Context navigation

source: main/waeup.kofa/branches/uli-zc-async/src/waeup/kofa/permissions.py @ 10687

Last change on this file since 10687 was 9211, checked in by uli, 12 years ago
Rollback r9209. Looks like multiple merges from trunk confuse svn when merging back into trunk.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 10.5 KB

Rev	Line
[7193]	1	## $Id: permissions.py 9211 2012-09-21 08:19:35Z uli $
	2	##
	3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
[3521]	18	import grok
[6157]	19	from zope.component import getUtilitiesFor
[6144]	20	from zope.interface import Interface
[6163]	21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[7811]	22	from waeup.kofa.interfaces import ILocalRolesAssignable
[3521]	23
[4789]	24	class Public(grok.Permission):
	25	"""Everyone-can-do-this-permission.
	26
	27	This permission is meant to be applied to objects/views/pages
	28	etc., that should be usable/readable by everyone.
	29
	30	We need this to be able to tune default permissions more
	31	restrictive and open up some dedicated objects like the front
	32	page.
	33	"""
	34	grok.name('waeup.Public')
[6142]	35
[5433]	36	class Anonymous(grok.Permission):
	37	"""Only-anonymous-can-do-this-permission.
	38	"""
[6142]	39	grok.name('waeup.Anonymous')
[4789]	40
[7184]	41	class Authenticated(grok.Permission):
	42	"""Only-logged-in-users-can-do-this-permission.
	43	"""
	44	grok.name('waeup.Authenticated')
[4789]	45
[7184]	46	class ViewAcademicsPermission(grok.Permission):
	47	grok.name('waeup.viewAcademics')
	48
[8367]	49	class ManageAcademicsPermission(grok.Permission):
	50	grok.name('waeup.manageAcademics')
[4789]	51
[8367]	52	class ManagePortal(grok.Permission):
	53	grok.name('waeup.managePortal')
	54
[4789]	55	class ManageUsers(grok.Permission):
	56	grok.name('waeup.manageUsers')
[6142]	57
[7205]	58	class ShowStudents(grok.Permission):
	59	grok.name('waeup.showStudents')
	60
[7163]	61	class EditUser(grok.Permission):
	62	grok.name('waeup.editUser')
	63
[6127]	64	class ManageDataCenter(grok.Permission):
	65	grok.name('waeup.manageDataCenter')
[6142]	66
[8367]	67	class ImportData(grok.Permission):
	68	grok.name('waeup.importData')
	69
[6907]	70	class ManagePortalConfiguration(grok.Permission):
	71	grok.name('waeup.managePortalConfiguration')
[6155]	72
[7181]	73	class ManageACBatches(grok.Permission):
	74	grok.name('waeup.manageACBatches')
	75
[6125]	76	# Local Roles
[7185]	77	class DepartmentManager(grok.Role):
	78	grok.name('waeup.local.DepartmentManager')
	79	grok.title(u'Department Manager')
[8367]	80	grok.permissions('waeup.manageAcademics','waeup.showStudents')
[6142]	81
[6655]	82	class ClearanceOfficer(grok.Role):
[7168]	83	"""The clearance officer role is meant for the
	84	assignment of dynamic roles only.
	85	"""
[6655]	86	grok.name('waeup.local.ClearanceOfficer')
	87	grok.title(u'Clearance Officer')
[7217]	88	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	89
[7334]	90	class CourseAdviser100(grok.Role):
[7335]	91	"""The 100 level course adviser role is meant for the
[7168]	92	assignment of dynamic roles only.
	93	"""
[7334]	94	grok.name('waeup.local.CourseAdviser100')
	95	grok.title(u'Course Adviser 100L')
	96	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	97
[7334]	98	class CourseAdviser200(grok.Role):
[7335]	99	"""The course 200 level adviser role is meant for the
[7334]	100	assignment of dynamic roles only.
	101	"""
	102	grok.name('waeup.local.CourseAdviser200')
	103	grok.title(u'Course Adviser 200L')
	104	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	105
	106	class CourseAdviser300(grok.Role):
[7335]	107	"""The 300 level course adviser role is meant for the
[7334]	108	assignment of dynamic roles only.
	109	"""
	110	grok.name('waeup.local.CourseAdviser300')
	111	grok.title(u'Course Adviser 300L')
	112	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	113
	114	class CourseAdviser400(grok.Role):
[7335]	115	"""The 400 level course adviser role is meant for the
[7334]	116	assignment of dynamic roles only.
	117	"""
	118	grok.name('waeup.local.CourseAdviser400')
	119	grok.title(u'Course Adviser 400L')
	120	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	121
	122	class CourseAdviser500(grok.Role):
[7335]	123	"""The 500 level course adviser role is meant for the
[7334]	124	assignment of dynamic roles only.
	125	"""
	126	grok.name('waeup.local.CourseAdviser500')
	127	grok.title(u'Course Adviser 500L')
	128	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	129
	130	class CourseAdviser600(grok.Role):
[7335]	131	"""The 600 level course adviser role is meant for the
[7334]	132	assignment of dynamic roles only.
	133	"""
	134	grok.name('waeup.local.CourseAdviser600')
	135	grok.title(u'Course Adviser 600L')
	136	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	137
[7163]	138	class Owner(grok.Role):
	139	grok.name('waeup.local.Owner')
	140	grok.title(u'Owner')
	141	grok.permissions('waeup.editUser')
	142
[7178]	143	# Site Roles
[7185]	144	class AcademicsOfficer(grok.Role):
	145	grok.name('waeup.AcademicsOfficer')
[7188]	146	grok.title(u'Academics Officer (view only)')
[7184]	147	grok.permissions('waeup.viewAcademics')
[3521]	148
[8367]	149	class AcademicsManager(grok.Role):
	150	grok.name('waeup.AcademicsManager')
	151	grok.title(u'Academics Manager')
	152	grok.permissions('waeup.viewAcademics',
	153	'waeup.manageAcademics')
	154
[7181]	155	class ACManager(grok.Role):
	156	grok.name('waeup.ACManager')
	157	grok.title(u'Access Code Manager')
	158	grok.permissions('waeup.manageACBatches')
	159
[8367]	160	class DataCenterManager(grok.Role):
	161	grok.name('waeup.DataCenterManager')
	162	grok.title(u'Datacenter Manager')
	163	grok.permissions('waeup.manageDataCenter')
	164
	165	class ImportManager(grok.Role):
	166	grok.name('waeup.ImportManager')
	167	grok.title(u'Import Manager')
	168	grok.permissions('waeup.manageDataCenter',
	169	'waeup.importData')
	170
	171	class UsersManager(grok.Role):
	172	grok.name('waeup.UsersManager')
	173	grok.title(u'Users Manager')
	174	grok.permissions('waeup.manageUsers')
	175
[4789]	176	class PortalManager(grok.Role):
	177	grok.name('waeup.PortalManager')
[6159]	178	grok.title(u'Portal Manager')
[8367]	179	grok.permissions('waeup.managePortal', 'waeup.manageUsers',
[8374]	180	'waeup.viewAcademics', 'waeup.manageAcademics',
[8367]	181	'waeup.manageACBatches',
[8399]	182	'waeup.manageDataCenter', 'waeup.importData',
[7184]	183	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	184	'waeup.manageApplication', 'waeup.handleApplication',
[7250]	185	'waeup.viewApplicantsTab', 'waeup.payApplicant',
[8565]	186	'waeup.viewApplicationStatistics',
[7250]	187	'waeup.viewStudent', 'waeup.manageStudent',
	188	'waeup.clearStudent', 'waeup.payStudent',
	189	'waeup.uploadStudentFile', 'waeup.showStudents',
	190	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
[7205]	191	'waeup.viewHostels', 'waeup.manageHostels',
[8068]	192	'waeup.editUser'
[7240]	193	)
[4789]	194
[7186]	195	def get_all_roles():
[6157]	196	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	197	"""
	198	return getUtilitiesFor(IRole)
	199
[7186]	200	def get_waeup_roles(also_local=False):
[7819]	201	"""Get all Kofa roles.
[6157]	202
[7819]	203	Kofa roles are ordinary roles whose id by convention starts with
[6157]	204	a ``waeup.`` prefix.
	205
	206	If `also_local` is ``True`` (``False`` by default), also local
[7819]	207	roles are returned. Local Kofa roles are such whose id starts
[6157]	208	with ``waeup.local.`` prefix (this is also a convention).
	209
	210	Returns a generator of the found roles.
	211	"""
[7186]	212	for name, item in get_all_roles():
[6157]	213	if not name.startswith('waeup.'):
[7819]	214	# Ignore non-Kofa roles...
[4789]	215	continue
[6157]	216	if not also_local and name.startswith('waeup.local.'):
	217	# Ignore local roles...
[6045]	218	continue
[6157]	219	yield item
[4789]	220
[7186]	221	def get_waeup_role_names():
[7819]	222	"""Get the ids of all Kofa roles.
[6157]	223
[7819]	224	See :func:`get_waeup_roles` for what a 'KofaRole' is.
[6157]	225
[7819]	226	This function returns a sorted list of Kofa role names.
[6157]	227	"""
[7186]	228	return sorted([x.id for x in get_waeup_roles()])
[6157]	229
[6144]	230	class LocalRolesAssignable(grok.Adapter):
	231	"""Default implementation for `ILocalRolesAssignable`.
	232
	233	This adapter returns a list for dictionaries for objects for which
	234	we want to know the roles assignable to them locally.
	235
	236	The returned dicts contain a ``name`` and a ``title`` entry which
	237	give a role (``name``) and a description, for which kind of users
	238	the permission is meant to be used (``title``).
	239
	240	Having this adapter registered we make sure, that for each normal
	241	object we get a valid `ILocalRolesAssignable` adapter.
	242
	243	Objects that want to offer certain local roles, can do so by
[6162]	244	setting a (preferably class-) attribute to a list of role ids.
[6144]	245
	246	You can also define different adapters for different contexts to
	247	have different role lookup mechanisms become available. But in
	248	normal cases it should be sufficient to use this basic adapter.
	249	"""
	250	grok.context(Interface)
	251	grok.provides(ILocalRolesAssignable)
	252
	253	_roles = []
	254
	255	def __init__(self, context):
	256	self.context = context
[6162]	257	role_ids = getattr(context, 'local_roles', self._roles)
[7186]	258	self._roles = [(name, role) for name, role in get_all_roles()
[6162]	259	if name in role_ids]
[6144]	260	return
	261
	262	def __call__(self):
	263	"""Get a list of dictionaries containing ``names`` (the roles to
	264	assign) and ``titles`` (some description of the type of user
	265	to assign each role to).
	266	"""
[7334]	267	list_of_dict = [dict(
[6162]	268	name=name,
	269	title=role.title,
[6163]	270	description=role.description)
[7334]	271	for name, role in self._roles]
	272	return sorted(list_of_dict, key=lambda x: x['name'])
[6144]	273
[8774]	274	def get_all_users():
	275	"""Get a list of dictionaries.
	276	"""
	277	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
	278	for key, val in users:
	279	yield(dict(name=key, val=val))
	280
[6163]	281	def get_users_with_local_roles(context):
	282	"""Get a list of dicts representing the local roles set for `context`.
	283
	284	Each dict returns `user_name`, `user_title`, `local_role`,
	285	`local_role_title`, and `setting` for each entry in the local
	286	roles map of the `context` object.
	287	"""
[6202]	288	try:
	289	role_map = IPrincipalRoleMap(context)
	290	except TypeError:
	291	# no map no roles.
	292	raise StopIteration
[6163]	293	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	294	user = grok.getSite()['users'].get(user_name,None)
[7213]	295	user_title = getattr(user, 'title', user_name)
[7186]	296	local_role_title = dict(get_all_roles())[local_role].title
[6163]	297	yield dict(user_name = user_name,
	298	user_title = user_title,
	299	local_role = local_role,
	300	local_role_title = local_role_title,
[8774]	301	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: