managers', 'users', 'guests'),
'add': ('managers', 'users'),
'delete': ('managers', 'users')})
rschema = schema.rschema('require_permission')
self.assertEquals(rschema.rdef('Company', 'EPermission').permissions,
{'read': ('managers', 'users', 'guests'),
'add': ('managers', ),
'delete': ('managers',)})
def test_relation_definition_permissions(self):
rschema = schema.rschema('evaluee')
self.assertEquals(rschema.rdef('Person', 'Note').permissions,
{'read': ('managers',),
......@@ -260,11 +225,21 @@ class SchemaLoaderTC(TestCase):
'delete': ('managers',),
'add': ('managers',)})
self.assertEquals(rschema.rdef('Affaire', 'Societe').permissions,
buildobjs._default_relperms)
buildobjs._DEFAULT_RELPERMS)
rschema = schema.rschema('travaille')
self.assertEquals(rschema.rdef('Person', 'Societe').permissions,
{'read': (), 'add': (), 'delete': ('managers',)})
def test_attributes_permissions(self):
rschema = schema.rschema('name')
self.assertEquals(rschema.rdef('Company', 'String').permissions,
buildobjs._DEFAULT_ATTRPERMS)
rschema = schema.rschema('tel')
self.assertEquals(rschema.rdef('Person', 'Int').permissions,
{'read': (),
'add': ('managers',),
'update': ('managers',)})
def test_entity_permissions(self):
eschema = schema.eschema('State')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment