source: main/waeup.kofa/branches/uli-zc-async/src/waeup/kofa/permissions.py @ 10209

Last change on this file since 10209 was 9211, checked in by uli, 12 years ago

Rollback r9209. Looks like multiple merges from trunk confuse svn when merging back into trunk.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 10.5 KB
RevLine 
[7193]1## $Id: permissions.py 9211 2012-09-21 08:19:35Z uli $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
[3521]18import grok
[6157]19from zope.component import getUtilitiesFor
[6144]20from zope.interface import Interface
[6163]21from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[7811]22from waeup.kofa.interfaces import ILocalRolesAssignable
[3521]23
[4789]24class Public(grok.Permission):
25    """Everyone-can-do-this-permission.
26
27    This permission is meant to be applied to objects/views/pages
28    etc., that should be usable/readable by everyone.
29
30    We need this to be able to tune default permissions more
31    restrictive and open up some dedicated objects like the front
32    page.
33    """
34    grok.name('waeup.Public')
[6142]35
[5433]36class Anonymous(grok.Permission):
37    """Only-anonymous-can-do-this-permission.
38    """
[6142]39    grok.name('waeup.Anonymous')
[4789]40
[7184]41class Authenticated(grok.Permission):
42    """Only-logged-in-users-can-do-this-permission.
43    """
44    grok.name('waeup.Authenticated')
[4789]45
[7184]46class ViewAcademicsPermission(grok.Permission):
47    grok.name('waeup.viewAcademics')
48
[8367]49class ManageAcademicsPermission(grok.Permission):
50    grok.name('waeup.manageAcademics')
[4789]51
[8367]52class ManagePortal(grok.Permission):
53    grok.name('waeup.managePortal')
54
[4789]55class ManageUsers(grok.Permission):
56    grok.name('waeup.manageUsers')
[6142]57
[7205]58class ShowStudents(grok.Permission):
59    grok.name('waeup.showStudents')
60
[7163]61class EditUser(grok.Permission):
62    grok.name('waeup.editUser')
63
[6127]64class ManageDataCenter(grok.Permission):
65    grok.name('waeup.manageDataCenter')
[6142]66
[8367]67class ImportData(grok.Permission):
68    grok.name('waeup.importData')
69
[6907]70class ManagePortalConfiguration(grok.Permission):
71    grok.name('waeup.managePortalConfiguration')
[6155]72
[7181]73class ManageACBatches(grok.Permission):
74    grok.name('waeup.manageACBatches')
75
[6125]76# Local Roles
[7185]77class DepartmentManager(grok.Role):
78    grok.name('waeup.local.DepartmentManager')
79    grok.title(u'Department Manager')
[8367]80    grok.permissions('waeup.manageAcademics','waeup.showStudents')
[6142]81
[6655]82class ClearanceOfficer(grok.Role):
[7168]83    """The clearance officer role is meant for the
84    assignment of dynamic roles only.
85    """
[6655]86    grok.name('waeup.local.ClearanceOfficer')
87    grok.title(u'Clearance Officer')
[7217]88    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]89
[7334]90class CourseAdviser100(grok.Role):
[7335]91    """The 100 level course adviser role is meant for the
[7168]92    assignment of dynamic roles only.
93    """
[7334]94    grok.name('waeup.local.CourseAdviser100')
95    grok.title(u'Course Adviser 100L')
96    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]97
[7334]98class CourseAdviser200(grok.Role):
[7335]99    """The course 200 level adviser role is meant for the
[7334]100    assignment of dynamic roles only.
101    """
102    grok.name('waeup.local.CourseAdviser200')
103    grok.title(u'Course Adviser 200L')
104    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
105
106class CourseAdviser300(grok.Role):
[7335]107    """The 300 level course adviser role is meant for the
[7334]108    assignment of dynamic roles only.
109    """
110    grok.name('waeup.local.CourseAdviser300')
111    grok.title(u'Course Adviser 300L')
112    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
113
114class CourseAdviser400(grok.Role):
[7335]115    """The 400 level course adviser role is meant for the
[7334]116    assignment of dynamic roles only.
117    """
118    grok.name('waeup.local.CourseAdviser400')
119    grok.title(u'Course Adviser 400L')
120    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
121
122class CourseAdviser500(grok.Role):
[7335]123    """The 500 level course adviser role is meant for the
[7334]124    assignment of dynamic roles only.
125    """
126    grok.name('waeup.local.CourseAdviser500')
127    grok.title(u'Course Adviser 500L')
128    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
129
130class CourseAdviser600(grok.Role):
[7335]131    """The 600 level course adviser role is meant for the
[7334]132    assignment of dynamic roles only.
133    """
134    grok.name('waeup.local.CourseAdviser600')
135    grok.title(u'Course Adviser 600L')
136    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
137
[7163]138class Owner(grok.Role):
139    grok.name('waeup.local.Owner')
140    grok.title(u'Owner')
141    grok.permissions('waeup.editUser')
142
[7178]143# Site Roles
[7185]144class AcademicsOfficer(grok.Role):
145    grok.name('waeup.AcademicsOfficer')
[7188]146    grok.title(u'Academics Officer (view only)')
[7184]147    grok.permissions('waeup.viewAcademics')
[3521]148
[8367]149class AcademicsManager(grok.Role):
150    grok.name('waeup.AcademicsManager')
151    grok.title(u'Academics Manager')
152    grok.permissions('waeup.viewAcademics',
153                     'waeup.manageAcademics')
154
[7181]155class ACManager(grok.Role):
156    grok.name('waeup.ACManager')
157    grok.title(u'Access Code Manager')
158    grok.permissions('waeup.manageACBatches')
159
[8367]160class DataCenterManager(grok.Role):
161    grok.name('waeup.DataCenterManager')
162    grok.title(u'Datacenter Manager')
163    grok.permissions('waeup.manageDataCenter')
164
165class ImportManager(grok.Role):
166    grok.name('waeup.ImportManager')
167    grok.title(u'Import Manager')
168    grok.permissions('waeup.manageDataCenter',
169                     'waeup.importData')
170
171class UsersManager(grok.Role):
172    grok.name('waeup.UsersManager')
173    grok.title(u'Users Manager')
174    grok.permissions('waeup.manageUsers')
175
[4789]176class PortalManager(grok.Role):
177    grok.name('waeup.PortalManager')
[6159]178    grok.title(u'Portal Manager')
[8367]179    grok.permissions('waeup.managePortal', 'waeup.manageUsers',
[8374]180                     'waeup.viewAcademics', 'waeup.manageAcademics',
[8367]181                     'waeup.manageACBatches',
[8399]182                     'waeup.manageDataCenter', 'waeup.importData',
[7184]183                     'waeup.managePortalConfiguration', 'waeup.viewApplication',
184                     'waeup.manageApplication', 'waeup.handleApplication',
[7250]185                     'waeup.viewApplicantsTab', 'waeup.payApplicant',
[8565]186                     'waeup.viewApplicationStatistics',
[7250]187                     'waeup.viewStudent', 'waeup.manageStudent',
188                     'waeup.clearStudent', 'waeup.payStudent',
189                     'waeup.uploadStudentFile', 'waeup.showStudents',
190                     'waeup.viewStudentsContainer','waeup.viewStudentsTab',
[7205]191                     'waeup.viewHostels', 'waeup.manageHostels',
[8068]192                     'waeup.editUser'
[7240]193                     )
[4789]194
[7186]195def get_all_roles():
[6157]196    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
197    """
198    return getUtilitiesFor(IRole)
199
[7186]200def get_waeup_roles(also_local=False):
[7819]201    """Get all Kofa roles.
[6157]202
[7819]203    Kofa roles are ordinary roles whose id by convention starts with
[6157]204    a ``waeup.`` prefix.
205
206    If `also_local` is ``True`` (``False`` by default), also local
[7819]207    roles are returned. Local Kofa roles are such whose id starts
[6157]208    with ``waeup.local.`` prefix (this is also a convention).
209
210    Returns a generator of the found roles.
211    """
[7186]212    for name, item in get_all_roles():
[6157]213        if not name.startswith('waeup.'):
[7819]214            # Ignore non-Kofa roles...
[4789]215            continue
[6157]216        if not also_local and name.startswith('waeup.local.'):
217            # Ignore local roles...
[6045]218            continue
[6157]219        yield item
[4789]220
[7186]221def get_waeup_role_names():
[7819]222    """Get the ids of all Kofa roles.
[6157]223
[7819]224    See :func:`get_waeup_roles` for what a 'KofaRole' is.
[6157]225
[7819]226    This function returns a sorted list of Kofa role names.
[6157]227    """
[7186]228    return sorted([x.id for x in get_waeup_roles()])
[6157]229
[6144]230class LocalRolesAssignable(grok.Adapter):
231    """Default implementation for `ILocalRolesAssignable`.
232
233    This adapter returns a list for dictionaries for objects for which
234    we want to know the roles assignable to them locally.
235
236    The returned dicts contain a ``name`` and a ``title`` entry which
237    give a role (``name``) and a description, for which kind of users
238    the permission is meant to be used (``title``).
239
240    Having this adapter registered we make sure, that for each normal
241    object we get a valid `ILocalRolesAssignable` adapter.
242
243    Objects that want to offer certain local roles, can do so by
[6162]244    setting a (preferably class-) attribute to a list of role ids.
[6144]245
246    You can also define different adapters for different contexts to
247    have different role lookup mechanisms become available. But in
248    normal cases it should be sufficient to use this basic adapter.
249    """
250    grok.context(Interface)
251    grok.provides(ILocalRolesAssignable)
252
253    _roles = []
254
255    def __init__(self, context):
256        self.context = context
[6162]257        role_ids = getattr(context, 'local_roles', self._roles)
[7186]258        self._roles = [(name, role) for name, role in get_all_roles()
[6162]259                       if name in role_ids]
[6144]260        return
261
262    def __call__(self):
263        """Get a list of dictionaries containing ``names`` (the roles to
264        assign) and ``titles`` (some description of the type of user
265        to assign each role to).
266        """
[7334]267        list_of_dict = [dict(
[6162]268                name=name,
269                title=role.title,
[6163]270                description=role.description)
[7334]271                for name, role in self._roles]
272        return sorted(list_of_dict, key=lambda x: x['name'])
[6144]273
[8774]274def get_all_users():
275    """Get a list of dictionaries.
276    """
277    users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
278    for key, val in users:
279        yield(dict(name=key, val=val))
280
[6163]281def get_users_with_local_roles(context):
282    """Get a list of dicts representing the local roles set for `context`.
283
284    Each dict returns `user_name`, `user_title`, `local_role`,
285    `local_role_title`, and `setting` for each entry in the local
286    roles map of the `context` object.
287    """
[6202]288    try:
289        role_map = IPrincipalRoleMap(context)
290    except TypeError:
291        # no map no roles.
292        raise StopIteration
[6163]293    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
294        user = grok.getSite()['users'].get(user_name,None)
[7213]295        user_title = getattr(user, 'title', user_name)
[7186]296        local_role_title = dict(get_all_roles())[local_role].title
[6163]297        yield dict(user_name = user_name,
298                   user_title = user_title,
299                   local_role = local_role,
300                   local_role_title = local_role_title,
[8774]301                   setting = setting)
Note: See TracBrowser for help on using the repository browser.