author Philippe Pepiot <>
Fri, 17 Feb 2017 16:03:47 +0100
changeset 126 79cf56fbfb1b
child 135 4d836625fe3f
permissions -rw-r--r--
[views] custom security view Override cubicweb security view to remove permissions table. Use a relation widget for 'owned_by' relation. Since there is only 'owned_by' edition on this view, add a selector to ensure user has 'add' permission on 'owned_by' for this entity. Closes extranet #16684489

# copyright 2017 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
# contact --
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU Lesser General Public License as published by the Free
# Software Foundation, either version 2.1 of the License, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
# details.
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <>.

from logilab.mtconverter import xml_escape

from cubicweb.predicates import relation_possible
from cubicweb.web import formwidgets
from cubicweb.web.formfields import guess_field
from import SecurityManagementView

from cubes.relationwidget.views import RelationFacetWidget

class SherpaSecurityManagementView(SecurityManagementView):
    """Security view overriden to hide permissions definitions and using a
    RelationFacetWidget to edit owner"""
    __select__ = (SecurityManagementView.__select__ &
                  relation_possible('owned_by', action='add'))

    def entity_call(self, entity):
        w = self.w
        w(u'<h1><span class="etype">%s</span> <a href="%s">%s</a></h1>'
          % (entity.dc_type().capitalize(),
        w('<h2>%s</h2>' % self._cw.__('Manage security'))
        msg = self._cw.__('ownerships have been changed')
        form = self._cw.vreg['forms'].select(
            'base', self._cw, entity=entity,
            form_renderer_id='onerowtable', submitmsg=msg,
            domid='ownership%s' % entity.eid,
        field = guess_field(entity.e_schema,
        form.render(w=w, display_progress_div=False)

def registration_callback(vreg):
    vreg.register_all(globals().values(), __name__)