Building my photos web site with CubicWeb part II: security, testing and migration (CubicWeb's Forge) RSS Feed http://www.cubicweb.org/blogentry/867464 http://www.cubicweb.org/blogentry/867464 Building my photos web site with CubicWeb part II: security, testing and migration http://www.cubicweb.org/blogentry/867464 <p>This post will cover various topics:</p> <ul class="simple"> <li>configuring security</li> <li>migrating an existing instance</li> <li>writing some unit tests</li> </ul> <div class="section" id="goal"> <h3><a>Goal</a></h3> <p>Here are the read permissions I want:</p> <ul class="simple"> <li>folders, files, images and comments should have one of the following visibility rules:<ul> <li>'public', everyone can see it</li> <li>'authenticated', only authenticated users can see it</li> <li>'restricted', only a subset of authenticated users can see it</li> </ul> </li> <li>managers (e.g. me) can see everything</li> <li>only authenticated users can see people</li> <li>everyone can see classifier entities (tag and zone)</li> </ul> <p>Also, unless explicity specified, the visibility of an image should be the same as the visibility of its parent folder and the visibility of a comment should be the same as the one of the commented entity. If there is no parent entity, the default visibility is 'authenticated'.</p> <p>Regarding write permissions, that's much easier:</p> <ul class="simple"> <li>the anonymous user can't write</li> <li>authenticated users can only add comment</li> <li>managers will add the remaining stuff</li> </ul> <p>Now, let's implement that!</p> <p>Proper security in CubicWeb is done at the schema level, so you don't have to bother with it in the views, for the users will only see what they have access to.</p> </div> <div class="section" id="step-1-adding-permissions-to-the-schema"> <h3><a>Step 1: adding permissions to the schema</a></h3> <p>In the schema, you can grant access according to groups or RQL expressions (users get access if the expression return some results). To implements the read security defined above, groups are not enough, we'll need to use RQL expressions. Here is the idea:</p> <ul class="simple"> <li>add a <cite>visibility</cite> attribute on folder, image and comment, with a vocabulary ('public', 'authenticated', 'restricted', 'parent')</li> <li>add a <cite>may_be_read_by</cite> relation that links folder, image or comment to users,</li> <li>add hooks to propagate permission changes.</li> </ul> <p>So the first thing to do is to modify the schema.py of my cube to define these relations:</p> <div class="highlight"><pre><span class="kn">from</span> <span class="nn">yams.constraints</span> <span class="kn">import</span> <span class="n">StaticVocabularyConstraint</span> <span class="k">class</span> <span class="nc">visibility</span><span class="p">(</span><span class="n">RelationDefinition</span><span class="p">):</span> <span class="n">subject</span> <span class="o">=</span> <span class="p">(</span><span class="s">&#39;Folder&#39;</span><span class="p">,</span> <span class="s">&#39;File&#39;</span><span class="p">,</span> <span class="s">&#39;Image&#39;</span><span class="p">,</span> <span class="s">&#39;Comment&#39;</span><span class="p">)</span> <span class="nb">object</span> <span class="o">=</span> <span class="s">&#39;String&#39;</span> <span class="n">constraints</span> <span class="o">=</span> <span class="p">[</span><span class="n">StaticVocabularyConstraint</span><span class="p">((</span><span class="s">&#39;public&#39;</span><span class="p">,</span> <span class="s">&#39;authenticated&#39;</span><span class="p">,</span> <span class="s">&#39;restricted&#39;</span><span class="p">,</span> <span class="s">&#39;parent&#39;</span><span class="p">))]</span> <span class="n">default</span> <span class="o">=</span> <span class="s">&#39;parent&#39;</span> <span class="n">cardinality</span> <span class="o">=</span> <span class="s">&#39;11&#39;</span> <span class="c"># required</span> <span class="k">class</span> <span class="nc">may_be_read_by</span><span class="p">(</span><span class="n">RelationDefinition</span><span class="p">):</span> <span class="n">subject</span> <span class="o">=</span> <span class="p">(</span><span class="s">&#39;Folder&#39;</span><span class="p">,</span> <span class="s">&#39;File&#39;</span><span class="p">,</span> <span class="s">&#39;Image&#39;</span><span class="p">,</span> <span class="s">&#39;Comment&#39;</span><span class="p">,)</span> <span class="nb">object</span> <span class="o">=</span> <span class="s">&#39;CWUser&#39;</span> </pre></div> <p>We can note the following points:</p> <ul class="simple"> <li>we've added a new <cite>visibility</cite> attribute to folder, file, image and comment using a <cite>RelationDefinition</cite></li> <li><cite>cardinality = '11'</cite> means this attribute is required. This is usually hidden under the <cite>required</cite> argument given to the <cite>String</cite> constructor, but we can rely on this here (same thing for <cite>StaticVocabularyConstraint</cite>, which is usually hidden by the <cite>vocabulary</cite> argument)</li> <li>the 'parent' possible value will be used for visibility propagation</li> </ul> <p>Now, we should be able to define security rules in the schema, based on these new attribute and relation. Here is the code to add to <strong>schema.py</strong>:</p> <div class="highlight"><pre><span class="kn">from</span> <span class="nn">cubicweb.schema</span> <span class="kn">import</span> <span class="n">ERQLExpression</span> <span class="n">VISIBILITY_PERMISSIONS</span> <span class="o">=</span> <span class="p">{</span> <span class="s">&#39;read&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="n">ERQLExpression</span><span class="p">(</span><span class="s">&#39;X visibility &quot;public&quot;&#39;</span><span class="p">),</span> <span class="n">ERQLExpression</span><span class="p">(</span><span class="s">&#39;X visibility &quot;authenticated&quot;, U in_group G, G name &quot;users&quot;&#39;</span><span class="p">),</span> <span class="n">ERQLExpression</span><span class="p">(</span><span class="s">&#39;X may_be_read_by U&#39;</span><span class="p">)),</span> <span class="s">&#39;add&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,),</span> <span class="s">&#39;update&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">,),</span> <span class="s">&#39;delete&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">),</span> <span class="p">}</span> <span class="n">AUTH_ONLY_PERMISSIONS</span> <span class="o">=</span> <span class="p">{</span> <span class="s">&#39;read&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;users&#39;</span><span class="p">),</span> <span class="s">&#39;add&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,),</span> <span class="s">&#39;update&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">,),</span> <span class="s">&#39;delete&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">),</span> <span class="p">}</span> <span class="n">CLASSIFIERS_PERMISSIONS</span> <span class="o">=</span> <span class="p">{</span> <span class="s">&#39;read&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;users&#39;</span><span class="p">,</span> <span class="s">&#39;guests&#39;</span><span class="p">),</span> <span class="s">&#39;add&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,),</span> <span class="s">&#39;update&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">,),</span> <span class="s">&#39;delete&#39;</span><span class="p">:</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;owners&#39;</span><span class="p">),</span> <span class="p">}</span> <span class="kn">from</span> <span class="nn">cubes.folder.schema</span> <span class="kn">import</span> <span class="n">Folder</span> <span class="kn">from</span> <span class="nn">cubes.file.schema</span> <span class="kn">import</span> <span class="n">File</span><span class="p">,</span> <span class="n">Image</span> <span class="kn">from</span> <span class="nn">cubes.comment.schema</span> <span class="kn">import</span> <span class="n">Comment</span> <span class="kn">from</span> <span class="nn">cubes.person.schema</span> <span class="kn">import</span> <span class="n">Person</span> <span class="kn">from</span> <span class="nn">cubes.zone.schema</span> <span class="kn">import</span> <span class="n">Zone</span> <span class="kn">from</span> <span class="nn">cubes.tag.schema</span> <span class="kn">import</span> <span class="n">Tag</span> <span class="n">Folder</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">VISIBILITY_PERMISSIONS</span> <span class="n">File</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">VISIBILITY_PERMISSIONS</span> <span class="n">Image</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">VISIBILITY_PERMISSIONS</span> <span class="n">Comment</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">VISIBILITY_PERMISSIONS</span><span class="o">.</span><span class="n">copy</span><span class="p">()</span> <span class="n">Comment</span><span class="o">.</span><span class="n">__permissions__</span><span class="p">[</span><span class="s">&#39;add&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="p">(</span><span class="s">&#39;managers&#39;</span><span class="p">,</span> <span class="s">&#39;users&#39;</span><span class="p">,)</span> <span class="n">Person</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">AUTH_ONLY_PERMISSIONS</span> <span class="n">Zone</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">CLASSIFIERS_PERMISSIONS</span> <span class="n">Tag</span><span class="o">.</span><span class="n">__permissions__</span> <span class="o">=</span> <span class="n">CLASSIFIERS_PERMISSIONS</span> </pre></div> <p>What's important in there:</p> <ul class="simple"> <li><cite>VISIBILITY_PERMISSIONS</cite> provides read access to an entity:<ul> <li>if user is in the 'managers' group,</li> <li>or if <cite>visibility</cite> attribute's value is 'public',</li> <li>or if <cite>visibility</cite> attribute's value is 'authenticated' and user (designed by the 'U' variable in the expression) is in the 'users' group (all authenticated users are expected to be in this group)</li> <li>or if user is linked to the entity (the 'X' variable) through the <cite>may_be_read_by</cite> permission</li> </ul> </li> <li>we modify permissions of the entity types we use by importing them and modifying their <cite>__permissions__</cite> attribute</li> <li>notice the <cite>.copy()</cite>: we only want to modify 'add' permission for <cite>Comment</cite>, not for all entity types using <cite>VISIBILITY_PERMISSIONS</cite>!</li> <li>remaning parts of the security model is done using regular groups:<ul> <li>'users' is the group to which all authenticated users will belong</li> <li>'guests' is the group of anonymous users</li> </ul> </li> </ul> </div> <div class="section" id="step-2-security-propagation-in-hooks"> <h3><a>Step 2: security propagation in hooks</a></h3> <p>To fullfill our requirements, we have to implement:</p> <pre class="literal-block"> Also, unless explicity specified, the visibility of an image should be the same as the visibility of its parent folder and the visibility of a comment should be the same as the one of the commented entity. If there is no parent entity, the default visibility is 'authenticated'. </pre> <p>This kind of 'active' rule will be done using CubicWeb's hook system. Hooks are triggered on database event such as addition of new entity or relation.</p> <p>The tricky part of the requirement is in <strong>unless explicitly specified</strong>, notably because when the entity addition hook is executed, we don't know yet its 'parent' entity (eg folder of an image, image commented by a comment). To handle such things, CubicWeb provides <cite>Operation</cite>, which allow to schedule things to do <em>at commit time</em>.</p> <p>In our case we will:</p> <ul class="simple"> <li>on entity creation, schedule an operation that will set default visibility</li> <li>when a &quot;parent&quot; relation is added, propagate parent's visibility unless the child already has a visibility set</li> </ul> <p>Here is the code in cube's <strong>hooks.py</strong>:</p> <div class="highlight"><pre><span class="kn">from</span> <span class="nn">cubicweb.selectors</span> <span class="kn">import</span> <span class="n">implements</span> <span class="kn">from</span> <span class="nn">cubicweb.server</span> <span class="kn">import</span> <span class="n">hook</span> <span class="k">class</span> <span class="nc">SetVisibilityOp</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">Operation</span><span class="p">):</span> <span class="k">def</span> <span class="nf">precommit_event</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="k">for</span> <span class="n">eid</span> <span class="ow">in</span> <span class="bp">self</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">transaction_data</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s">&#39;pending_visibility&#39;</span><span class="p">):</span> <span class="n">entity</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">entity_from_eid</span><span class="p">(</span><span class="n">eid</span><span class="p">)</span> <span class="k">if</span> <span class="n">entity</span><span class="o">.</span><span class="n">visibility</span> <span class="o">==</span> <span class="s">&#39;parent&#39;</span><span class="p">:</span> <span class="n">entity</span><span class="o">.</span><span class="n">set_attributes</span><span class="p">(</span><span class="n">visibility</span><span class="o">=</span><span class="s">u&#39;authenticated&#39;</span><span class="p">)</span> <span class="k">class</span> <span class="nc">SetVisibilityHook</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">Hook</span><span class="p">):</span> <span class="n">__regid__</span> <span class="o">=</span> <span class="s">&#39;sytweb.setvisibility&#39;</span> <span class="n">__select__</span> <span class="o">=</span> <span class="n">hook</span><span class="o">.</span><span class="n">Hook</span><span class="o">.</span><span class="n">__select__</span> <span class="o">&amp;</span> <span class="n">implements</span><span class="p">(</span><span class="s">&#39;Folder&#39;</span><span class="p">,</span> <span class="s">&#39;File&#39;</span><span class="p">,</span> <span class="s">&#39;Image&#39;</span><span class="p">,</span> <span class="s">&#39;Comment&#39;</span><span class="p">)</span> <span class="n">events</span> <span class="o">=</span> <span class="p">(</span><span class="s">&#39;after_add_entity&#39;</span><span class="p">,)</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="n">hook</span><span class="o">.</span><span class="n">set_operation</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_cw</span><span class="p">,</span> <span class="s">&#39;pending_visibility&#39;</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">entity</span><span class="o">.</span><span class="n">eid</span><span class="p">,</span> <span class="n">SetVisibilityOp</span><span class="p">)</span> <span class="k">class</span> <span class="nc">SetParentVisibilityHook</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">Hook</span><span class="p">):</span> <span class="n">__regid__</span> <span class="o">=</span> <span class="s">&#39;sytweb.setparentvisibility&#39;</span> <span class="n">__select__</span> <span class="o">=</span> <span class="n">hook</span><span class="o">.</span><span class="n">Hook</span><span class="o">.</span><span class="n">__select__</span> <span class="o">&amp;</span> <span class="n">hook</span><span class="o">.</span><span class="n">match_rtype</span><span class="p">(</span><span class="s">&#39;filed_under&#39;</span><span class="p">,</span> <span class="s">&#39;comments&#39;</span><span class="p">)</span> <span class="n">events</span> <span class="o">=</span> <span class="p">(</span><span class="s">&#39;after_add_relation&#39;</span><span class="p">,)</span> <span class="k">def</span> <span class="nf">__call__</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="n">parent</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_cw</span><span class="o">.</span><span class="n">entity_from_eid</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">eidto</span><span class="p">)</span> <span class="n">child</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_cw</span><span class="o">.</span><span class="n">entity_from_eid</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">eidfrom</span><span class="p">)</span> <span class="k">if</span> <span class="n">child</span><span class="o">.</span><span class="n">visibility</span> <span class="o">==</span> <span class="s">&#39;parent&#39;</span><span class="p">:</span> <span class="n">child</span><span class="o">.</span><span class="n">set_attributes</span><span class="p">(</span><span class="n">visibility</span><span class="o">=</span><span class="n">parent</span><span class="o">.</span><span class="n">visibility</span><span class="p">)</span> </pre></div> <p>Remarks:</p> <ul class="simple"> <li>hooks are application objects, hence have selectors that should match entity or relation type to which the hook applies. To match relation type, we use the hook specific <cite>match_rtype</cite> selector.</li> <li>usage of <cite>set_operation</cite>: instead of adding an operation for each added entity, set_operation allows to create a single one and to store the eids of the entities to be processed in the session transaction data. This is a good pratice to avoid heavy operations manipulation cost when creating a lot of entities in the same transaction.</li> <li>the <cite>precommit_event</cite> method of the operation will be called at transaction's commit time.</li> <li>in a hook, <cite>self._cw</cite> is the repository session, not a web request as usually in views</li> <li>according to hook's event, you have access to different member on the hook instance. Here:<ul> <li><cite>self.entity</cite> is the newly added entity on 'after_add_entity' events</li> <li><cite>self.eidfrom</cite> / <cite>self.eidto</cite> are the eid of the subject / object entity on 'after_add_relation' events (you may also get the relation type using <cite>self.rtype</cite>)</li> </ul> </li> </ul> <p>The 'parent' visibility value is used to tell &quot;propagate using parent security&quot; because we want that attribute to be required, so we can't use None value else we'll get an error before we get any chance to propagate...</p> <p>Now, we also want to propagate the <cite>may_be_read_by</cite> relation. Fortunately, CubicWeb provides some base hook classes for such things, so we only have to add the following code to <strong>hooks.py</strong>:</p> <div class="highlight"><pre><span class="c"># relations where the &quot;parent&quot; entity is the subject</span> <span class="n">S_RELS</span> <span class="o">=</span> <span class="nb">set</span><span class="p">()</span> <span class="c"># relations where the &quot;parent&quot; entity is the object</span> <span class="n">O_RELS</span> <span class="o">=</span> <span class="nb">set</span><span class="p">((</span><span class="s">&#39;filed_under&#39;</span><span class="p">,</span> <span class="s">&#39;comments&#39;</span><span class="p">,))</span> <span class="k">class</span> <span class="nc">AddEntitySecurityPropagationHook</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationHook</span><span class="p">):</span> <span class="sd">&quot;&quot;&quot;propagate permissions when new entity are added&quot;&quot;&quot;</span> <span class="n">__regid__</span> <span class="o">=</span> <span class="s">&#39;sytweb.addentity_security_propagation&#39;</span> <span class="n">__select__</span> <span class="o">=</span> <span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationHook</span><span class="o">.</span><span class="n">__select__</span> <span class="o">&amp;</span> <span class="n">hook</span><span class="o">.</span><span class="n">match_rtype_sets</span><span class="p">(</span><span class="n">S_RELS</span><span class="p">,</span> <span class="n">O_RELS</span><span class="p">))</span> <span class="n">main_rtype</span> <span class="o">=</span> <span class="s">&#39;may_be_read_by&#39;</span> <span class="n">subject_relations</span> <span class="o">=</span> <span class="n">S_RELS</span> <span class="n">object_relations</span> <span class="o">=</span> <span class="n">O_RELS</span> <span class="k">class</span> <span class="nc">AddPermissionSecurityPropagationHook</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationAddHook</span><span class="p">):</span> <span class="n">__regid__</span> <span class="o">=</span> <span class="s">&#39;sytweb.addperm_security_propagation&#39;</span> <span class="n">__select__</span> <span class="o">=</span> <span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationAddHook</span><span class="o">.</span><span class="n">__select__</span> <span class="o">&amp;</span> <span class="n">hook</span><span class="o">.</span><span class="n">match_rtype</span><span class="p">(</span><span class="s">&#39;may_be_read_by&#39;</span><span class="p">,))</span> <span class="n">subject_relations</span> <span class="o">=</span> <span class="n">S_RELS</span> <span class="n">object_relations</span> <span class="o">=</span> <span class="n">O_RELS</span> <span class="k">class</span> <span class="nc">DelPermissionSecurityPropagationHook</span><span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationDelHook</span><span class="p">):</span> <span class="n">__regid__</span> <span class="o">=</span> <span class="s">&#39;sytweb.delperm_security_propagation&#39;</span> <span class="n">__select__</span> <span class="o">=</span> <span class="p">(</span><span class="n">hook</span><span class="o">.</span><span class="n">PropagateSubjectRelationDelHook</span><span class="o">.</span><span class="n">__select__</span> <span class="o">&amp;</span> <span class="n">hook</span><span class="o">.</span><span class="n">match_rtype</span><span class="p">(</span><span class="s">&#39;may_be_read_by&#39;</span><span class="p">,))</span> <span class="n">subject_relations</span> <span class="o">=</span> <span class="n">S_RELS</span> <span class="n">object_relations</span> <span class="o">=</span> <span class="n">O_RELS</span> </pre></div> <ul class="simple"> <li>the <cite>AddEntitySecurityPropagationHook</cite> will propagate the relation when <cite>filed_under</cite> or <cite>comments</cite> relations are added<ul> <li>the <cite>S_RELS</cite> and <cite>O_RELS</cite> set as well as the <cite>match_rtype_sets</cite> selector are used here so that if my cube is used by another one, it'll be able to configure security propagation by simply adding relation to one of the two sets.</li> </ul> </li> <li>the two others will propagate permissions changes on parent entities to children entities</li> </ul> </div> <div class="section" id="step-3-testing-our-security"> <h3><a>Step 3: testing our security</a></h3> <p>Security is tricky. Writing some tests for it is a very good idea. You should even write them first, as Test Driven Development recommends!</p> <p>Here is a small test case that'll check the basis of our security model, in <strong>test/unittest_sytweb.py</strong>:</p> <div class="highlight"><pre><span class="kn">from</span> <span class="nn">cubicweb.devtools.testlib</span> <span class="kn">import</span> <span class="n">CubicWebTC</span> <span class="kn">from</span> <span class="nn">cubicweb</span> <span class="kn">import</span> <span class="n">Binary</span> <span class="k">class</span> <span class="nc">SecurityTC</span><span class="p">(</span><span class="n">CubicWebTC</span><span class="p">):</span> <span class="k">def</span> <span class="nf">test_visibility_propagation</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> <span class="c"># create a user for later security checks</span> <span class="n">toto</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">create_user</span><span class="p">(</span><span class="s">&#39;toto&#39;</span><span class="p">)</span> <span class="c"># init some data using the default manager connection</span> <span class="n">req</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">request</span><span class="p">()</span> <span class="n">folder</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="n">create_entity</span><span class="p">(</span><span class="s">&#39;Folder&#39;</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="s">u&#39;restricted&#39;</span><span class="p">,</span> <span class="n">visibility</span><span class="o">=</span><span class="s">u&#39;restricted&#39;</span><span class="p">)</span> <span class="n">photo1</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="n">create_entity</span><span class="p">(</span><span class="s">&#39;Image&#39;</span><span class="p">,</span> <span class="n">data_name</span><span class="o">=</span><span class="s">u&#39;photo1.jpg&#39;</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">Binary</span><span class="p">(</span><span class="s">&#39;xxx&#39;</span><span class="p">),</span> <span class="n">filed_under</span><span class="o">=</span><span class="n">folder</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span> <span class="n">photo1</span><span class="o">.</span><span class="n">clear_all_caches</span><span class="p">()</span> <span class="c"># good practice, avoid request cache effects</span> <span class="c"># visibility propagation</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="n">photo1</span><span class="o">.</span><span class="n">visibility</span><span class="p">,</span> <span class="s">&#39;restricted&#39;</span><span class="p">)</span> <span class="c"># unless explicitly specified</span> <span class="n">photo2</span> <span class="o">=</span> <span class="n">req</span><span class="o">.</span><span class="n">create_entity</span><span class="p">(</span><span class="s">&#39;Image&#39;</span><span class="p">,</span> <span class="n">data_name</span><span class="o">=</span><span class="s">u&#39;photo2.jpg&#39;</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">Binary</span><span class="p">(</span><span class="s">&#39;xxx&#39;</span><span class="p">),</span> <span class="n">visibility</span><span class="o">=</span><span class="s">u&#39;public&#39;</span><span class="p">,</span> <span class="n">filed_under</span><span class="o">=</span><span class="n">folder</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="n">photo2</span><span class="o">.</span><span class="n">visibility</span><span class="p">,</span> <span class="s">&#39;public&#39;</span><span class="p">)</span> <span class="c"># test security</span> <span class="bp">self</span><span class="o">.</span><span class="n">login</span><span class="p">(</span><span class="s">&#39;toto&#39;</span><span class="p">)</span> <span class="n">req</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">request</span><span class="p">()</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">req</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;Image X&#39;</span><span class="p">)),</span> <span class="mi">1</span><span class="p">)</span> <span class="c"># only the public one</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">req</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;Folder X&#39;</span><span class="p">)),</span> <span class="mi">0</span><span class="p">)</span> <span class="c"># restricted...</span> <span class="c"># may_be_read_by propagation</span> <span class="bp">self</span><span class="o">.</span><span class="n">restore_connection</span><span class="p">()</span> <span class="n">folder</span><span class="o">.</span><span class="n">set_relations</span><span class="p">(</span><span class="n">may_be_read_by</span><span class="o">=</span><span class="n">toto</span><span class="p">)</span> <span class="bp">self</span><span class="o">.</span><span class="n">commit</span><span class="p">()</span> <span class="n">photo1</span><span class="o">.</span><span class="n">clear_all_caches</span><span class="p">()</span> <span class="bp">self</span><span class="o">.</span><span class="n">failUnless</span><span class="p">(</span><span class="n">photo1</span><span class="o">.</span><span class="n">may_be_read_by</span><span class="p">)</span> <span class="c"># test security with permissions</span> <span class="bp">self</span><span class="o">.</span><span class="n">login</span><span class="p">(</span><span class="s">&#39;toto&#39;</span><span class="p">)</span> <span class="n">req</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">request</span><span class="p">()</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">req</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;Image X&#39;</span><span class="p">)),</span> <span class="mi">2</span><span class="p">)</span> <span class="c"># now toto has access to photo2</span> <span class="bp">self</span><span class="o">.</span><span class="n">assertEquals</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">req</span><span class="o">.</span><span class="n">execute</span><span class="p">(</span><span class="s">&#39;Folder X&#39;</span><span class="p">)),</span> <span class="mi">1</span><span class="p">)</span> <span class="c"># and to restricted folder</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="s">&#39;__main__&#39;</span><span class="p">:</span> <span class="kn">from</span> <span class="nn">logilab.common.testlib</span> <span class="kn">import</span> <span class="n">unittest_main</span> <span class="n">unittest_main</span><span class="p">()</span> </pre></div> <p>It is not complete, but it shows most of the things you will want to do in tests: adding some content, creating users and connecting as them in the test, etc...</p> <p>To run it type:</p> <pre class="literal-block"> [syt&#64;scorpius test]$ pytest unittest_sytweb.py ======================== unittest_sytweb.py ======================== -&gt; creating tables [....................] -&gt; inserting default user and default groups. -&gt; storing the schema in the database [....................] -&gt; database for instance data initialized. . ---------------------------------------------------------------------- Ran 1 test in 22.547s OK </pre> <p>The first execution is taking time, since it creates a sqlite database for the test instance. The second one will be much quicker:</p> <pre class="literal-block"> [syt&#64;scorpius test]$ pytest unittest_sytweb.py ======================== unittest_sytweb.py ======================== . ---------------------------------------------------------------------- Ran 1 test in 2.662s OK </pre> <p>If you do some changes in your schema, you'll have to force regeneration of that database. You do that by removing the tmpdb* files before running the test:</p> <pre class="literal-block"> [syt&#64;scorpius test]$ rm tmpdb* </pre> <p>BTW, pytest is a very convenient utilities to control test execution, from the <a class="reference" href="http://www.logilab.org/project/logilab-common">logilab-common</a> package.</p> </div> <div class="section" id="step-4-writing-the-migration-script-and-migrating-the-instance"> <h3><a>Step 4: writing the migration script and migrating the instance</a></h3> <p>Prior to those changes, Iv'e created an instance, fed it with some data, so I don't want to create a new one, but to migrate the existing one. Let's see how to do that.</p> <p>Migration commands should be put in the cube's <strong>migration</strong> directory, in a file named file:<cite>&lt;X.Y.Z&gt;_Any.py</cite> ('Any' being there mostly for historical reason).</p> <p>Here I'll create a <strong>migration/0.2.0_Any.py</strong> file containing the following instructions:</p> <div class="highlight"><pre><span class="n">add_relation_type</span><span class="p">(</span><span class="s">&#39;may_be_read_by&#39;</span><span class="p">)</span> <span class="n">add_relation_type</span><span class="p">(</span><span class="s">&#39;visibility&#39;</span><span class="p">)</span> <span class="n">sync_schema_props_perms</span><span class="p">()</span> </pre></div> <p>Then I update the version number in cube's <strong>__pkginfo__.py</strong> to 0.2.0. And that's it! Those instructions will:</p> <ul class="simple"> <li>update the instance's schema by adding our two new relations and update the underlying database tables accordingly (the two first instructions)</li> <li>update schema's permissions definition (the later instruction)</li> </ul> <p>To migrate my instance I simply type:</p> <pre class="literal-block"> [syt&#64;scorpius ~]$ cubicweb-ctl upgrade sytweb </pre> <p>I will then be asked some questions to do the migration step by step. You should say YES when it asks if a backup of your database should be done, so you can get back to the initial state if anything goes wrong...</p> </div> <div class="section" id="conclusion"> <h3><a>Conclusion</a></h3> <p>This is a somewhat long post that I bet you will have to read at least twice ;) There is a hell lot of information hidden in there... But that should start to give you an idea of CubicWeb's power...</p> <p>See you next time for <a class="reference" href="http://www.cubicweb.org/blogentry/972762">part III</a> !</p> </div> 2010-04-13T14:47-01:00 Sylvain Thenault