source: main/waeup.kofa/trunk/docs/source/userdocs/security.rst @ 12843

Last change on this file since 12843 was 12843, checked in by Henrik Bettermann, 9 years ago

Documentation work in progress.

Remove redundant waeup.viewStudentsTab permission.
File size: 5.0 KB
Line 
1.. _security_policy:
2
3Security
4********
5
6Kofa has a very efficient security machinery. The machinery does not perform authorization checks on the content objects themselves stored in the database but restricts the usage of views, i.e. web pages and forms which are needed to view or edit data. Views are protected by permissions the user must have to use the view. Instead of assigning permissions seperately to users, permissions are bundled into sets of permissions, so-called roles which can be assigned to users through the web interface.
7
8It is important to note that permissions do not include other permissions. Only roles 'include' permissions. A 'manage' permission, for example, does not automatically enable users to open pages which merely display the data. These pages have their own 'view' permission. Another example is the ManagePortal permission described below. The name of the permission may lead to believe that users can do everything with this permssions. This is not true. It does only give access to certain pages which are dedicated to portal managers and must not be accessed by any other user.
9
10.. contents::
11
12Permissions
13===========
14
15The whole set of permissions and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration.
16
17General Permissions
18-------------------
19
20.. autoclass:: waeup.kofa.permissions.Public()
21   :noindex:
22
23.. autoclass:: waeup.kofa.permissions.Anonymous()
24   :noindex:
25
26.. autoclass:: waeup.kofa.permissions.Authenticated()
27   :noindex:
28
29.. autoclass:: waeup.kofa.permissions.ManageUsers()
30   :noindex:
31
32.. autoclass:: waeup.kofa.permissions.EditUser()
33   :noindex:
34
35.. autoclass:: waeup.kofa.permissions.ManagePortal()
36   :noindex:
37
38.. autoclass:: waeup.kofa.permissions.ViewAcademics()
39   :noindex:
40
41.. autoclass:: waeup.kofa.permissions.ManageAcademics()
42   :noindex:
43
44.. autoclass:: waeup.kofa.permissions.ManagePortalConfiguration()
45   :noindex:
46
47.. autoclass:: waeup.kofa.permissions.ManageDataCenter()
48   :noindex:
49
50.. autoclass:: waeup.kofa.permissions.ExportData()
51   :noindex:
52
53.. autoclass:: waeup.kofa.permissions.ImportData()
54   :noindex:
55
56.. autoclass:: waeup.kofa.permissions.TriggerTransition()
57   :noindex:
58
59.. autoclass:: waeup.kofa.permissions.ShowStudents()
60   :noindex:
61
62Application Section Permissions
63-------------------------------
64
65.. autoclass:: waeup.kofa.applicants.permissions.ViewApplication()
66   :noindex:
67
68.. autoclass:: waeup.kofa.applicants.permissions.HandleApplication()
69   :noindex:
70
71.. autoclass:: waeup.kofa.applicants.permissions.ManageApplication()
72   :noindex:
73
74.. autoclass:: waeup.kofa.applicants.permissions.PayApplicant()
75   :noindex:
76
77.. autoclass:: waeup.kofa.applicants.permissions.ViewApplicationStatistics()
78   :noindex:
79
80Student Section Permissions
81---------------------------
82
83.. autoclass:: waeup.kofa.students.permissions.ViewStudent()
84   :noindex:
85
86.. autoclass:: waeup.kofa.students.permissions.HandleStudent()
87   :noindex:
88
89.. autoclass:: waeup.kofa.students.permissions.ViewStudentsContainer()
90   :noindex:
91
92.. autoclass:: waeup.kofa.students.permissions.ManageStudent()
93   :noindex:
94
95.. autoclass:: waeup.kofa.students.permissions.PayStudent()
96   :noindex:
97
98.. autoclass:: waeup.kofa.students.permissions.HandleAccommodation()
99   :noindex:
100
101.. autoclass:: waeup.kofa.students.permissions.UploadStudentFile()
102   :noindex:
103
104.. autoclass:: waeup.kofa.students.permissions.ClearStudent()
105   :noindex:
106
107.. autoclass:: waeup.kofa.students.permissions.TriggerTransition()
108   :noindex:
109
110.. autoclass:: waeup.kofa.students.permissions.LoginAsStudent()
111   :noindex:
112
113.. autoclass:: waeup.kofa.students.permissions.EditStudyLevel()
114   :noindex:
115
116.. autoclass:: waeup.kofa.students.permissions.ClearStudent()
117   :noindex:
118
119.. autoclass:: waeup.kofa.students.permissions.ValidateStudent()
120   :noindex:
121
122Global Roles
123============
124
125Global or site roles are assigned portal-wide. In contrast to local roles, users have this role in every context.
126
127Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks.
128
129The highly specialized roles are:
130
131.. autoclass:: waeup.kofa.permissions.AcademicsOfficer()
132   :noindex:
133
134.. autoclass:: waeup.kofa.permissions.AcademicsManager()
135   :noindex:
136
137.. autoclass:: waeup.kofa.permissions.DataCenterManager()
138   :noindex:
139
140.. autoclass:: waeup.kofa.permissions.ImportManager()
141   :noindex:
142
143.. autoclass:: waeup.kofa.permissions.ExportManager()
144   :noindex:
145
146.. autoclass:: waeup.kofa.permissions.ACManager()
147   :noindex:
148
149.. autoclass:: waeup.kofa.permissions.UsersManager()
150   :noindex:
151
152.. autoclass:: waeup.kofa.permissions.WorkflowManager()
153   :noindex:
154
155In contrast to these specialized sets of permissions, there are two sets which delegate extensive powers on portal managers.
156
157.. autoclass:: waeup.kofa.permissions.PortalManager
158   :noindex:
159
160.. autoclass:: waeup.kofa.permissions.CCOfficer()
161   :noindex:
162
163Local Roles
164===========
165
166Dynamic Roles
167=============
Note: See TracBrowser for help on using the repository browser.