Context navigation

source: main/waeup.kofa/trunk/src/waeup/kofa/permissions.py @ 10568

Last change on this file since 10568 was 10465, checked in by Henrik Bettermann, 11 years ago
Let transcript officers find their students via the students container page.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 16.6 KB

Line
1	## $Id: permissions.py 10465 2013-08-07 11:18:43Z henrik $
2	##
3	## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4	## This program is free software; you can redistribute it and/or modify
5	## it under the terms of the GNU General Public License as published by
6	## the Free Software Foundation; either version 2 of the License, or
7	## (at your option) any later version.
8	##
9	## This program is distributed in the hope that it will be useful,
10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	## GNU General Public License for more details.
13	##
14	## You should have received a copy of the GNU General Public License
15	## along with this program; if not, write to the Free Software
16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17	##
18	import grok
19	from zope.component import getUtilitiesFor
20	from zope.interface import Interface
21	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
22	from waeup.kofa.interfaces import ILocalRolesAssignable
23
24	class Public(grok.Permission):
25	"""Everyone-can-do-this-permission.
26
27	This permission is meant to be applied to objects/views/pages
28	etc., that should be usable/readable by everyone.
29
30	We need this to be able to tune default permissions more
31	restrictive and open up some dedicated objects like the front
32	page.
33	"""
34	grok.name('waeup.Public')
35
36	class Anonymous(grok.Permission):
37	"""Only-anonymous-can-do-this-permission.
38	"""
39	grok.name('waeup.Anonymous')
40
41	class Authenticated(grok.Permission):
42	"""Only-logged-in-users-can-do-this-permission.
43	"""
44	grok.name('waeup.Authenticated')
45
46	class ViewAcademicsPermission(grok.Permission):
47	grok.name('waeup.viewAcademics')
48
49	class ManageAcademicsPermission(grok.Permission):
50	grok.name('waeup.manageAcademics')
51
52	class ManagePortal(grok.Permission):
53	grok.name('waeup.managePortal')
54
55	class ManageUsers(grok.Permission):
56	grok.name('waeup.manageUsers')
57
58	class ShowStudents(grok.Permission):
59	grok.name('waeup.showStudents')
60
61	class EditUser(grok.Permission):
62	grok.name('waeup.editUser')
63
64	class ManageDataCenter(grok.Permission):
65	grok.name('waeup.manageDataCenter')
66
67	class ImportData(grok.Permission):
68	grok.name('waeup.importData')
69
70	class ExportData(grok.Permission):
71	grok.name('waeup.exportData')
72
73	class ExportPaymentsOverview(grok.Permission):
74	grok.name('waeup.exportPaymentsOverview')
75
76	class ExportBursaryData(grok.Permission):
77	grok.name('waeup.exportBursaryData')
78
79	class ViewTranscript(grok.Permission):
80	grok.name('waeup.viewTranscript')
81
82	class ManagePortalConfiguration(grok.Permission):
83	grok.name('waeup.managePortalConfiguration')
84
85	class ManageACBatches(grok.Permission):
86	grok.name('waeup.manageACBatches')
87
88	# Local Roles
89	class ApplicationsManager(grok.Role):
90	grok.name('waeup.local.ApplicationsManager')
91	grok.title(u'Applications Manager')
92	grok.permissions('waeup.viewAcademics')
93
94	class DepartmentManager(grok.Role):
95	grok.name('waeup.local.DepartmentManager')
96	grok.title(u'Department Manager')
97	grok.permissions('waeup.manageAcademics',
98	'waeup.showStudents',
99	'waeup.exportData')
100
101	class DepartmentOfficer(grok.Role):
102	grok.name('waeup.local.DepartmentOfficer')
103	grok.title(u'Department Officer')
104	grok.permissions('waeup.showStudents',
105	'waeup.viewAcademics',
106	'waeup.exportPaymentsOverview')
107
108	class ClearanceOfficer(grok.Role):
109	"""The clearance officer role is meant for the
110	assignment of dynamic roles only.
111	"""
112	grok.name('waeup.local.ClearanceOfficer')
113	grok.title(u'Clearance Officer')
114	grok.permissions('waeup.showStudents',
115	'waeup.viewAcademics',
116	'waeup.exportData')
117
118	class UGClearanceOfficer(grok.Role):
119	"""The clearance officer role is meant for the
120	assignment of dynamic roles only.
121	"""
122	grok.name('waeup.local.UGClearanceOfficer')
123	grok.title(u'UG Clearance Officer')
124	grok.permissions('waeup.showStudents',
125	'waeup.viewAcademics',
126	'waeup.exportData')
127
128	class PGClearanceOfficer(grok.Role):
129	"""The clearance officer role is meant for the
130	assignment of dynamic roles only.
131	"""
132	grok.name('waeup.local.PGClearanceOfficer')
133	grok.title(u'PG Clearance Officer')
134	grok.permissions('waeup.showStudents',
135	'waeup.viewAcademics',
136	'waeup.exportData')
137
138	class CourseAdviser100(grok.Role):
139	"""The 100 level course adviser role is meant for the
140	assignment of dynamic roles only.
141	"""
142	grok.name('waeup.local.CourseAdviser100')
143	grok.title(u'Course Adviser 100L')
144	grok.permissions('waeup.showStudents',
145	'waeup.viewAcademics',
146	'waeup.exportData')
147
148	class CourseAdviser200(grok.Role):
149	"""The course 200 level adviser role is meant for the
150	assignment of dynamic roles only.
151	"""
152	grok.name('waeup.local.CourseAdviser200')
153	grok.title(u'Course Adviser 200L')
154	grok.permissions('waeup.showStudents',
155	'waeup.viewAcademics',
156	'waeup.exportData')
157
158	class CourseAdviser300(grok.Role):
159	"""The 300 level course adviser role is meant for the
160	assignment of dynamic roles only.
161	"""
162	grok.name('waeup.local.CourseAdviser300')
163	grok.title(u'Course Adviser 300L')
164	grok.permissions('waeup.showStudents',
165	'waeup.viewAcademics',
166	'waeup.exportData')
167
168	class CourseAdviser400(grok.Role):
169	"""The 400 level course adviser role is meant for the
170	assignment of dynamic roles only.
171	"""
172	grok.name('waeup.local.CourseAdviser400')
173	grok.title(u'Course Adviser 400L')
174	grok.permissions('waeup.showStudents',
175	'waeup.viewAcademics',
176	'waeup.exportData')
177
178	class CourseAdviser500(grok.Role):
179	"""The 500 level course adviser role is meant for the
180	assignment of dynamic roles only.
181	"""
182	grok.name('waeup.local.CourseAdviser500')
183	grok.title(u'Course Adviser 500L')
184	grok.permissions('waeup.showStudents',
185	'waeup.viewAcademics',
186	'waeup.exportData')
187
188	class CourseAdviser600(grok.Role):
189	"""The 600 level course adviser role is meant for the
190	assignment of dynamic roles only.
191	"""
192	grok.name('waeup.local.CourseAdviser600')
193	grok.title(u'Course Adviser 600L')
194	grok.permissions('waeup.showStudents',
195	'waeup.viewAcademics',
196	'waeup.exportData')
197
198	class CourseAdviser700(grok.Role):
199	"""The 700 level course adviser role is meant for the
200	assignment of dynamic roles only.
201	"""
202	grok.name('waeup.local.CourseAdviser700')
203	grok.title(u'Course Adviser 700L')
204	grok.permissions('waeup.showStudents',
205	'waeup.viewAcademics',
206	'waeup.exportData')
207
208	class CourseAdviser800(grok.Role):
209	"""The 800 level course adviser role is meant for the
210	assignment of dynamic roles only.
211	"""
212	grok.name('waeup.local.CourseAdviser800')
213	grok.title(u'Course Adviser 800L')
214	grok.permissions('waeup.showStudents',
215	'waeup.viewAcademics',
216	'waeup.exportData')
217
218	class Lecturer(grok.Role):
219	"""The lecturer role is meant for the
220	assignment of dynamic roles only.
221	"""
222	grok.name('waeup.local.Lecturer')
223	grok.title(u'Lecturer')
224	grok.permissions('waeup.showStudents',
225	'waeup.viewAcademics',
226	'waeup.exportData')
227
228	class Owner(grok.Role):
229	grok.name('waeup.local.Owner')
230	grok.title(u'Owner')
231	grok.permissions('waeup.editUser')
232
233	# Site Roles
234	class AcademicsOfficer(grok.Role):
235	grok.name('waeup.AcademicsOfficer')
236	grok.title(u'Academics Officer (view only)')
237	grok.permissions('waeup.viewAcademics')
238
239	class AcademicsManager(grok.Role):
240	grok.name('waeup.AcademicsManager')
241	grok.title(u'Academics Manager')
242	grok.permissions('waeup.viewAcademics',
243	'waeup.manageAcademics')
244
245	class ACManager(grok.Role):
246	grok.name('waeup.ACManager')
247	grok.title(u'Access Code Manager')
248	grok.permissions('waeup.manageACBatches')
249
250	class DataCenterManager(grok.Role):
251	grok.name('waeup.DataCenterManager')
252	grok.title(u'Datacenter Manager')
253	grok.permissions('waeup.manageDataCenter')
254
255	class ImportManager(grok.Role):
256	grok.name('waeup.ImportManager')
257	grok.title(u'Import Manager')
258	grok.permissions('waeup.manageDataCenter',
259	'waeup.importData')
260
261	class ExportManager(grok.Role):
262	grok.name('waeup.ExportManager')
263	grok.title(u'Export Manager')
264	grok.permissions('waeup.manageDataCenter',
265	'waeup.exportData')
266
267	class BursaryOfficer(grok.Role):
268	grok.name('waeup.BursaryOfficer')
269	grok.title(u'Bursary Officer')
270	grok.permissions('waeup.showStudents',
271	'waeup.viewAcademics',
272	'waeup.exportBursaryData')
273
274	class UsersManager(grok.Role):
275	grok.name('waeup.UsersManager')
276	grok.title(u'Users Manager')
277	grok.permissions('waeup.manageUsers',
278	'waeup.editUser')
279
280	class WorkflowManager(grok.Role):
281	grok.name('waeup.WorkflowManager')
282	grok.title(u'Workflow Manager')
283	grok.permissions('waeup.triggerTransition')
284
285	class PortalManager(grok.Role):
286	grok.name('waeup.PortalManager')
287	grok.title(u'Portal Manager')
288	grok.permissions('waeup.managePortal',
289	'waeup.manageUsers',
290	'waeup.viewAcademics', 'waeup.manageAcademics',
291	'waeup.manageACBatches',
292	'waeup.manageDataCenter',
293	'waeup.importData',
294	'waeup.exportData',
295	'waeup.viewTranscript',
296	'waeup.managePortalConfiguration', 'waeup.viewApplication',
297	'waeup.manageApplication', 'waeup.handleApplication',
298	'waeup.viewApplicantsTab', 'waeup.payApplicant',
299	'waeup.viewApplicationStatistics',
300	'waeup.viewStudent', 'waeup.manageStudent',
301	'waeup.clearStudent', 'waeup.payStudent',
302	'waeup.uploadStudentFile', 'waeup.showStudents',
303	'waeup.triggerTransition',
304	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
305	'waeup.handleAccommodation',
306	'waeup.viewHostels', 'waeup.manageHostels',
307	'waeup.editUser',
308	'waeup.loginAsStudent',
309	'waeup.manageReports',
310	'waeup.manageJobs',
311	)
312
313	class CCOfficer(grok.Role):
314	"""This is basically a copy of the the PortalManager class. We exclude some
315	'dangerous' permissions by commenting them out.
316	"""
317	grok.baseclass()
318	grok.name('waeup.CCOfficer')
319	grok.title(u'Computer Center Officer')
320	grok.permissions(#'waeup.managePortal',
321	#'waeup.manageUsers',
322	'waeup.viewAcademics', 'waeup.manageAcademics',
323	#'waeup.manageACBatches',
324	'waeup.manageDataCenter',
325	#'waeup.importData',
326	'waeup.exportData',
327	'waeup.viewTranscript',
328	'waeup.managePortalConfiguration', 'waeup.viewApplication',
329	'waeup.manageApplication', 'waeup.handleApplication',
330	'waeup.viewApplicantsTab', 'waeup.payApplicant',
331	'waeup.viewApplicationStatistics',
332	'waeup.viewStudent', 'waeup.manageStudent',
333	'waeup.clearStudent', 'waeup.payStudent',
334	'waeup.uploadStudentFile', 'waeup.showStudents',
335	#'waeup.triggerTransition',
336	'waeup.viewStudentsContainer','waeup.viewStudentsTab',
337	'waeup.handleAccommodation',
338	'waeup.viewHostels', 'waeup.manageHostels',
339	#'waeup.editUser',
340	#'waeup.loginAsStudent',
341	'waeup.manageReports',
342	#'waeup.manageJobs',
343	)
344
345	def get_all_roles():
346	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
347	"""
348	return getUtilitiesFor(IRole)
349
350	def get_waeup_roles(also_local=False):
351	"""Get all Kofa roles.
352
353	Kofa roles are ordinary roles whose id by convention starts with
354	a ``waeup.`` prefix.
355
356	If `also_local` is ``True`` (``False`` by default), also local
357	roles are returned. Local Kofa roles are such whose id starts
358	with ``waeup.local.`` prefix (this is also a convention).
359
360	Returns a generator of the found roles.
361	"""
362	for name, item in get_all_roles():
363	if not name.startswith('waeup.'):
364	# Ignore non-Kofa roles...
365	continue
366	if not also_local and name.startswith('waeup.local.'):
367	# Ignore local roles...
368	continue
369	yield item
370
371	def get_waeup_role_names():
372	"""Get the ids of all Kofa roles.
373
374	See :func:`get_waeup_roles` for what a 'KofaRole' is.
375
376	This function returns a sorted list of Kofa role names.
377	"""
378	return sorted([x.id for x in get_waeup_roles()])
379
380	class LocalRolesAssignable(grok.Adapter):
381	"""Default implementation for `ILocalRolesAssignable`.
382
383	This adapter returns a list for dictionaries for objects for which
384	we want to know the roles assignable to them locally.
385
386	The returned dicts contain a ``name`` and a ``title`` entry which
387	give a role (``name``) and a description, for which kind of users
388	the permission is meant to be used (``title``).
389
390	Having this adapter registered we make sure, that for each normal
391	object we get a valid `ILocalRolesAssignable` adapter.
392
393	Objects that want to offer certain local roles, can do so by
394	setting a (preferably class-) attribute to a list of role ids.
395
396	You can also define different adapters for different contexts to
397	have different role lookup mechanisms become available. But in
398	normal cases it should be sufficient to use this basic adapter.
399	"""
400	grok.context(Interface)
401	grok.provides(ILocalRolesAssignable)
402
403	_roles = []
404
405	def __init__(self, context):
406	self.context = context
407	role_ids = getattr(context, 'local_roles', self._roles)
408	self._roles = [(name, role) for name, role in get_all_roles()
409	if name in role_ids]
410	return
411
412	def __call__(self):
413	"""Get a list of dictionaries containing ``names`` (the roles to
414	assign) and ``titles`` (some description of the type of user
415	to assign each role to).
416	"""
417	list_of_dict = [dict(
418	name=name,
419	title=role.title,
420	description=role.description)
421	for name, role in self._roles]
422	return sorted(list_of_dict, key=lambda x: x['name'])
423
424	def get_all_users():
425	"""Get a list of dictionaries.
426	"""
427	users = sorted(grok.getSite()['users'].items(), key=lambda x: x[1].title)
428	for key, val in users:
429	yield(dict(name=key, val=val))
430
431	def get_users_with_local_roles(context):
432	"""Get a list of dicts representing the local roles set for `context`.
433
434	Each dict returns `user_name`, `user_title`, `local_role`,
435	`local_role_title`, and `setting` for each entry in the local
436	roles map of the `context` object.
437	"""
438	try:
439	role_map = IPrincipalRoleMap(context)
440	except TypeError:
441	# no map no roles.
442	raise StopIteration
443	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
444	user = grok.getSite()['users'].get(user_name,None)
445	user_title = getattr(user, 'title', user_name)
446	local_role_title = getattr(
447	dict(get_all_roles()).get(local_role, None), 'title', None)
448	yield dict(user_name = user_name,
449	user_title = user_title,
450	local_role = local_role,
451	local_role_title = local_role_title,
452	setting = setting)
453
454	def get_users_with_role(role, context):
455	"""Get a list of dicts representing the usres who have been granted
456	a role for `context`.
457	"""
458	try:
459	role_map = IPrincipalRoleMap(context)
460	except TypeError:
461	# no map no roles.
462	raise StopIteration
463	for user_name, setting in role_map.getPrincipalsForRole(role):
464	user = grok.getSite()['users'].get(user_name,None)
465	user_title = getattr(user, 'title', user_name)
466	user_email = getattr(user, 'email', None)
467	yield dict(user_name = user_name,
468	user_title = user_title,
469	user_email = user_email,
470	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: