[12920] | 1 | Permissions and Roles |
---|
| 2 | ********************* |
---|
[4127] | 3 | |
---|
[7819] | 4 | Permissions and roles used in a Kofa portal. |
---|
[4127] | 5 | |
---|
[5140] | 6 | .. :doctest: |
---|
[7819] | 7 | .. :layer: waeup.kofa.testing.KofaUnitTestLayer |
---|
[4127] | 8 | |
---|
[12921] | 9 | Convenience Functions |
---|
[6157] | 10 | ===================== |
---|
[4127] | 11 | |
---|
[7811] | 12 | :mod:`waeup.kofa` offers some convenience functions to handle security |
---|
[6157] | 13 | roles. |
---|
| 14 | |
---|
[7186] | 15 | :func:`get_all_roles` |
---|
| 16 | --------------------- |
---|
[6157] | 17 | |
---|
[7819] | 18 | Gives us all roles defined in Kofa. We get tuples of |
---|
[6157] | 19 | kind |
---|
| 20 | |
---|
| 21 | ``(<ROLE-NAME>, <ROLE>)`` |
---|
| 22 | |
---|
| 23 | where ``<ROLE-NAME>`` is the name under which a role was registered |
---|
| 24 | with the ZCA (a string) and ``<ROLE>`` is the real role object. |
---|
| 25 | |
---|
[7811] | 26 | >>> from waeup.kofa.permissions import get_all_roles |
---|
[7186] | 27 | >>> get_all_roles() |
---|
[6333] | 28 | <generator object...at 0x...> |
---|
[4127] | 29 | |
---|
[7186] | 30 | >>> sorted(list(get_all_roles())) |
---|
[7811] | 31 | [(u'waeup.ACManager', <waeup.kofa.permissions.ACManager object at 0x...] |
---|
[6157] | 32 | |
---|
[7186] | 33 | :func:`get_waeup_roles` |
---|
| 34 | ----------------------- |
---|
[6157] | 35 | |
---|
[7819] | 36 | Gives us all roles, except the Kofa specific roles. We can get a list |
---|
[6157] | 37 | with or without local roles: |
---|
| 38 | |
---|
[7811] | 39 | >>> from waeup.kofa.permissions import get_waeup_roles |
---|
[7186] | 40 | >>> len(list(get_waeup_roles())) |
---|
[14602] | 41 | 27 |
---|
[6157] | 42 | |
---|
[7186] | 43 | >>> len(list(get_waeup_roles(also_local=True))) |
---|
[14602] | 44 | 48 |
---|
[6157] | 45 | |
---|
| 46 | |
---|
[7186] | 47 | :func:`get_waeup_role_names` |
---|
| 48 | ---------------------------- |
---|
[6157] | 49 | |
---|
[7819] | 50 | We can get all role names defined in Kofa (except 'local' |
---|
[6157] | 51 | roles that are meant not to be assigned globally): |
---|
| 52 | |
---|
[7811] | 53 | >>> from waeup.kofa.permissions import get_waeup_role_names |
---|
[7186] | 54 | >>> list(get_waeup_role_names()) |
---|
[7334] | 55 | [u'waeup.ACManager', |
---|
[8367] | 56 | u'waeup.AcademicsManager', |
---|
[7334] | 57 | u'waeup.AcademicsOfficer', |
---|
| 58 | u'waeup.AccommodationOfficer', |
---|
| 59 | u'waeup.Applicant', |
---|
[10226] | 60 | u'waeup.ApplicationsManager', |
---|
[7168] | 61 | u'waeup.ApplicationsOfficer', |
---|
[10246] | 62 | u'waeup.BursaryOfficer', |
---|
[8367] | 63 | u'waeup.DataCenterManager', |
---|
[12439] | 64 | u'waeup.DocumentsManager', |
---|
| 65 | u'waeup.DocumentsOfficer', |
---|
[10177] | 66 | u'waeup.ExportManager', |
---|
[14602] | 67 | u'waeup.FingerprintDevice', |
---|
[8367] | 68 | u'waeup.ImportManager', |
---|
[7334] | 69 | u'waeup.PortalManager', |
---|
[12844] | 70 | u'waeup.ReportsManager', |
---|
[12900] | 71 | u'waeup.ReportsOfficer', |
---|
[7334] | 72 | u'waeup.Student', |
---|
[9335] | 73 | u'waeup.StudentImpersonator', |
---|
[7334] | 74 | u'waeup.StudentsClearanceOfficer', |
---|
| 75 | u'waeup.StudentsCourseAdviser', |
---|
| 76 | u'waeup.StudentsManager', |
---|
[8367] | 77 | u'waeup.StudentsOfficer', |
---|
[10278] | 78 | u'waeup.TranscriptOfficer', |
---|
[9300] | 79 | u'waeup.UsersManager', |
---|
[10013] | 80 | u'waeup.WorkflowManager', |
---|
| 81 | u'waeup.xmlrpcusers1'] |
---|
[6202] | 82 | |
---|
| 83 | :func:`get_users_with_local_roles` |
---|
| 84 | ---------------------------------- |
---|
| 85 | |
---|
| 86 | We can get all users and their roles for a certain context |
---|
| 87 | object. This even works for objects that cannot have local roles as |
---|
| 88 | they are not stored in the ZODB: |
---|
| 89 | |
---|
[7811] | 90 | >>> from waeup.kofa.permissions import get_users_with_local_roles |
---|
[6202] | 91 | >>> mycontext = object() |
---|
| 92 | >>> people_and_roles = get_users_with_local_roles(mycontext) |
---|
| 93 | >>> people_and_roles |
---|
[6333] | 94 | <generator object...at 0x...> |
---|
[6202] | 95 | |
---|
| 96 | In this case, the result is empty: |
---|
| 97 | |
---|
| 98 | >>> people_and_roles = list(people_and_roles) |
---|
| 99 | >>> people_and_roles |
---|
| 100 | [] |
---|
[9309] | 101 | |
---|
| 102 | :func:`get_users_with_role` |
---|
| 103 | --------------------------- |
---|
| 104 | |
---|
| 105 | We can get all users with a specific role for a certain context |
---|
| 106 | object: |
---|
| 107 | |
---|
| 108 | >>> from waeup.kofa.permissions import get_users_with_role |
---|
| 109 | >>> mycontext = object() |
---|
| 110 | >>> people = get_users_with_role('waeup.portalManager', mycontext) |
---|
| 111 | >>> people |
---|
| 112 | <generator object...at 0x...> |
---|
| 113 | |
---|
| 114 | In this case, the result is empty: |
---|
| 115 | |
---|
| 116 | >>> people = list(people) |
---|
| 117 | >>> people |
---|
[10013] | 118 | [] |
---|