Context navigation

source: main/waeup.kofa/trunk/src/waeup/kofa/permissions.py @ 10166

Last change on this file since 10166 was 10064, checked in by Henrik Bettermann, 12 years ago
Add more local course adviser roles.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 14.4 KB

Rev	Line
[7193]	1	## $Id: permissions.py 10064 2013-04-06 04:53:30Z henrik $
	2	##
	3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
[3521]	18	import grok
[6157]	19	from zope.component import getUtilitiesFor
[6144]	20	from zope.interface import Interface
[6163]	21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[7811]	22	from waeup.kofa.interfaces import ILocalRolesAssignable
[3521]	23
[4789]	24	class Public(grok.Permission):
	25	"""Everyone-can-do-this-permission.
	26
	27	This permission is meant to be applied to objects/views/pages
	28	etc., that should be usable/readable by everyone.
	29
	30	We need this to be able to tune default permissions more
	31	restrictive and open up some dedicated objects like the front
	32	page.
	33	"""
	34	grok.name('waeup.Public')
[6142]	35
[5433]	36	class Anonymous(grok.Permission):
	37	"""Only-anonymous-can-do-this-permission.
	38	"""
[6142]	39	grok.name('waeup.Anonymous')
[4789]	40
[7184]	41	class Authenticated(grok.Permission):
	42	"""Only-logged-in-users-can-do-this-permission.
	43	"""
	44	grok.name('waeup.Authenticated')
[4789]	45
[7184]	46	class ViewAcademicsPermission(grok.Permission):
	47	grok.name('waeup.viewAcademics')
	48
[8367]	49	class ManageAcademicsPermission(grok.Permission):
	50	grok.name('waeup.manageAcademics')
[4789]	51
[8367]	52	class ManagePortal(grok.Permission):
	53	grok.name('waeup.managePortal')
	54
[4789]	55	class ManageUsers(grok.Permission):
	56	grok.name('waeup.manageUsers')
[6142]	57
[7205]	58	class ShowStudents(grok.Permission):
	59	grok.name('waeup.showStudents')
	60
[7163]	61	class EditUser(grok.Permission):
	62	grok.name('waeup.editUser')
	63
[6127]	64	class ManageDataCenter(grok.Permission):
	65	grok.name('waeup.manageDataCenter')
[6142]	66
[8367]	67	class ImportData(grok.Permission):
	68	grok.name('waeup.importData')
	69
[6907]	70	class ManagePortalConfiguration(grok.Permission):
	71	grok.name('waeup.managePortalConfiguration')
[6155]	72
[7181]	73	class ManageACBatches(grok.Permission):
	74	grok.name('waeup.manageACBatches')
	75
[6125]	76	# Local Roles
[7185]	77	class DepartmentManager(grok.Role):
	78	grok.name('waeup.local.DepartmentManager')
	79	grok.title(u'Department Manager')
[8367]	80	grok.permissions('waeup.manageAcademics','waeup.showStudents')
[6142]	81
[6655]	82	class ClearanceOfficer(grok.Role):
[7168]	83	"""The clearance officer role is meant for the
	84	assignment of dynamic roles only.
	85	"""
[6655]	86	grok.name('waeup.local.ClearanceOfficer')
	87	grok.title(u'Clearance Officer')
[7217]	88	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	89
[8962]	90	class UGClearanceOfficer(grok.Role):
	91	"""The clearance officer role is meant for the
	92	assignment of dynamic roles only.
	93	"""
	94	grok.name('waeup.local.UGClearanceOfficer')
	95	grok.title(u'UG Clearance Officer')
	96	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	97
	98	class PGClearanceOfficer(grok.Role):
	99	"""The clearance officer role is meant for the
	100	assignment of dynamic roles only.
	101	"""
	102	grok.name('waeup.local.PGClearanceOfficer')
	103	grok.title(u'PG Clearance Officer')
	104	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	105
[7334]	106	class CourseAdviser100(grok.Role):
[7335]	107	"""The 100 level course adviser role is meant for the
[7168]	108	assignment of dynamic roles only.
	109	"""
[7334]	110	grok.name('waeup.local.CourseAdviser100')
	111	grok.title(u'Course Adviser 100L')
	112	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	113
[7334]	114	class CourseAdviser200(grok.Role):
[7335]	115	"""The course 200 level adviser role is meant for the
[7334]	116	assignment of dynamic roles only.
	117	"""
	118	grok.name('waeup.local.CourseAdviser200')
	119	grok.title(u'Course Adviser 200L')
	120	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	121
	122	class CourseAdviser300(grok.Role):
[7335]	123	"""The 300 level course adviser role is meant for the
[7334]	124	assignment of dynamic roles only.
	125	"""
	126	grok.name('waeup.local.CourseAdviser300')
	127	grok.title(u'Course Adviser 300L')
	128	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	129
	130	class CourseAdviser400(grok.Role):
[7335]	131	"""The 400 level course adviser role is meant for the
[7334]	132	assignment of dynamic roles only.
	133	"""
	134	grok.name('waeup.local.CourseAdviser400')
	135	grok.title(u'Course Adviser 400L')
	136	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	137
	138	class CourseAdviser500(grok.Role):
[7335]	139	"""The 500 level course adviser role is meant for the
[7334]	140	assignment of dynamic roles only.
	141	"""
	142	grok.name('waeup.local.CourseAdviser500')
	143	grok.title(u'Course Adviser 500L')
	144	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	145
	146	class CourseAdviser600(grok.Role):
[7335]	147	"""The 600 level course adviser role is meant for the
[7334]	148	assignment of dynamic roles only.
	149	"""
	150	grok.name('waeup.local.CourseAdviser600')
	151	grok.title(u'Course Adviser 600L')
	152	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	153
[10064]	154	class CourseAdviser700(grok.Role):
	155	"""The 700 level course adviser role is meant for the
	156	assignment of dynamic roles only.
	157	"""
	158	grok.name('waeup.local.CourseAdviser700')
	159	grok.title(u'Course Adviser 700L')
	160	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	161
	162	class CourseAdviser800(grok.Role):
	163	"""The 800 level course adviser role is meant for the
	164	assignment of dynamic roles only.
	165	"""
	166	grok.name('waeup.local.CourseAdviser800')
	167	grok.title(u'Course Adviser 800L')
	168	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	169
[9002]	170	class Lecturer(grok.Role):
	171	"""The lecturer role is meant for the
	172	assignment of dynamic roles only.
	173	"""
	174	grok.name('waeup.local.Lecturer')
	175	grok.title(u'Lecturer')
	176	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	177
[7163]	178	class Owner(grok.Role):
	179	grok.name('waeup.local.Owner')
	180	grok.title(u'Owner')
	181	grok.permissions('waeup.editUser')
	182
[7178]	183	# Site Roles
[7185]	184	class AcademicsOfficer(grok.Role):
	185	grok.name('waeup.AcademicsOfficer')
[7188]	186	grok.title(u'Academics Officer (view only)')
[7184]	187	grok.permissions('waeup.viewAcademics')
[3521]	188
[8367]	189	class AcademicsManager(grok.Role):
	190	grok.name('waeup.AcademicsManager')
	191	grok.title(u'Academics Manager')
	192	grok.permissions('waeup.viewAcademics',
	193	'waeup.manageAcademics')
	194
[7181]	195	class ACManager(grok.Role):
	196	grok.name('waeup.ACManager')
	197	grok.title(u'Access Code Manager')
	198	grok.permissions('waeup.manageACBatches')
	199
[8367]	200	class DataCenterManager(grok.Role):
	201	grok.name('waeup.DataCenterManager')
	202	grok.title(u'Datacenter Manager')
	203	grok.permissions('waeup.manageDataCenter')
	204
	205	class ImportManager(grok.Role):
	206	grok.name('waeup.ImportManager')
	207	grok.title(u'Import Manager')
	208	grok.permissions('waeup.manageDataCenter',
	209	'waeup.importData')
	210
	211	class UsersManager(grok.Role):
	212	grok.name('waeup.UsersManager')
	213	grok.title(u'Users Manager')
[9259]	214	grok.permissions('waeup.manageUsers',
	215	'waeup.editUser')
[8367]	216
[9300]	217	class WorkflowManager(grok.Role):
	218	grok.name('waeup.WorkflowManager')
	219	grok.title(u'Workflow Manager')
[9299]	220	grok.permissions('waeup.triggerTransition')
	221
[4789]	222	class PortalManager(grok.Role):
	223	grok.name('waeup.PortalManager')
[6159]	224	grok.title(u'Portal Manager')
[9259]	225	grok.permissions('waeup.managePortal',
	226	'waeup.manageUsers',
[8374]	227	'waeup.viewAcademics', 'waeup.manageAcademics',
[8367]	228	'waeup.manageACBatches',
[9259]	229	'waeup.manageDataCenter',
	230	'waeup.importData',
[7184]	231	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	232	'waeup.manageApplication', 'waeup.handleApplication',
[7250]	233	'waeup.viewApplicantsTab', 'waeup.payApplicant',
[8565]	234	'waeup.viewApplicationStatistics',
[7250]	235	'waeup.viewStudent', 'waeup.manageStudent',
	236	'waeup.clearStudent', 'waeup.payStudent',
	237	'waeup.uploadStudentFile', 'waeup.showStudents',
[9273]	238	'waeup.triggerTransition',
[7250]	239	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
[9186]	240	'waeup.handleAccommodation',
[7205]	241	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	242	'waeup.editUser',
[9637]	243	'waeup.loginAsStudent',
	244	'waeup.manageReports',
[9645]	245	'waeup.manageJobs',
[7240]	246	)
[4789]	247
[9259]	248	class CCOfficer(grok.Role):
[9303]	249	"""This is basically a copy of the the PortalManager class. We exclude some
[9262]	250	'dangerous' permissions by commenting them out.
[9259]	251	"""
	252	grok.name('waeup.CCOfficer')
	253	grok.title(u'Computer Center Officer')
	254	grok.permissions(#'waeup.managePortal',
	255	#'waeup.manageUsers',
	256	'waeup.viewAcademics', 'waeup.manageAcademics',
	257	#'waeup.manageACBatches',
	258	'waeup.manageDataCenter',
	259	#'waeup.importData',
	260	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	261	'waeup.manageApplication', 'waeup.handleApplication',
	262	'waeup.viewApplicantsTab', 'waeup.payApplicant',
	263	'waeup.viewApplicationStatistics',
	264	'waeup.viewStudent', 'waeup.manageStudent',
	265	'waeup.clearStudent', 'waeup.payStudent',
	266	'waeup.uploadStudentFile', 'waeup.showStudents',
[9273]	267	#'waeup.triggerTransition',
[9259]	268	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
	269	'waeup.handleAccommodation',
	270	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	271	#'waeup.editUser',
[9637]	272	#'waeup.loginAsStudent',
	273	'waeup.manageReports',
[9645]	274	#'waeup.manageJobs',
[9259]	275	)
	276
[7186]	277	def get_all_roles():
[6157]	278	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	279	"""
	280	return getUtilitiesFor(IRole)
	281
[7186]	282	def get_waeup_roles(also_local=False):
[7819]	283	"""Get all Kofa roles.
[6157]	284
[7819]	285	Kofa roles are ordinary roles whose id by convention starts with
[6157]	286	a ``waeup.`` prefix.
	287
	288	If `also_local` is ``True`` (``False`` by default), also local
[7819]	289	roles are returned. Local Kofa roles are such whose id starts
[6157]	290	with ``waeup.local.`` prefix (this is also a convention).
	291
	292	Returns a generator of the found roles.
	293	"""
[7186]	294	for name, item in get_all_roles():
[6157]	295	if not name.startswith('waeup.'):
[7819]	296	# Ignore non-Kofa roles...
[4789]	297	continue
[6157]	298	if not also_local and name.startswith('waeup.local.'):
	299	# Ignore local roles...
[6045]	300	continue
[6157]	301	yield item
[4789]	302
[7186]	303	def get_waeup_role_names():
[7819]	304	"""Get the ids of all Kofa roles.
[6157]	305
[7819]	306	See :func:`get_waeup_roles` for what a 'KofaRole' is.
[6157]	307
[7819]	308	This function returns a sorted list of Kofa role names.
[6157]	309	"""
[7186]	310	return sorted([x.id for x in get_waeup_roles()])
[6157]	311
[6144]	312	class LocalRolesAssignable(grok.Adapter):
	313	"""Default implementation for `ILocalRolesAssignable`.
	314
	315	This adapter returns a list for dictionaries for objects for which
	316	we want to know the roles assignable to them locally.
	317
	318	The returned dicts contain a ``name`` and a ``title`` entry which
	319	give a role (``name``) and a description, for which kind of users
	320	the permission is meant to be used (``title``).
	321
	322	Having this adapter registered we make sure, that for each normal
	323	object we get a valid `ILocalRolesAssignable` adapter.
	324
	325	Objects that want to offer certain local roles, can do so by
[6162]	326	setting a (preferably class-) attribute to a list of role ids.
[6144]	327
	328	You can also define different adapters for different contexts to
	329	have different role lookup mechanisms become available. But in
	330	normal cases it should be sufficient to use this basic adapter.
	331	"""
	332	grok.context(Interface)
	333	grok.provides(ILocalRolesAssignable)
	334
	335	_roles = []
	336
	337	def __init__(self, context):
	338	self.context = context
[6162]	339	role_ids = getattr(context, 'local_roles', self._roles)
[7186]	340	self._roles = [(name, role) for name, role in get_all_roles()
[6162]	341	if name in role_ids]
[6144]	342	return
	343
	344	def __call__(self):
	345	"""Get a list of dictionaries containing ``names`` (the roles to
	346	assign) and ``titles`` (some description of the type of user
	347	to assign each role to).
	348	"""
[7334]	349	list_of_dict = [dict(
[6162]	350	name=name,
	351	title=role.title,
[6163]	352	description=role.description)
[7334]	353	for name, role in self._roles]
	354	return sorted(list_of_dict, key=lambda x: x['name'])
[6144]	355
[8774]	356	def get_all_users():
	357	"""Get a list of dictionaries.
	358	"""
	359	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
	360	for key, val in users:
	361	yield(dict(name=key, val=val))
	362
[6163]	363	def get_users_with_local_roles(context):
	364	"""Get a list of dicts representing the local roles set for `context`.
	365
	366	Each dict returns `user_name`, `user_title`, `local_role`,
	367	`local_role_title`, and `setting` for each entry in the local
	368	roles map of the `context` object.
	369	"""
[6202]	370	try:
	371	role_map = IPrincipalRoleMap(context)
	372	except TypeError:
	373	# no map no roles.
	374	raise StopIteration
[6163]	375	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	376	user = grok.getSite()['users'].get(user_name,None)
[7213]	377	user_title = getattr(user, 'title', user_name)
[7186]	378	local_role_title = dict(get_all_roles())[local_role].title
[6163]	379	yield dict(user_name = user_name,
	380	user_title = user_title,
	381	local_role = local_role,
	382	local_role_title = local_role_title,
[9309]	383	setting = setting)
	384
	385	def get_users_with_role(role, context):
	386	"""Get a list of dicts representing the usres who have been granted
	387	a role for `context`.
	388	"""
	389	try:
	390	role_map = IPrincipalRoleMap(context)
	391	except TypeError:
	392	# no map no roles.
	393	raise StopIteration
	394	for user_name, setting in role_map.getPrincipalsForRole(role):
	395	user = grok.getSite()['users'].get(user_name,None)
	396	user_title = getattr(user, 'title', user_name)
	397	user_email = getattr(user, 'email', None)
	398	yield dict(user_name = user_name,
	399	user_title = user_title,
	400	user_email = user_email,
	401	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: