source: main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py @ 12858

Last change on this file since 12858 was 12847, checked in by Henrik Bettermann, 10 years ago

Update security documentation.

  • Property svn:keywords set to Id
File size: 6.6 KB
RevLine 
[7191]1## $Id: permissions.py 12847 2015-04-03 17:45:48Z henrik $
2##
[6655]3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18"""
19Permissions for the student section.
20"""
21import grok
22
23# Student section permissions
24
[6660]25class HandleStudent(grok.Permission):
[12847]26    """
27    The HandleStudent permission is reserved for students.
28    Students 'handle' their data. Officers 'manage' the data.
29    """
[6660]30    grok.name('waeup.handleStudent')
[6655]31
[6660]32class ViewStudent(grok.Permission):
[12847]33    """
34    The ViewStudent permission allows to view all student data.
35    """
[6660]36    grok.name('waeup.viewStudent')
37
[7240]38class ViewMyStudentDataTab(grok.Permission):
39    grok.name('waeup.viewMyStudentDataTab')
40
41class ViewStudentsContainer(grok.Permission):
[12847]42    """The ViewStudentsContainer permission allows to view the students root
43    container page.
44    """
[7240]45    grok.name('waeup.viewStudentsContainer')
46
[6930]47class PayStudent(grok.Permission):
[12847]48    """The PayStudent permission allows to add an online payment ticket and to
49    manage tickets.
50    """
[6930]51    grok.name('waeup.payStudent')
52
[7181]53class HandleAccommodation(grok.Permission):
[12847]54    """The HandleAccommodation allows to manage bed tickets.
55    """
[7181]56    grok.name('waeup.handleAccommodation')
57
[7127]58class UploadStudentFile(grok.Permission):
[12847]59    """The UploadStudentFile permissions allows to upload the passport picture.
60    The respective page additionally checks the state of the student.
61    """
[7127]62    grok.name('waeup.uploadStudentFile')
63
[7136]64class ManageStudent(grok.Permission):
[12847]65    """The ManageStudent permission allows to edit the data.
66    This permission is meant for clearance officers.
67    """
[7136]68    grok.name('waeup.manageStudent')
[6655]69
[7136]70class ClearStudent(grok.Permission):
[12847]71    """The ClearStudent permission is needed to clear students
72    or to reject clearance. This permission is meant for course advisers.
73    """
[7136]74    grok.name('waeup.clearStudent')
75
[7334]76class ValidateStudent(grok.Permission):
[12847]77    """The ValidateStudent permission is needed to validate or reject
78    course lists. This permission is not needed if users
79    already have the TriggerTransition permission.
80    """
[7334]81    grok.name('waeup.validateStudent')
82
[9924]83class EditStudyLevel(grok.Permission):
[12847]84    """The EditStudyLevel permission is needed for editing course lists.
85    Students and course advisers do have this permission.
86    """
[9924]87    grok.name('waeup.editStudyLevel')
88
[9335]89class LoginAsStudent(grok.Permission):
[12847]90    """The LoginAsStudent is needed to set temporary student passwords
91    and login as (impersonate) students.
92    """
[9335]93    grok.name('waeup.loginAsStudent')
94
[6660]95# Local role
96class StudentRecordOwner(grok.Role):
[12847]97    """A student 'owns' her/his student object and subobjects and
98    gains permissions to handle all data, upload a passport picture,
99    add payment tickets, create and edit course lists and handle accommodation.
100    """
[6660]101    grok.name('waeup.local.StudentRecordOwner')
102    grok.title(u'Student Record Owner')
[12843]103    grok.permissions('waeup.handleStudent',
104                     'waeup.uploadStudentFile',
105                     'waeup.viewStudent',
106                     'waeup.payStudent',
107                     'waeup.handleAccommodation',
108                     'waeup.editStudyLevel')
[6660]109
[7178]110# Site Roles
[6678]111class StudentRole(grok.Role):
[12847]112    """This role is dedicated to students only.
113    It defines the permissions a student gains portal-wide.
114    """
[6678]115    grok.name('waeup.Student')
[9939]116    grok.title(u'Student (do not assign)')
[12843]117    grok.permissions('waeup.viewAcademics',
118                     'waeup.viewMyStudentDataTab',
[8367]119                     'waeup.Authenticated')
[6678]120
[6655]121class StudentsOfficer(grok.Role):
[12847]122    """The Students Officer is allowed to view all student data.
123    """
[6655]124    grok.name('waeup.StudentsOfficer')
[7154]125    grok.title(u'Students Officer (view only)')
[12843]126    grok.permissions('waeup.viewStudent',
127                     'waeup.viewStudentsContainer')
[7154]128
129class StudentsManager(grok.Role):
[12847]130    """The Students Officer is allowed to edit all student data, to
131    create payment tickets, to handle bed tickets and to upload passport
132    pictures.
133    """
[7154]134    grok.name('waeup.StudentsManager')
135    grok.title(u'Students Manager')
[12843]136    grok.permissions('waeup.viewStudent',
137                     'waeup.manageStudent',
138                     'waeup.viewStudentsContainer',
139                     'waeup.payStudent',
140                     'waeup.uploadStudentFile',
141                     'waeup.handleAccommodation')
[7154]142
[10465]143class TranscriptOfficer(grok.Role):
144    grok.name('waeup.TranscriptOfficer')
145    grok.title(u'Transcript Officer')
146    grok.permissions('waeup.viewAcademics',
147                     'waeup.viewTranscript',
148                     'waeup.viewStudent',
149                     'waeup.viewStudentsContainer',
150                     )
151
[7154]152class StudentsClearanceOfficer(grok.Role):
[12847]153    """The global StudentsClearanceOfficer role enables users to view all
154    student data, to clear students and to reject clearance portal-wide.
155    Usually, this role is not assigned manually.
156    We are using the correspondent local role instead which assigns the
157    StudentsClearanceOfficer role dynamically.
158    """
[7154]159    grok.name('waeup.StudentsClearanceOfficer')
160    grok.title(u'Clearance Officer (all students)')
[12843]161    grok.permissions('waeup.clearStudent',
162                     'waeup.viewStudent')
[7334]163
164class StudentsCourseAdviser(grok.Role):
[12847]165    """The global StudentsCourseAdviser role enables users to view all
166    student data, to edit, validate or reject course lists  portal-wide.
167    Usually, this role is not assigned manually.
168    We are using the correspondent local role instead which assigns the
169    StudentsCourseAdviser role dynamically.
170    """
[7334]171    grok.name('waeup.StudentsCourseAdviser')
172    grok.title(u'Course Adviser (all students)')
[12843]173    grok.permissions('waeup.validateStudent',
174                     'waeup.viewStudent',
[9924]175                     'waeup.editStudyLevel')
[9335]176
177class StudentImpersonator(grok.Role):
[12847]178    """The Student Impersonator gains the LoginAsStudent permission,
179    nothing else, see description above.
180    """
[9335]181    grok.name('waeup.StudentImpersonator')
182    grok.title(u'Student Impersonator')
183    grok.permissions('waeup.loginAsStudent')
Note: See TracBrowser for help on using the repository browser.