Context navigation

source: main/waeup.kofa/trunk/src/waeup/kofa/permissions.py @ 10245

Last change on this file since 10245 was 10243, checked in by Henrik Bettermann, 12 years ago
Add local BursaryOfficer? role.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 15.1 KB

Rev	Line
[7193]	1	## $Id: permissions.py 10243 2013-05-28 17:29:05Z henrik $
	2	##
	3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
[3521]	18	import grok
[6157]	19	from zope.component import getUtilitiesFor
[6144]	20	from zope.interface import Interface
[6163]	21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[7811]	22	from waeup.kofa.interfaces import ILocalRolesAssignable
[3521]	23
[4789]	24	class Public(grok.Permission):
	25	"""Everyone-can-do-this-permission.
	26
	27	This permission is meant to be applied to objects/views/pages
	28	etc., that should be usable/readable by everyone.
	29
	30	We need this to be able to tune default permissions more
	31	restrictive and open up some dedicated objects like the front
	32	page.
	33	"""
	34	grok.name('waeup.Public')
[6142]	35
[5433]	36	class Anonymous(grok.Permission):
	37	"""Only-anonymous-can-do-this-permission.
	38	"""
[6142]	39	grok.name('waeup.Anonymous')
[4789]	40
[7184]	41	class Authenticated(grok.Permission):
	42	"""Only-logged-in-users-can-do-this-permission.
	43	"""
	44	grok.name('waeup.Authenticated')
[4789]	45
[7184]	46	class ViewAcademicsPermission(grok.Permission):
	47	grok.name('waeup.viewAcademics')
	48
[8367]	49	class ManageAcademicsPermission(grok.Permission):
	50	grok.name('waeup.manageAcademics')
[4789]	51
[8367]	52	class ManagePortal(grok.Permission):
	53	grok.name('waeup.managePortal')
	54
[4789]	55	class ManageUsers(grok.Permission):
	56	grok.name('waeup.manageUsers')
[6142]	57
[7205]	58	class ShowStudents(grok.Permission):
	59	grok.name('waeup.showStudents')
	60
[7163]	61	class EditUser(grok.Permission):
	62	grok.name('waeup.editUser')
	63
[6127]	64	class ManageDataCenter(grok.Permission):
	65	grok.name('waeup.manageDataCenter')
[6142]	66
[8367]	67	class ImportData(grok.Permission):
	68	grok.name('waeup.importData')
	69
[10177]	70	class ExportData(grok.Permission):
	71	grok.name('waeup.exportData')
	72
[6907]	73	class ManagePortalConfiguration(grok.Permission):
	74	grok.name('waeup.managePortalConfiguration')
[6155]	75
[7181]	76	class ManageACBatches(grok.Permission):
	77	grok.name('waeup.manageACBatches')
	78
[6125]	79	# Local Roles
[10226]	80	class ApplicationsManager(grok.Role):
	81	grok.name('waeup.local.ApplicationsManager')
	82	grok.title(u'Applications Manager')
	83	grok.permissions('waeup.viewAcademics')
	84
[7185]	85	class DepartmentManager(grok.Role):
	86	grok.name('waeup.local.DepartmentManager')
	87	grok.title(u'Department Manager')
[8367]	88	grok.permissions('waeup.manageAcademics','waeup.showStudents')
[6142]	89
[10243]	90	class BursaryOfficer(grok.Role):
	91	grok.name('waeup.local.BursaryOfficer')
	92	grok.title(u'Bursary Officer')
	93	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	94
[6655]	95	class ClearanceOfficer(grok.Role):
[7168]	96	"""The clearance officer role is meant for the
	97	assignment of dynamic roles only.
	98	"""
[6655]	99	grok.name('waeup.local.ClearanceOfficer')
	100	grok.title(u'Clearance Officer')
[7217]	101	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	102
[8962]	103	class UGClearanceOfficer(grok.Role):
	104	"""The clearance officer role is meant for the
	105	assignment of dynamic roles only.
	106	"""
	107	grok.name('waeup.local.UGClearanceOfficer')
	108	grok.title(u'UG Clearance Officer')
	109	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	110
	111	class PGClearanceOfficer(grok.Role):
	112	"""The clearance officer role is meant for the
	113	assignment of dynamic roles only.
	114	"""
	115	grok.name('waeup.local.PGClearanceOfficer')
	116	grok.title(u'PG Clearance Officer')
	117	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	118
[7334]	119	class CourseAdviser100(grok.Role):
[7335]	120	"""The 100 level course adviser role is meant for the
[7168]	121	assignment of dynamic roles only.
	122	"""
[7334]	123	grok.name('waeup.local.CourseAdviser100')
	124	grok.title(u'Course Adviser 100L')
	125	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
[6655]	126
[7334]	127	class CourseAdviser200(grok.Role):
[7335]	128	"""The course 200 level adviser role is meant for the
[7334]	129	assignment of dynamic roles only.
	130	"""
	131	grok.name('waeup.local.CourseAdviser200')
	132	grok.title(u'Course Adviser 200L')
	133	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	134
	135	class CourseAdviser300(grok.Role):
[7335]	136	"""The 300 level course adviser role is meant for the
[7334]	137	assignment of dynamic roles only.
	138	"""
	139	grok.name('waeup.local.CourseAdviser300')
	140	grok.title(u'Course Adviser 300L')
	141	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	142
	143	class CourseAdviser400(grok.Role):
[7335]	144	"""The 400 level course adviser role is meant for the
[7334]	145	assignment of dynamic roles only.
	146	"""
	147	grok.name('waeup.local.CourseAdviser400')
	148	grok.title(u'Course Adviser 400L')
	149	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	150
	151	class CourseAdviser500(grok.Role):
[7335]	152	"""The 500 level course adviser role is meant for the
[7334]	153	assignment of dynamic roles only.
	154	"""
	155	grok.name('waeup.local.CourseAdviser500')
	156	grok.title(u'Course Adviser 500L')
	157	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	158
	159	class CourseAdviser600(grok.Role):
[7335]	160	"""The 600 level course adviser role is meant for the
[7334]	161	assignment of dynamic roles only.
	162	"""
	163	grok.name('waeup.local.CourseAdviser600')
	164	grok.title(u'Course Adviser 600L')
	165	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	166
[10064]	167	class CourseAdviser700(grok.Role):
	168	"""The 700 level course adviser role is meant for the
	169	assignment of dynamic roles only.
	170	"""
	171	grok.name('waeup.local.CourseAdviser700')
	172	grok.title(u'Course Adviser 700L')
	173	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	174
	175	class CourseAdviser800(grok.Role):
	176	"""The 800 level course adviser role is meant for the
	177	assignment of dynamic roles only.
	178	"""
	179	grok.name('waeup.local.CourseAdviser800')
	180	grok.title(u'Course Adviser 800L')
	181	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	182
[9002]	183	class Lecturer(grok.Role):
	184	"""The lecturer role is meant for the
	185	assignment of dynamic roles only.
	186	"""
	187	grok.name('waeup.local.Lecturer')
	188	grok.title(u'Lecturer')
	189	grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
	190
[7163]	191	class Owner(grok.Role):
	192	grok.name('waeup.local.Owner')
	193	grok.title(u'Owner')
	194	grok.permissions('waeup.editUser')
	195
[7178]	196	# Site Roles
[7185]	197	class AcademicsOfficer(grok.Role):
	198	grok.name('waeup.AcademicsOfficer')
[7188]	199	grok.title(u'Academics Officer (view only)')
[7184]	200	grok.permissions('waeup.viewAcademics')
[3521]	201
[8367]	202	class AcademicsManager(grok.Role):
	203	grok.name('waeup.AcademicsManager')
	204	grok.title(u'Academics Manager')
	205	grok.permissions('waeup.viewAcademics',
	206	'waeup.manageAcademics')
	207
[7181]	208	class ACManager(grok.Role):
	209	grok.name('waeup.ACManager')
	210	grok.title(u'Access Code Manager')
	211	grok.permissions('waeup.manageACBatches')
	212
[8367]	213	class DataCenterManager(grok.Role):
	214	grok.name('waeup.DataCenterManager')
	215	grok.title(u'Datacenter Manager')
	216	grok.permissions('waeup.manageDataCenter')
	217
	218	class ImportManager(grok.Role):
	219	grok.name('waeup.ImportManager')
	220	grok.title(u'Import Manager')
	221	grok.permissions('waeup.manageDataCenter',
	222	'waeup.importData')
	223
[10177]	224	class ExportManager(grok.Role):
	225	grok.name('waeup.ExportManager')
	226	grok.title(u'Export Manager')
	227	grok.permissions('waeup.manageDataCenter',
	228	'waeup.exportData')
	229
[8367]	230	class UsersManager(grok.Role):
	231	grok.name('waeup.UsersManager')
	232	grok.title(u'Users Manager')
[9259]	233	grok.permissions('waeup.manageUsers',
	234	'waeup.editUser')
[8367]	235
[9300]	236	class WorkflowManager(grok.Role):
	237	grok.name('waeup.WorkflowManager')
	238	grok.title(u'Workflow Manager')
[9299]	239	grok.permissions('waeup.triggerTransition')
	240
[4789]	241	class PortalManager(grok.Role):
	242	grok.name('waeup.PortalManager')
[6159]	243	grok.title(u'Portal Manager')
[9259]	244	grok.permissions('waeup.managePortal',
	245	'waeup.manageUsers',
[8374]	246	'waeup.viewAcademics', 'waeup.manageAcademics',
[8367]	247	'waeup.manageACBatches',
[9259]	248	'waeup.manageDataCenter',
	249	'waeup.importData',
[10177]	250	'waeup.exportData',
[7184]	251	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	252	'waeup.manageApplication', 'waeup.handleApplication',
[7250]	253	'waeup.viewApplicantsTab', 'waeup.payApplicant',
[8565]	254	'waeup.viewApplicationStatistics',
[7250]	255	'waeup.viewStudent', 'waeup.manageStudent',
	256	'waeup.clearStudent', 'waeup.payStudent',
	257	'waeup.uploadStudentFile', 'waeup.showStudents',
[9273]	258	'waeup.triggerTransition',
[7250]	259	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
[9186]	260	'waeup.handleAccommodation',
[7205]	261	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	262	'waeup.editUser',
[9637]	263	'waeup.loginAsStudent',
	264	'waeup.manageReports',
[9645]	265	'waeup.manageJobs',
[7240]	266	)
[4789]	267
[9259]	268	class CCOfficer(grok.Role):
[9303]	269	"""This is basically a copy of the the PortalManager class. We exclude some
[9262]	270	'dangerous' permissions by commenting them out.
[9259]	271	"""
	272	grok.name('waeup.CCOfficer')
	273	grok.title(u'Computer Center Officer')
	274	grok.permissions(#'waeup.managePortal',
	275	#'waeup.manageUsers',
	276	'waeup.viewAcademics', 'waeup.manageAcademics',
	277	#'waeup.manageACBatches',
	278	'waeup.manageDataCenter',
	279	#'waeup.importData',
[10243]	280	'waeup.exportData',
[9259]	281	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	282	'waeup.manageApplication', 'waeup.handleApplication',
	283	'waeup.viewApplicantsTab', 'waeup.payApplicant',
	284	'waeup.viewApplicationStatistics',
	285	'waeup.viewStudent', 'waeup.manageStudent',
	286	'waeup.clearStudent', 'waeup.payStudent',
	287	'waeup.uploadStudentFile', 'waeup.showStudents',
[9273]	288	#'waeup.triggerTransition',
[9259]	289	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
	290	'waeup.handleAccommodation',
	291	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	292	#'waeup.editUser',
[9637]	293	#'waeup.loginAsStudent',
	294	'waeup.manageReports',
[9645]	295	#'waeup.manageJobs',
[9259]	296	)
	297
[7186]	298	def get_all_roles():
[6157]	299	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	300	"""
	301	return getUtilitiesFor(IRole)
	302
[7186]	303	def get_waeup_roles(also_local=False):
[7819]	304	"""Get all Kofa roles.
[6157]	305
[7819]	306	Kofa roles are ordinary roles whose id by convention starts with
[6157]	307	a ``waeup.`` prefix.
	308
	309	If `also_local` is ``True`` (``False`` by default), also local
[7819]	310	roles are returned. Local Kofa roles are such whose id starts
[6157]	311	with ``waeup.local.`` prefix (this is also a convention).
	312
	313	Returns a generator of the found roles.
	314	"""
[7186]	315	for name, item in get_all_roles():
[6157]	316	if not name.startswith('waeup.'):
[7819]	317	# Ignore non-Kofa roles...
[4789]	318	continue
[6157]	319	if not also_local and name.startswith('waeup.local.'):
	320	# Ignore local roles...
[6045]	321	continue
[6157]	322	yield item
[4789]	323
[7186]	324	def get_waeup_role_names():
[7819]	325	"""Get the ids of all Kofa roles.
[6157]	326
[7819]	327	See :func:`get_waeup_roles` for what a 'KofaRole' is.
[6157]	328
[7819]	329	This function returns a sorted list of Kofa role names.
[6157]	330	"""
[7186]	331	return sorted([x.id for x in get_waeup_roles()])
[6157]	332
[6144]	333	class LocalRolesAssignable(grok.Adapter):
	334	"""Default implementation for `ILocalRolesAssignable`.
	335
	336	This adapter returns a list for dictionaries for objects for which
	337	we want to know the roles assignable to them locally.
	338
	339	The returned dicts contain a ``name`` and a ``title`` entry which
	340	give a role (``name``) and a description, for which kind of users
	341	the permission is meant to be used (``title``).
	342
	343	Having this adapter registered we make sure, that for each normal
	344	object we get a valid `ILocalRolesAssignable` adapter.
	345
	346	Objects that want to offer certain local roles, can do so by
[6162]	347	setting a (preferably class-) attribute to a list of role ids.
[6144]	348
	349	You can also define different adapters for different contexts to
	350	have different role lookup mechanisms become available. But in
	351	normal cases it should be sufficient to use this basic adapter.
	352	"""
	353	grok.context(Interface)
	354	grok.provides(ILocalRolesAssignable)
	355
	356	_roles = []
	357
	358	def __init__(self, context):
	359	self.context = context
[6162]	360	role_ids = getattr(context, 'local_roles', self._roles)
[7186]	361	self._roles = [(name, role) for name, role in get_all_roles()
[6162]	362	if name in role_ids]
[6144]	363	return
	364
	365	def __call__(self):
	366	"""Get a list of dictionaries containing ``names`` (the roles to
	367	assign) and ``titles`` (some description of the type of user
	368	to assign each role to).
	369	"""
[7334]	370	list_of_dict = [dict(
[6162]	371	name=name,
	372	title=role.title,
[6163]	373	description=role.description)
[7334]	374	for name, role in self._roles]
	375	return sorted(list_of_dict, key=lambda x: x['name'])
[6144]	376
[8774]	377	def get_all_users():
	378	"""Get a list of dictionaries.
	379	"""
	380	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
	381	for key, val in users:
	382	yield(dict(name=key, val=val))
	383
[6163]	384	def get_users_with_local_roles(context):
	385	"""Get a list of dicts representing the local roles set for `context`.
	386
	387	Each dict returns `user_name`, `user_title`, `local_role`,
	388	`local_role_title`, and `setting` for each entry in the local
	389	roles map of the `context` object.
	390	"""
[6202]	391	try:
	392	role_map = IPrincipalRoleMap(context)
	393	except TypeError:
	394	# no map no roles.
	395	raise StopIteration
[6163]	396	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	397	user = grok.getSite()['users'].get(user_name,None)
[7213]	398	user_title = getattr(user, 'title', user_name)
[10227]	399	local_role_title = getattr(
	400	dict(get_all_roles()).get(local_role, None), 'title', None)
[6163]	401	yield dict(user_name = user_name,
	402	user_title = user_title,
	403	local_role = local_role,
	404	local_role_title = local_role_title,
[9309]	405	setting = setting)
	406
	407	def get_users_with_role(role, context):
	408	"""Get a list of dicts representing the usres who have been granted
	409	a role for `context`.
	410	"""
	411	try:
	412	role_map = IPrincipalRoleMap(context)
	413	except TypeError:
	414	# no map no roles.
	415	raise StopIteration
	416	for user_name, setting in role_map.getPrincipalsForRole(role):
	417	user = grok.getSite()['users'].get(user_name,None)
	418	user_title = getattr(user, 'title', user_name)
	419	user_email = getattr(user, 'email', None)
	420	yield dict(user_name = user_name,
	421	user_title = user_title,
	422	user_email = user_email,
	423	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: