| 1 | ## $Id: permissions.py 17850 2024-07-16 20:47:30Z henrik $ |
|---|
| 2 | ## |
|---|
| 3 | ## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann |
|---|
| 4 | ## This program is free software; you can redistribute it and/or modify |
|---|
| 5 | ## it under the terms of the GNU General Public License as published by |
|---|
| 6 | ## the Free Software Foundation; either version 2 of the License, or |
|---|
| 7 | ## (at your option) any later version. |
|---|
| 8 | ## |
|---|
| 9 | ## This program is distributed in the hope that it will be useful, |
|---|
| 10 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 11 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 12 | ## GNU General Public License for more details. |
|---|
| 13 | ## |
|---|
| 14 | ## You should have received a copy of the GNU General Public License |
|---|
| 15 | ## along with this program; if not, write to the Free Software |
|---|
| 16 | ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|---|
| 17 | ## |
|---|
| 18 | """ |
|---|
| 19 | Local permissions for applicants/applications. |
|---|
| 20 | """ |
|---|
| 21 | import grok |
|---|
| 22 | |
|---|
| 23 | # Application permissions |
|---|
| 24 | |
|---|
| 25 | class HandleApplication(grok.Permission): |
|---|
| 26 | """The HandleApplication permission is reserved for applicants. |
|---|
| 27 | Applicants 'handle' their data. Officers 'manage' the data. |
|---|
| 28 | """ |
|---|
| 29 | grok.name('waeup.handleApplication') |
|---|
| 30 | |
|---|
| 31 | class ViewApplication(grok.Permission): |
|---|
| 32 | """The ViewApplication permission allows to view application records. |
|---|
| 33 | """ |
|---|
| 34 | grok.name('waeup.viewApplication') |
|---|
| 35 | |
|---|
| 36 | class ViewApplicationsTab(grok.Permission): |
|---|
| 37 | grok.name('waeup.viewApplicantsTab') |
|---|
| 38 | |
|---|
| 39 | class ViewMyApplicationDataTab(grok.Permission): |
|---|
| 40 | grok.name('waeup.viewMyApplicationDataTab') |
|---|
| 41 | |
|---|
| 42 | class ManageApplication(grok.Permission): |
|---|
| 43 | """The ManageApplication permission allows to edit the data. This |
|---|
| 44 | permission is reserved for officers and portal managers. |
|---|
| 45 | """ |
|---|
| 46 | grok.name('waeup.manageApplication') |
|---|
| 47 | |
|---|
| 48 | class ExportApplication(grok.Permission): |
|---|
| 49 | """The ExportApplication permission allows to export the data from a |
|---|
| 50 | container page. |
|---|
| 51 | """ |
|---|
| 52 | grok.name('waeup.exportApplication') |
|---|
| 53 | |
|---|
| 54 | class ViewApplicationStatistics(grok.Permission): |
|---|
| 55 | """The ViewApplicationStatistics permission allows to perform statistical |
|---|
| 56 | evaluations. |
|---|
| 57 | """ |
|---|
| 58 | grok.name('waeup.viewApplicationStatistics') |
|---|
| 59 | |
|---|
| 60 | class PayApplicant(grok.Permission): |
|---|
| 61 | """The PayApplicant permission allows to add an online payment ticket. |
|---|
| 62 | """ |
|---|
| 63 | grok.name('waeup.payApplicant') |
|---|
| 64 | |
|---|
| 65 | class CreateStudents(grok.Permission): |
|---|
| 66 | """The CreateStudents permission allows to create a bunch student |
|---|
| 67 | records from application records. |
|---|
| 68 | """ |
|---|
| 69 | grok.name('waeup.createStudents') |
|---|
| 70 | |
|---|
| 71 | # Local role |
|---|
| 72 | |
|---|
| 73 | class ApplicationOwner(grok.Role): |
|---|
| 74 | """An applicant 'owns' her/his application record and |
|---|
| 75 | gains permissions to handle the record, upload a passport picture or |
|---|
| 76 | add payment tickets. |
|---|
| 77 | """ |
|---|
| 78 | grok.name('waeup.local.ApplicationOwner') |
|---|
| 79 | grok.title(u'Application Owner') |
|---|
| 80 | grok.permissions('waeup.handleApplication', |
|---|
| 81 | 'waeup.viewApplication', |
|---|
| 82 | 'waeup.payApplicant') |
|---|
| 83 | |
|---|
| 84 | # Site roles |
|---|
| 85 | |
|---|
| 86 | class ApplicantRole(grok.Role): |
|---|
| 87 | """This role is dedicated to applicants only. It defines the permissions |
|---|
| 88 | an applicant gains portal-wide. |
|---|
| 89 | """ |
|---|
| 90 | grok.name('waeup.Applicant') |
|---|
| 91 | grok.title(u'Applicant (do not assign)') |
|---|
| 92 | grok.permissions('waeup.viewAcademics', 'waeup.viewMyApplicationDataTab', |
|---|
| 93 | 'waeup.Authenticated') |
|---|
| 94 | |
|---|
| 95 | class ApplicationsOfficer(grok.Role): |
|---|
| 96 | """The Applications Officer is allowed to view all application records. |
|---|
| 97 | """ |
|---|
| 98 | grok.name('waeup.ApplicationsOfficer') |
|---|
| 99 | grok.title(u'Applications Officer (view only)') |
|---|
| 100 | grok.permissions('waeup.viewApplication', 'waeup.viewApplicantsTab') |
|---|
| 101 | |
|---|
| 102 | class ApplicationsManager(grok.Role): |
|---|
| 103 | """The Applications Manager is allowed to edit all application records. |
|---|
| 104 | The role also allows to add payment tickets and view statistics. |
|---|
| 105 | """ |
|---|
| 106 | grok.name('waeup.ApplicationsManager') |
|---|
| 107 | grok.title(u'Applications Manager') |
|---|
| 108 | grok.permissions('waeup.manageApplication', 'waeup.viewApplication', |
|---|
| 109 | 'waeup.viewApplicantsTab', 'waeup.payApplicant', |
|---|
| 110 | 'waeup.viewApplicationStatistics', |
|---|
| 111 | 'waeup.exportApplication') |
|---|
| 112 | |
|---|
| 113 | class StudentsCreator(grok.Role): |
|---|
| 114 | """The Students Creator is allowed to create a bunch of student |
|---|
| 115 | records from application records. |
|---|
| 116 | """ |
|---|
| 117 | grok.name('waeup.StudentsCreator') |
|---|
| 118 | grok.title(u'Students Creator') |
|---|
| 119 | grok.permissions('waeup.viewApplication', |
|---|
| 120 | 'waeup.viewApplicantsTab', |
|---|
| 121 | 'waeup.createStudents') |
|---|
