{ "info": { "author": "LOGILAB S.A. (Paris, FRANCE)", "author_email": "contact@logilab.fr", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Framework :: CubicWeb", "Programming Language :: Python" ], "description": "Summary\n-------\n\nThis cube allows definition of local permissions using a generic\n`CWPermission` entity type which you should use in your schema\ndefinition.\n\nA `CWPermission` entity type:\n\n* has a name and a label\n\n* means groups linked to it through the 'require_group' relation have\n the permission on entities linked through the\n 'require_permission' object relation.\n\nTo speed-up things, a 'has_group_permission' relation is automatically\nmaintained, so 'P require_group G, U in_group G' is equivalent to 'U\nhas_group_permission P'.\n\nClient cubes should explicitly add 'X granted_permission CWPermission'\nand 'X require_permission CWPermission' for each type that should have\nlocal permission, the first one being explicitly granted and the other\nautomatically propagated. Hence possible subjects of\n`granted_permission` should be a subset of `require_permission`\npossible subjects.\n\nYou should then use `require_permission` in your schema security\ndefinition, since this is the one which is automatically propagated.\n\nExample of configuration\n------------------------\n\n.. sourcecode:: python\n\n class granted_permission(RelationDefinition):\n subject = 'Project'\n object = 'CWPermission'\n\n class require_permission(RelationDefinition):\n subject = ('Project', 'Version')\n object = 'CWPermission'\n\n class Project(EntityType):\n \"\"\"a project, only visible to managers and users having the 'view' local permission\n \"\"\"\n __permissions__ = {\n 'read': ('managers', ERQLExpression('X require_permission P, P name \"view\", '\n 'U has_group_permission P'),),\n 'update': ('managers', 'owners',),\n 'delete': ('managers', ),\n 'add': ('managers', 'users',),)\n }\n\n class Version(EntityType):\n \"\"\"a version defines the content of a particular project's release\"\"\"\n __permissions__ = {\n 'read': ('managers', ERQLExpression('X require_permission P, P name \"view\", '\n 'U has_group_permission P'),),\n 'update': ('managers', 'owners',),\n 'delete': ('managers', ),\n 'add': ('managers', 'users',),)\n }\n\n class version_of(RelationDefinition):\n \"\"\"link a version to its project. A version is necessarily linked to one and\n only one project.\n \"\"\"\n __permissions__ = {\n 'read': ('managers', 'users',),\n 'delete': ('managers', ),\n 'add': ('managers', RRQLExpression('O require_permission P, P name \"manage\",'\n 'U has_group_permission P'),)\n }\n subject = 'Version'\n object = 'Project'\n cardinality = '1*'\n\n\nThis configuration indicates that we've two distinct permissions\n(forthcoming `CWPermission` entities):\n\n* one named 'view', which allows some users to view a particular\n project and its versions\n\n* another named \"manage\" which provides rights to create new versions\n on a project\n\n.. Note::\n\n Notice that we granted 'add' permission of `Version` to the 'users'\n group. The idea is that it's hard for the web ui to get 'add'\n permission until the entity doesn't exist yet. So we let the\n 'version_of' relation carry the security (easier to check, since we\n usually know the project on which we may want to add a version). And\n as we know that this relation is mandatory for `Version`, we also\n ensure users can only add versions on project where they have the\n \"manage\" permission.\n\n Also, we let the 'read' permission on 'version_of' not only because\n rql expression aren't supported there, but because in this case\n we know one won't be able to see a relation between two entities he\n can't see...\n\n\nNow the idea is that managers will grant permission on projects, and\nthose will then be propagated as configured. You will want to use sets in\n`cubicweb_localperms.hooks` to configure how permissions should be\npropagated when desired. In our example, put in your cube's `hooks.py`\nsomething like:\n\n.. sourcecode:: python\n\n from cubicweb_localperms import hooks\n # relations where the \"main\" entity is the object. We could also\n # have modified hooks.S_RELS for relations where the \"main\" entity\n # is the subject\n hooks.O_RELS.add('version_of')\n\n\nThe permission given to a project will be automatically added/removed as\nversion are created / deleted.\n\n\nLast but not least, when defining the entity class for `Project`,\ndefines `__permissions__` as below:\n\n.. sourcecode:: python\n\n class Project(AnyEntity):\n __permissions__ = ('view', 'manage',)\n\nSo that when going on the 'security' view for a project (in 'more\nactions' sub-menu by default), you should be proposed an interface to\nconfigurate local permissions with a combo-box prefilled with proper\npermission names instead of a free text input, which greatly reduces the\nrisk of error.\n\nAlso, you'll find in `cubicweb_localperms` some functions to ease building\nof rql expression in your schema definition. Those written in above example\ncould be written as below using those functions:\n\n\n.. sourcecode:: python\n\n from cubicweb_localperms import xexpr, oexpr\n\n class Project(EntityType):\n __permissions__ = {'read': ('managers', xexpr('view'),),\n 'update': ('managers', 'owners',),\n 'delete': ('managers', ),\n 'add': ('managers', 'users',),)\n }\n\n class Version(EntityType):\n __permissions__ = {'read': ('managers', xexpr('view'),),\n 'update': ('managers', 'owners',),\n 'delete': ('managers', ),\n 'add': ('managers', 'users',),)\n }\n\n class version_of(RelationDefinition):\n __permissions__ = {'read': ('managers', 'users',),\n 'update': ('managers', 'owners',),\n 'delete': ('managers', ),\n 'add': ('managers', oexpr('manage'),)\n }", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://www.cubicweb.org/project/cubicweb-localperms", "keywords": "", "license": "LGPL", "maintainer": "", "maintainer_email": "", "name": "cubicweb-localperms", "package_url": "https://pypi.org/project/cubicweb-localperms/", "platform": "", "project_url": "https://pypi.org/project/cubicweb-localperms/", "project_urls": { "Homepage": "http://www.cubicweb.org/project/cubicweb-localperms" }, "release_url": "https://pypi.org/project/cubicweb-localperms/0.4.0/", "requires_dist": null, "requires_python": "", "summary": "allow definition of local permissions", "version": "0.4.0" }, "last_serial": 4935231, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "4d06d918bb35c9c001a5d7189f50287c", "sha256": "78af36ce0ba8882de2ef58202d488f91ee71da7d7fca6bc0de38369b1c3812c9" }, "downloads": -1, "filename": "cubicweb-localperms-0.1.0.tar.gz", "has_sig": false, "md5_digest": "4d06d918bb35c9c001a5d7189f50287c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 12636, "upload_time": "2011-11-09T19:06:47", "url": "https://files.pythonhosted.org/packages/68/f0/d3bb01522f11c0571602042532a13024705380caea3cf2cc0a9e2eb51b9f/cubicweb-localperms-0.1.0.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "26f93c1133ff85aa3479cf695b123602", "sha256": "4abfdd07de83d4de0faef85f1292ea71d718c1d8a0e2e502d789a50ec1a63d4a" }, "downloads": -1, "filename": "cubicweb-localperms-0.2.0.tar.gz", "has_sig": false, "md5_digest": "26f93c1133ff85aa3479cf695b123602", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14958, "upload_time": "2017-09-08T14:14:31", "url": "https://files.pythonhosted.org/packages/b4/05/942ae6a47016868d7d1d5e2fe77c70535261b296545fd6e2aaade80a33b2/cubicweb-localperms-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "8ef37be0af5dbef5d6df32291d0bd229", "sha256": "24541113fe255526a082b6e412e9147c7d6c789045ffe51c81e4a37e06c67e93" }, "downloads": -1, "filename": "cubicweb-localperms-0.3.0.tar.gz", "has_sig": false, "md5_digest": "8ef37be0af5dbef5d6df32291d0bd229", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14387, "upload_time": "2014-07-02T16:17:13", "url": "https://files.pythonhosted.org/packages/3c/82/94f0ba08540eee1c50a91c5ecb94c73b0494dedae1ca779d04b236a718b4/cubicweb-localperms-0.3.0.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "694a53167a7d4e09ea32d1fcc78efde8", "sha256": "a2067b11b17b1dc546436b68400a394b0d02e0aa42f6c5749019dabca57ac0a7" }, "downloads": -1, "filename": "cubicweb-localperms-0.3.1.tar.gz", "has_sig": false, "md5_digest": "694a53167a7d4e09ea32d1fcc78efde8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14571, "upload_time": "2015-07-08T14:29:29", "url": "https://files.pythonhosted.org/packages/82/0d/8db9d290b0fb8bb08d0ca40a15f1895415b1815dfaa8dd710c12582f5682/cubicweb-localperms-0.3.1.tar.gz" } ], "0.3.2": [ { "comment_text": "", "digests": { "md5": "8fcb345d0b44b4a9e783c3a26514c962", "sha256": "d8dfbe1fc2993d69db69fa7be12a5043aeff732c9c8e685a7489d9cbccc2f47f" }, "downloads": -1, "filename": "cubicweb-localperms-0.3.2.tar.gz", "has_sig": false, "md5_digest": "8fcb345d0b44b4a9e783c3a26514c962", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14712, "upload_time": "2016-02-25T16:17:27", "url": "https://files.pythonhosted.org/packages/e7/21/3223f3755b695ea68ea3247219f450561c9b0544488487e06da539a939ce/cubicweb-localperms-0.3.2.tar.gz" } ], "0.4.0": [ { "comment_text": "", "digests": { "md5": "cc24624756ae46b490ae8652f86c6caa", "sha256": "32d07ec0069a417d7600e84a5f905e33fa6d81ecc6e0a4ea6c97cdbe5d0fa66d" }, "downloads": -1, "filename": "cubicweb-localperms-0.4.0.tar.gz", "has_sig": false, "md5_digest": "cc24624756ae46b490ae8652f86c6caa", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 33020, "upload_time": "2019-03-13T15:52:48", "url": "https://files.pythonhosted.org/packages/b8/44/b07eef10fa5db349f11b9e57dbac317fb4b5f576ac652b7296acaa896643/cubicweb-localperms-0.4.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "cc24624756ae46b490ae8652f86c6caa", "sha256": "32d07ec0069a417d7600e84a5f905e33fa6d81ecc6e0a4ea6c97cdbe5d0fa66d" }, "downloads": -1, "filename": "cubicweb-localperms-0.4.0.tar.gz", "has_sig": false, "md5_digest": "cc24624756ae46b490ae8652f86c6caa", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 33020, "upload_time": "2019-03-13T15:52:48", "url": "https://files.pythonhosted.org/packages/b8/44/b07eef10fa5db349f11b9e57dbac317fb4b5f576ac652b7296acaa896643/cubicweb-localperms-0.4.0.tar.gz" } ] }