Context navigation

source: main/waeup.kofa/trunk/src/waeup/kofa/permissions.py @ 12837

Last change on this file since 12837 was 12835, checked in by Henrik Bettermann, 10 years ago
Add some docstrings.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 21.4 KB

Rev	Line
[7193]	1	## $Id: permissions.py 12835 2015-03-31 14:50:49Z henrik $
	2	##
	3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
[3521]	18	import grok
[6157]	19	from zope.component import getUtilitiesFor
[6144]	20	from zope.interface import Interface
[6163]	21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[7811]	22	from waeup.kofa.interfaces import ILocalRolesAssignable
[3521]	23
[4789]	24	class Public(grok.Permission):
[12835]	25	"""The everyone-can-do-this-permission is being applied to views/pages
	26	that are used by everyone.
[4789]	27	"""
	28	grok.name('waeup.Public')
[6142]	29
[5433]	30	class Anonymous(grok.Permission):
[12835]	31	"""The waeup.Anonymous permission is applied to
	32	views/pages which are dedicated to anonymous users only. Logged-in users
	33	can't access these views.
[5433]	34	"""
[6142]	35	grok.name('waeup.Anonymous')
[4789]	36
[7184]	37	class Authenticated(grok.Permission):
[12835]	38	"""The waeup.Authenticated permission is applied to pages
	39	which can only be used by logged-in users and not by anonymous users.
[7184]	40	"""
	41	grok.name('waeup.Authenticated')
[4789]	42
[12835]	43	class ViewAcademics(grok.Permission):
	44	"""The waeup.viewAcademics permission is applied to all
	45	views of the Academic Section. Users with this permission can view but
	46	not edit content in the Academic Section.
	47	"""
[7184]	48	grok.name('waeup.viewAcademics')
	49
[12835]	50	class ManageAcademics(grok.Permission):
	51	"""The waeup.manageAcademics permission is applied to all edit
	52	pages in the Academic Section. Users who have this permission
	53	can change/edit context objects.
	54	"""
[8367]	55	grok.name('waeup.manageAcademics')
[4789]	56
[8367]	57	class ManagePortal(grok.Permission):
[12835]	58	"""The waeup.managePortal permission is used for very few pages
	59	(e.g. the DatacenterSettings page) and is dedicated to portal managers.
	60	It is furthermore used to control delete methods of container
	61	pages in the Academic Section. The waeup.manageAcademics permission,
	62	described above, does enable users to edit content but not to
	63	remove sub-containers, like faculties, departments or certificates.
	64	Users must have the waeup.managePorta permission too to remove
	65	entire containers.
	66	"""
[8367]	67	grok.name('waeup.managePortal')
	68
[4789]	69	class ManageUsers(grok.Permission):
[12835]	70	"""The waeup.manageUsers permission is a real superuser permission
	71	and therefore very 'dangerous'. It allows to add, remove or edit
	72	user accounts. Editing a user account includes the option to assign
	73	or remove roles. That means that a user with this permission can lock out
	74	other users by either removing their account or by removing all
	75	permsissions. Only the system administrator will be able to revert this.
	76	"""
[4789]	77	grok.name('waeup.manageUsers')
[6142]	78
[7205]	79	class ShowStudents(grok.Permission):
[12835]	80	"""Users with this permission can see the 'Students' tab and
	81	search and browse all students. If they also have the waeup.exportData
	82	permission they can export all student data too.
	83
	84	Bursary or Department Officers don't have the general waeup.exportData
	85	permission (see Roles section) and are only allowed to export bursary
	86	or payments overview data respectively.
	87	"""
[7205]	88	grok.name('waeup.showStudents')
	89
[11862]	90	class ClearAllStudents(grok.Permission):
[12835]	91	"""The waeup.clearAllStudents permission allows to clear all students
	92	in a department.
	93	"""
[11862]	94	grok.name('waeup.clearAllStudents')
	95
[10632]	96	class EditScores(grok.Permission):
[12835]	97	"""The waeup.editScores permission allows to edit scores in course tickets.
	98	"""
[10632]	99	grok.name('waeup.editScores')
	100
[7163]	101	class EditUser(grok.Permission):
[12835]	102	"""The waeup.editUser permission is required for editing
	103	single user accounts.
	104	"""
[7163]	105	grok.name('waeup.editUser')
	106
[6127]	107	class ManageDataCenter(grok.Permission):
[12835]	108	"""The waeup.manageDataCenter permission allows to access all pages
	109	in the data center. It does not automatically allow to process data.
	110	"""
[6127]	111	grok.name('waeup.manageDataCenter')
[6142]	112
[8367]	113	class ImportData(grok.Permission):
[12835]	114	"""The waeup.importData permission allows to import any kind of portal
	115	data.
	116	"""
[8367]	117	grok.name('waeup.importData')
	118
[10177]	119	class ExportData(grok.Permission):
[12835]	120	"""The waeup.exportData permission allows to export any kind of portal
	121	data.
	122	"""
[10177]	123	grok.name('waeup.exportData')
	124
[10279]	125	class ExportPaymentsOverview(grok.Permission):
	126	grok.name('waeup.exportPaymentsOverview')
	127
	128	class ExportBursaryData(grok.Permission):
	129	grok.name('waeup.exportBursaryData')
	130
[10278]	131	class ViewTranscript(grok.Permission):
	132	grok.name('waeup.viewTranscript')
	133
[6907]	134	class ManagePortalConfiguration(grok.Permission):
[12835]	135	"""The waeup.managePortalConfiguration permission allows to
	136	edit global and sessional portal configuration data.
	137	"""
[6907]	138	grok.name('waeup.managePortalConfiguration')
[6155]	139
[7181]	140	class ManageACBatches(grok.Permission):
[12835]	141	"""The waeup.manageACBatches permission allows to view and
	142	manage accesscodes.
	143	"""
[7181]	144	grok.name('waeup.manageACBatches')
	145
[11673]	146	class PutBiometricDataPermission(grok.Permission):
[12835]	147	"""This permission allows to upload/change biometric data.
[11673]	148	"""
	149	grok.name('waeup.putBiometricData')
	150
[11665]	151	class GetBiometricDataPermission(grok.Permission):
[12835]	152	"""This permission allows to read biometric data.
[11665]	153	"""
	154	grok.name('waeup.getBiometricData')
	155
	156
[6125]	157	# Local Roles
[10226]	158	class ApplicationsManager(grok.Role):
	159	grok.name('waeup.local.ApplicationsManager')
	160	grok.title(u'Applications Manager')
	161	grok.permissions('waeup.viewAcademics')
	162
[7185]	163	class DepartmentManager(grok.Role):
	164	grok.name('waeup.local.DepartmentManager')
	165	grok.title(u'Department Manager')
[10248]	166	grok.permissions('waeup.manageAcademics',
	167	'waeup.showStudents',
	168	'waeup.exportData')
[6142]	169
[10279]	170	class DepartmentOfficer(grok.Role):
	171	grok.name('waeup.local.DepartmentOfficer')
	172	grok.title(u'Department Officer')
	173	grok.permissions('waeup.showStudents',
	174	'waeup.viewAcademics',
	175	'waeup.exportPaymentsOverview')
	176
[6655]	177	class ClearanceOfficer(grok.Role):
[7168]	178	"""The clearance officer role is meant for the
	179	assignment of dynamic roles only.
	180	"""
[6655]	181	grok.name('waeup.local.ClearanceOfficer')
	182	grok.title(u'Clearance Officer')
[10248]	183	grok.permissions('waeup.showStudents',
	184	'waeup.viewAcademics',
[11862]	185	'waeup.exportData',
	186	'waeup.clearAllStudents')
[6655]	187
[10639]	188	class LocalStudentsManager(grok.Role):
	189	"""The local students manager role is meant for the
	190	assignment of dynamic roles only.
	191	"""
	192	grok.name('waeup.local.LocalStudentsManager')
	193	grok.title(u'Students Manager')
	194	grok.permissions('waeup.showStudents',
	195	'waeup.viewAcademics',
	196	'waeup.exportData')
	197
	198	class LocalWorkflowManager(grok.Role):
	199	"""The local workflow manager role is meant for the
	200	assignment of dynamic roles only.
	201	"""
	202	grok.name('waeup.local.LocalWorkflowManager')
	203	grok.title(u'Student Workflow Manager')
	204	grok.permissions('waeup.showStudents',
	205	'waeup.viewAcademics',
	206	'waeup.exportData')
	207
[8962]	208	class UGClearanceOfficer(grok.Role):
	209	"""The clearance officer role is meant for the
	210	assignment of dynamic roles only.
	211	"""
	212	grok.name('waeup.local.UGClearanceOfficer')
	213	grok.title(u'UG Clearance Officer')
[10248]	214	grok.permissions('waeup.showStudents',
	215	'waeup.viewAcademics',
[11862]	216	'waeup.exportData',
	217	'waeup.clearAllStudents')
[8962]	218
	219	class PGClearanceOfficer(grok.Role):
	220	"""The clearance officer role is meant for the
	221	assignment of dynamic roles only.
	222	"""
	223	grok.name('waeup.local.PGClearanceOfficer')
	224	grok.title(u'PG Clearance Officer')
[10248]	225	grok.permissions('waeup.showStudents',
	226	'waeup.viewAcademics',
[11862]	227	'waeup.exportData',
	228	'waeup.clearAllStudents')
[8962]	229
[7334]	230	class CourseAdviser100(grok.Role):
[7335]	231	"""The 100 level course adviser role is meant for the
[7168]	232	assignment of dynamic roles only.
	233	"""
[7334]	234	grok.name('waeup.local.CourseAdviser100')
	235	grok.title(u'Course Adviser 100L')
[10248]	236	grok.permissions('waeup.showStudents',
	237	'waeup.viewAcademics',
	238	'waeup.exportData')
[6655]	239
[7334]	240	class CourseAdviser200(grok.Role):
[7335]	241	"""The course 200 level adviser role is meant for the
[7334]	242	assignment of dynamic roles only.
	243	"""
	244	grok.name('waeup.local.CourseAdviser200')
	245	grok.title(u'Course Adviser 200L')
[10248]	246	grok.permissions('waeup.showStudents',
	247	'waeup.viewAcademics',
	248	'waeup.exportData')
[7334]	249
	250	class CourseAdviser300(grok.Role):
[7335]	251	"""The 300 level course adviser role is meant for the
[7334]	252	assignment of dynamic roles only.
	253	"""
	254	grok.name('waeup.local.CourseAdviser300')
	255	grok.title(u'Course Adviser 300L')
[10248]	256	grok.permissions('waeup.showStudents',
	257	'waeup.viewAcademics',
	258	'waeup.exportData')
[7334]	259
	260	class CourseAdviser400(grok.Role):
[7335]	261	"""The 400 level course adviser role is meant for the
[7334]	262	assignment of dynamic roles only.
	263	"""
	264	grok.name('waeup.local.CourseAdviser400')
	265	grok.title(u'Course Adviser 400L')
[10248]	266	grok.permissions('waeup.showStudents',
	267	'waeup.viewAcademics',
	268	'waeup.exportData')
[7334]	269
	270	class CourseAdviser500(grok.Role):
[7335]	271	"""The 500 level course adviser role is meant for the
[7334]	272	assignment of dynamic roles only.
	273	"""
	274	grok.name('waeup.local.CourseAdviser500')
	275	grok.title(u'Course Adviser 500L')
[10248]	276	grok.permissions('waeup.showStudents',
	277	'waeup.viewAcademics',
	278	'waeup.exportData')
[7334]	279
	280	class CourseAdviser600(grok.Role):
[7335]	281	"""The 600 level course adviser role is meant for the
[7334]	282	assignment of dynamic roles only.
	283	"""
	284	grok.name('waeup.local.CourseAdviser600')
	285	grok.title(u'Course Adviser 600L')
[10248]	286	grok.permissions('waeup.showStudents',
	287	'waeup.viewAcademics',
	288	'waeup.exportData')
[7334]	289
[10064]	290	class CourseAdviser700(grok.Role):
	291	"""The 700 level course adviser role is meant for the
	292	assignment of dynamic roles only.
	293	"""
	294	grok.name('waeup.local.CourseAdviser700')
	295	grok.title(u'Course Adviser 700L')
[10248]	296	grok.permissions('waeup.showStudents',
	297	'waeup.viewAcademics',
	298	'waeup.exportData')
[10064]	299
	300	class CourseAdviser800(grok.Role):
	301	"""The 800 level course adviser role is meant for the
	302	assignment of dynamic roles only.
	303	"""
	304	grok.name('waeup.local.CourseAdviser800')
	305	grok.title(u'Course Adviser 800L')
[10248]	306	grok.permissions('waeup.showStudents',
	307	'waeup.viewAcademics',
	308	'waeup.exportData')
[10064]	309
[9002]	310	class Lecturer(grok.Role):
	311	"""The lecturer role is meant for the
	312	assignment of dynamic roles only.
	313	"""
	314	grok.name('waeup.local.Lecturer')
	315	grok.title(u'Lecturer')
[10248]	316	grok.permissions('waeup.showStudents',
[10632]	317	'waeup.editScores',
[10248]	318	'waeup.viewAcademics',
	319	'waeup.exportData')
[9002]	320
[7163]	321	class Owner(grok.Role):
	322	grok.name('waeup.local.Owner')
	323	grok.title(u'Owner')
	324	grok.permissions('waeup.editUser')
	325
[7178]	326	# Site Roles
[7185]	327	class AcademicsOfficer(grok.Role):
	328	grok.name('waeup.AcademicsOfficer')
[7188]	329	grok.title(u'Academics Officer (view only)')
[7184]	330	grok.permissions('waeup.viewAcademics')
[3521]	331
[8367]	332	class AcademicsManager(grok.Role):
	333	grok.name('waeup.AcademicsManager')
	334	grok.title(u'Academics Manager')
[12835]	335	title = u'Academics Manager'
[8367]	336	grok.permissions('waeup.viewAcademics',
	337	'waeup.manageAcademics')
	338
[7181]	339	class ACManager(grok.Role):
	340	grok.name('waeup.ACManager')
	341	grok.title(u'Access Code Manager')
	342	grok.permissions('waeup.manageACBatches')
	343
[8367]	344	class DataCenterManager(grok.Role):
	345	grok.name('waeup.DataCenterManager')
	346	grok.title(u'Datacenter Manager')
	347	grok.permissions('waeup.manageDataCenter')
	348
	349	class ImportManager(grok.Role):
	350	grok.name('waeup.ImportManager')
	351	grok.title(u'Import Manager')
	352	grok.permissions('waeup.manageDataCenter',
	353	'waeup.importData')
	354
[10177]	355	class ExportManager(grok.Role):
	356	grok.name('waeup.ExportManager')
	357	grok.title(u'Export Manager')
	358	grok.permissions('waeup.manageDataCenter',
	359	'waeup.exportData')
	360
[10246]	361	class BursaryOfficer(grok.Role):
	362	grok.name('waeup.BursaryOfficer')
	363	grok.title(u'Bursary Officer')
[10279]	364	grok.permissions('waeup.showStudents',
	365	'waeup.viewAcademics',
	366	'waeup.exportBursaryData')
[10246]	367
[8367]	368	class UsersManager(grok.Role):
	369	grok.name('waeup.UsersManager')
	370	grok.title(u'Users Manager')
[9259]	371	grok.permissions('waeup.manageUsers',
	372	'waeup.editUser')
[8367]	373
[9300]	374	class WorkflowManager(grok.Role):
	375	grok.name('waeup.WorkflowManager')
	376	grok.title(u'Workflow Manager')
[9299]	377	grok.permissions('waeup.triggerTransition')
	378
[4789]	379	class PortalManager(grok.Role):
[12835]	380	"""The portal manager role is the maximum set of Kofa permissions
	381	which are needed to manage the entire portal. This set must not
	382	be changed or customized. It is recommended to assign this role only
	383	to only a few portal administrators. A less dangerous manager role is the
	384	CCOfficer role described below. For the most tasks the CCOfficer role
	385	is sufficient.
	386	"""
[4789]	387	grok.name('waeup.PortalManager')
[6159]	388	grok.title(u'Portal Manager')
[9259]	389	grok.permissions('waeup.managePortal',
	390	'waeup.manageUsers',
[8374]	391	'waeup.viewAcademics', 'waeup.manageAcademics',
[8367]	392	'waeup.manageACBatches',
[9259]	393	'waeup.manageDataCenter',
	394	'waeup.importData',
[10177]	395	'waeup.exportData',
[10278]	396	'waeup.viewTranscript',
[12440]	397	'waeup.viewDocuments', 'waeup.manageDocuments',
[7184]	398	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	399	'waeup.manageApplication', 'waeup.handleApplication',
[7250]	400	'waeup.viewApplicantsTab', 'waeup.payApplicant',
[8565]	401	'waeup.viewApplicationStatistics',
[7250]	402	'waeup.viewStudent', 'waeup.manageStudent',
	403	'waeup.clearStudent', 'waeup.payStudent',
	404	'waeup.uploadStudentFile', 'waeup.showStudents',
[11862]	405	'waeup.clearAllStudents',
[10632]	406	'waeup.editScores',
[9273]	407	'waeup.triggerTransition',
[7250]	408	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
[9186]	409	'waeup.handleAccommodation',
[7205]	410	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	411	'waeup.editUser',
[9637]	412	'waeup.loginAsStudent',
	413	'waeup.manageReports',
[9645]	414	'waeup.manageJobs',
[7240]	415	)
[4789]	416
[9259]	417	class CCOfficer(grok.Role):
[12835]	418	"""The Computer Center Officer role is basically a copy
	419	of the the PortalManager role. Some 'dangerous' permissions are excluded
	420	by commenting them out (see source code). If officers need to gain more
	421	access rights than defined in this role, do not hastily switch to the
	422	PortalManager role but add further manager roles instead. These additional
	423	roles could be: UsersManager, ACManager, ImportManager, WorkflowManager
	424	or StudentImpersonator.
[9259]	425	"""
[10346]	426	grok.baseclass()
[9259]	427	grok.name('waeup.CCOfficer')
	428	grok.title(u'Computer Center Officer')
	429	grok.permissions(#'waeup.managePortal',
	430	#'waeup.manageUsers',
	431	'waeup.viewAcademics', 'waeup.manageAcademics',
	432	#'waeup.manageACBatches',
	433	'waeup.manageDataCenter',
	434	#'waeup.importData',
[10243]	435	'waeup.exportData',
[10278]	436	'waeup.viewTranscript',
[12440]	437	'waeup.viewDocuments', 'waeup.manageDocuments',
[9259]	438	'waeup.managePortalConfiguration', 'waeup.viewApplication',
	439	'waeup.manageApplication', 'waeup.handleApplication',
	440	'waeup.viewApplicantsTab', 'waeup.payApplicant',
	441	'waeup.viewApplicationStatistics',
	442	'waeup.viewStudent', 'waeup.manageStudent',
	443	'waeup.clearStudent', 'waeup.payStudent',
	444	'waeup.uploadStudentFile', 'waeup.showStudents',
[11862]	445	'waeup.clearAllStudents',
[10632]	446	'waeup.editScores',
[9273]	447	#'waeup.triggerTransition',
[9259]	448	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
	449	'waeup.handleAccommodation',
	450	'waeup.viewHostels', 'waeup.manageHostels',
[9335]	451	#'waeup.editUser',
[9637]	452	#'waeup.loginAsStudent',
	453	'waeup.manageReports',
[9645]	454	#'waeup.manageJobs',
[9259]	455	)
	456
[7186]	457	def get_all_roles():
[6157]	458	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	459	"""
	460	return getUtilitiesFor(IRole)
	461
[7186]	462	def get_waeup_roles(also_local=False):
[7819]	463	"""Get all Kofa roles.
[6157]	464
[7819]	465	Kofa roles are ordinary roles whose id by convention starts with
[6157]	466	a ``waeup.`` prefix.
	467
	468	If `also_local` is ``True`` (``False`` by default), also local
[7819]	469	roles are returned. Local Kofa roles are such whose id starts
[6157]	470	with ``waeup.local.`` prefix (this is also a convention).
	471
	472	Returns a generator of the found roles.
	473	"""
[7186]	474	for name, item in get_all_roles():
[6157]	475	if not name.startswith('waeup.'):
[7819]	476	# Ignore non-Kofa roles...
[4789]	477	continue
[6157]	478	if not also_local and name.startswith('waeup.local.'):
	479	# Ignore local roles...
[6045]	480	continue
[6157]	481	yield item
[4789]	482
[7186]	483	def get_waeup_role_names():
[7819]	484	"""Get the ids of all Kofa roles.
[6157]	485
[7819]	486	See :func:`get_waeup_roles` for what a 'KofaRole' is.
[6157]	487
[7819]	488	This function returns a sorted list of Kofa role names.
[6157]	489	"""
[7186]	490	return sorted([x.id for x in get_waeup_roles()])
[6157]	491
[6144]	492	class LocalRolesAssignable(grok.Adapter):
	493	"""Default implementation for `ILocalRolesAssignable`.
	494
	495	This adapter returns a list for dictionaries for objects for which
	496	we want to know the roles assignable to them locally.
	497
	498	The returned dicts contain a ``name`` and a ``title`` entry which
	499	give a role (``name``) and a description, for which kind of users
	500	the permission is meant to be used (``title``).
	501
	502	Having this adapter registered we make sure, that for each normal
	503	object we get a valid `ILocalRolesAssignable` adapter.
	504
	505	Objects that want to offer certain local roles, can do so by
[6162]	506	setting a (preferably class-) attribute to a list of role ids.
[6144]	507
	508	You can also define different adapters for different contexts to
	509	have different role lookup mechanisms become available. But in
	510	normal cases it should be sufficient to use this basic adapter.
	511	"""
	512	grok.context(Interface)
	513	grok.provides(ILocalRolesAssignable)
	514
	515	_roles = []
	516
	517	def __init__(self, context):
	518	self.context = context
[6162]	519	role_ids = getattr(context, 'local_roles', self._roles)
[7186]	520	self._roles = [(name, role) for name, role in get_all_roles()
[6162]	521	if name in role_ids]
[6144]	522	return
	523
	524	def __call__(self):
	525	"""Get a list of dictionaries containing ``names`` (the roles to
	526	assign) and ``titles`` (some description of the type of user
	527	to assign each role to).
	528	"""
[7334]	529	list_of_dict = [dict(
[6162]	530	name=name,
	531	title=role.title,
[6163]	532	description=role.description)
[7334]	533	for name, role in self._roles]
	534	return sorted(list_of_dict, key=lambda x: x['name'])
[6144]	535
[8774]	536	def get_all_users():
	537	"""Get a list of dictionaries.
	538	"""
	539	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
	540	for key, val in users:
	541	yield(dict(name=key, val=val))
	542
[6163]	543	def get_users_with_local_roles(context):
	544	"""Get a list of dicts representing the local roles set for `context`.
	545
	546	Each dict returns `user_name`, `user_title`, `local_role`,
	547	`local_role_title`, and `setting` for each entry in the local
	548	roles map of the `context` object.
	549	"""
[6202]	550	try:
	551	role_map = IPrincipalRoleMap(context)
	552	except TypeError:
	553	# no map no roles.
	554	raise StopIteration
[6163]	555	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	556	user = grok.getSite()['users'].get(user_name,None)
[7213]	557	user_title = getattr(user, 'title', user_name)
[10227]	558	local_role_title = getattr(
	559	dict(get_all_roles()).get(local_role, None), 'title', None)
[6163]	560	yield dict(user_name = user_name,
	561	user_title = user_title,
	562	local_role = local_role,
	563	local_role_title = local_role_title,
[9309]	564	setting = setting)
	565
	566	def get_users_with_role(role, context):
	567	"""Get a list of dicts representing the usres who have been granted
	568	a role for `context`.
	569	"""
	570	try:
	571	role_map = IPrincipalRoleMap(context)
	572	except TypeError:
	573	# no map no roles.
	574	raise StopIteration
	575	for user_name, setting in role_map.getPrincipalsForRole(role):
	576	user = grok.getSite()['users'].get(user_name,None)
	577	user_title = getattr(user, 'title', user_name)
	578	user_email = getattr(user, 'email', None)
	579	yield dict(user_name = user_name,
	580	user_title = user_title,
	581	user_email = user_email,
	582	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: