Context navigation

source: main/waeup.ikoba/trunk/src/waeup/ikoba/permissions.py @ 12011

Last change on this file since 12011 was 11967, checked in by Henrik Bettermann, 10 years ago
Add browser components for customers. Tests will follow.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 10.8 KB

Rev	Line
[7193]	1	## $Id: permissions.py 11967 2014-11-16 11:53:02Z henrik $
	2	##
	3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
[3521]	18	import grok
[6157]	19	from zope.component import getUtilitiesFor
[6144]	20	from zope.interface import Interface
[6163]	21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[11949]	22	from waeup.ikoba.interfaces import ILocalRolesAssignable
[3521]	23
[4789]	24	class Public(grok.Permission):
	25	"""Everyone-can-do-this-permission.
	26
	27	This permission is meant to be applied to objects/views/pages
	28	etc., that should be usable/readable by everyone.
	29
	30	We need this to be able to tune default permissions more
	31	restrictive and open up some dedicated objects like the front
	32	page.
	33	"""
	34	grok.name('waeup.Public')
[6142]	35
[5433]	36	class Anonymous(grok.Permission):
	37	"""Only-anonymous-can-do-this-permission.
	38	"""
[6142]	39	grok.name('waeup.Anonymous')
[4789]	40
[7184]	41	class Authenticated(grok.Permission):
	42	"""Only-logged-in-users-can-do-this-permission.
	43	"""
	44	grok.name('waeup.Authenticated')
[4789]	45
[11947]	46	class ViewProductsPermission(grok.Permission):
	47	grok.name('waeup.viewProducts')
[7184]	48
[11947]	49	class ManageProductsPermission(grok.Permission):
	50	grok.name('waeup.manageProducts')
[4789]	51
[8367]	52	class ManagePortal(grok.Permission):
	53	grok.name('waeup.managePortal')
	54
[4789]	55	class ManageUsers(grok.Permission):
	56	grok.name('waeup.manageUsers')
[6142]	57
[7163]	58	class EditUser(grok.Permission):
	59	grok.name('waeup.editUser')
	60
[6127]	61	class ManageDataCenter(grok.Permission):
	62	grok.name('waeup.manageDataCenter')
[6142]	63
[8367]	64	class ImportData(grok.Permission):
	65	grok.name('waeup.importData')
	66
[10177]	67	class ExportData(grok.Permission):
	68	grok.name('waeup.exportData')
	69
[10279]	70	class ExportPaymentsOverview(grok.Permission):
	71	grok.name('waeup.exportPaymentsOverview')
	72
	73	class ExportBursaryData(grok.Permission):
	74	grok.name('waeup.exportBursaryData')
	75
[10278]	76	class ViewTranscript(grok.Permission):
	77	grok.name('waeup.viewTranscript')
	78
[6907]	79	class ManagePortalConfiguration(grok.Permission):
	80	grok.name('waeup.managePortalConfiguration')
[6155]	81
[7181]	82	class ManageACBatches(grok.Permission):
	83	grok.name('waeup.manageACBatches')
	84
[11673]	85	class PutBiometricDataPermission(grok.Permission):
	86	"""Permission to upload/change biometric data.
	87	"""
	88	grok.name('waeup.putBiometricData')
	89
[11665]	90	class GetBiometricDataPermission(grok.Permission):
	91	"""Permission to read biometric data.
	92	"""
	93	grok.name('waeup.getBiometricData')
	94
	95
[6125]	96	# Local Roles
[10226]	97
[7163]	98	class Owner(grok.Role):
	99	grok.name('waeup.local.Owner')
	100	grok.title(u'Owner')
	101	grok.permissions('waeup.editUser')
	102
[7178]	103	# Site Roles
[11947]	104	class ProductsOfficer(grok.Role):
	105	grok.name('waeup.ProductsOfficer')
	106	grok.title(u'Products Officer (view only)')
	107	grok.permissions('waeup.viewProducts')
[3521]	108
[11947]	109	class ProductssManager(grok.Role):
	110	grok.name('waeup.ProductsManager')
	111	grok.title(u'Products Manager')
	112	grok.permissions('waeup.viewProducts',
	113	'waeup.manageProducts')
[8367]	114
	115	class DataCenterManager(grok.Role):
	116	grok.name('waeup.DataCenterManager')
	117	grok.title(u'Datacenter Manager')
	118	grok.permissions('waeup.manageDataCenter')
	119
	120	class ImportManager(grok.Role):
	121	grok.name('waeup.ImportManager')
	122	grok.title(u'Import Manager')
	123	grok.permissions('waeup.manageDataCenter',
	124	'waeup.importData')
	125
[10177]	126	class ExportManager(grok.Role):
	127	grok.name('waeup.ExportManager')
	128	grok.title(u'Export Manager')
	129	grok.permissions('waeup.manageDataCenter',
	130	'waeup.exportData')
	131
[8367]	132	class UsersManager(grok.Role):
	133	grok.name('waeup.UsersManager')
	134	grok.title(u'Users Manager')
[9259]	135	grok.permissions('waeup.manageUsers',
	136	'waeup.editUser')
[8367]	137
[9300]	138	class WorkflowManager(grok.Role):
	139	grok.name('waeup.WorkflowManager')
	140	grok.title(u'Workflow Manager')
[9299]	141	grok.permissions('waeup.triggerTransition')
	142
[4789]	143	class PortalManager(grok.Role):
	144	grok.name('waeup.PortalManager')
[6159]	145	grok.title(u'Portal Manager')
[9259]	146	grok.permissions('waeup.managePortal',
	147	'waeup.manageUsers',
[11947]	148	'waeup.viewProducts', 'waeup.manageProducts',
[8367]	149	'waeup.manageACBatches',
[9259]	150	'waeup.manageDataCenter',
	151	'waeup.importData',
[10177]	152	'waeup.exportData',
[11947]	153	'waeup.managePortalConfiguration',
[9335]	154	'waeup.editUser',
[9637]	155	'waeup.manageReports',
[9645]	156	'waeup.manageJobs',
[11958]	157	'waeup.viewCustomer', 'waeup.viewCustomers',
	158	'waeup.manageCustomer', 'waeup.viewCustomersContainer',
	159	'waeup.payCustomer', 'waeup.uploadCustomerFile',
[11967]	160	'waeup.triggerTransition',
[11958]	161	'waeup.viewCustomersTab'
[7240]	162	)
[4789]	163
[9259]	164	class CCOfficer(grok.Role):
[9303]	165	"""This is basically a copy of the the PortalManager class. We exclude some
[9262]	166	'dangerous' permissions by commenting them out.
[9259]	167	"""
[10346]	168	grok.baseclass()
[9259]	169	grok.name('waeup.CCOfficer')
	170	grok.title(u'Computer Center Officer')
	171	grok.permissions(#'waeup.managePortal',
	172	#'waeup.manageUsers',
[11947]	173	'waeup.viewProducts', 'waeup.manageProducts',
[9259]	174	#'waeup.manageACBatches',
	175	'waeup.manageDataCenter',
	176	#'waeup.importData',
[10243]	177	'waeup.exportData',
[11947]	178	'waeup.managePortalConfiguration',
[9335]	179	#'waeup.editUser',
[9637]	180	'waeup.manageReports',
[9645]	181	#'waeup.manageJobs',
[11958]	182	'waeup.viewCustomer', 'waeup.viewCustomers',
	183	'waeup.manageCustomer', 'waeup.viewCustomersContainer',
	184	'waeup.payCustomer', 'waeup.uploadCustomerFile',
[11967]	185	'waeup.triggerTransition',
[11958]	186	'waeup.viewCustomersTab'
[9259]	187	)
	188
[7186]	189	def get_all_roles():
[6157]	190	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	191	"""
	192	return getUtilitiesFor(IRole)
	193
[7186]	194	def get_waeup_roles(also_local=False):
[11949]	195	"""Get all Ikoba roles.
[6157]	196
[11949]	197	Ikoba roles are ordinary roles whose id by convention starts with
[6157]	198	a ``waeup.`` prefix.
	199
	200	If `also_local` is ``True`` (``False`` by default), also local
[11949]	201	roles are returned. Local Ikoba roles are such whose id starts
[6157]	202	with ``waeup.local.`` prefix (this is also a convention).
	203
	204	Returns a generator of the found roles.
	205	"""
[7186]	206	for name, item in get_all_roles():
[6157]	207	if not name.startswith('waeup.'):
[11949]	208	# Ignore non-Ikoba roles...
[4789]	209	continue
[6157]	210	if not also_local and name.startswith('waeup.local.'):
	211	# Ignore local roles...
[6045]	212	continue
[6157]	213	yield item
[4789]	214
[7186]	215	def get_waeup_role_names():
[11949]	216	"""Get the ids of all Ikoba roles.
[6157]	217
[11949]	218	See :func:`get_waeup_roles` for what a 'IkobaRole' is.
[6157]	219
[11949]	220	This function returns a sorted list of Ikoba role names.
[6157]	221	"""
[7186]	222	return sorted([x.id for x in get_waeup_roles()])
[6157]	223
[6144]	224	class LocalRolesAssignable(grok.Adapter):
	225	"""Default implementation for `ILocalRolesAssignable`.
	226
	227	This adapter returns a list for dictionaries for objects for which
	228	we want to know the roles assignable to them locally.
	229
	230	The returned dicts contain a ``name`` and a ``title`` entry which
	231	give a role (``name``) and a description, for which kind of users
	232	the permission is meant to be used (``title``).
	233
	234	Having this adapter registered we make sure, that for each normal
	235	object we get a valid `ILocalRolesAssignable` adapter.
	236
	237	Objects that want to offer certain local roles, can do so by
[6162]	238	setting a (preferably class-) attribute to a list of role ids.
[6144]	239
	240	You can also define different adapters for different contexts to
	241	have different role lookup mechanisms become available. But in
	242	normal cases it should be sufficient to use this basic adapter.
	243	"""
	244	grok.context(Interface)
	245	grok.provides(ILocalRolesAssignable)
	246
	247	_roles = []
	248
	249	def __init__(self, context):
	250	self.context = context
[6162]	251	role_ids = getattr(context, 'local_roles', self._roles)
[7186]	252	self._roles = [(name, role) for name, role in get_all_roles()
[6162]	253	if name in role_ids]
[6144]	254	return
	255
	256	def __call__(self):
	257	"""Get a list of dictionaries containing ``names`` (the roles to
	258	assign) and ``titles`` (some description of the type of user
	259	to assign each role to).
	260	"""
[7334]	261	list_of_dict = [dict(
[6162]	262	name=name,
	263	title=role.title,
[6163]	264	description=role.description)
[7334]	265	for name, role in self._roles]
	266	return sorted(list_of_dict, key=lambda x: x['name'])
[6144]	267
[8774]	268	def get_all_users():
	269	"""Get a list of dictionaries.
	270	"""
	271	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
	272	for key, val in users:
	273	yield(dict(name=key, val=val))
	274
[6163]	275	def get_users_with_local_roles(context):
	276	"""Get a list of dicts representing the local roles set for `context`.
	277
	278	Each dict returns `user_name`, `user_title`, `local_role`,
	279	`local_role_title`, and `setting` for each entry in the local
	280	roles map of the `context` object.
	281	"""
[6202]	282	try:
	283	role_map = IPrincipalRoleMap(context)
	284	except TypeError:
	285	# no map no roles.
	286	raise StopIteration
[6163]	287	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	288	user = grok.getSite()['users'].get(user_name,None)
[7213]	289	user_title = getattr(user, 'title', user_name)
[10227]	290	local_role_title = getattr(
	291	dict(get_all_roles()).get(local_role, None), 'title', None)
[6163]	292	yield dict(user_name = user_name,
	293	user_title = user_title,
	294	local_role = local_role,
	295	local_role_title = local_role_title,
[9309]	296	setting = setting)
	297
	298	def get_users_with_role(role, context):
	299	"""Get a list of dicts representing the usres who have been granted
	300	a role for `context`.
	301	"""
	302	try:
	303	role_map = IPrincipalRoleMap(context)
	304	except TypeError:
	305	# no map no roles.
	306	raise StopIteration
	307	for user_name, setting in role_map.getPrincipalsForRole(role):
	308	user = grok.getSite()['users'].get(user_name,None)
	309	user_title = getattr(user, 'title', user_name)
	310	user_email = getattr(user, 'email', None)
	311	yield dict(user_name = user_name,
	312	user_title = user_title,
	313	user_email = user_email,
	314	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: