source: main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py @ 16121

Last change on this file since 16121 was 15606, checked in by Henrik Bettermann, 5 years ago

Parents access implementation (part 1)

  • Property svn:keywords set to Id
File size: 8.0 KB
RevLine 
[7191]1## $Id: permissions.py 15606 2019-09-24 17:21:28Z henrik $
2##
[6655]3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18"""
[13076]19Permissions for the students section.
[6655]20"""
21import grok
22
[13076]23# Students section permissions
[6655]24
[6660]25class HandleStudent(grok.Permission):
[12847]26    """
27    The HandleStudent permission is reserved for students.
28    Students 'handle' their data. Officers 'manage' the data.
29    """
[6660]30    grok.name('waeup.handleStudent')
[6655]31
[6660]32class ViewStudent(grok.Permission):
[12847]33    """
34    The ViewStudent permission allows to view all student data.
35    """
[6660]36    grok.name('waeup.viewStudent')
37
[7240]38class ViewMyStudentDataTab(grok.Permission):
39    grok.name('waeup.viewMyStudentDataTab')
40
41class ViewStudentsContainer(grok.Permission):
[12847]42    """The ViewStudentsContainer permission allows to view the students root
43    container page.
44    """
[7240]45    grok.name('waeup.viewStudentsContainer')
46
[6930]47class PayStudent(grok.Permission):
[12847]48    """The PayStudent permission allows to add an online payment ticket and to
49    manage tickets.
50    """
[6930]51    grok.name('waeup.payStudent')
52
[7181]53class HandleAccommodation(grok.Permission):
[12847]54    """The HandleAccommodation allows to manage bed tickets.
55    """
[7181]56    grok.name('waeup.handleAccommodation')
57
[7127]58class UploadStudentFile(grok.Permission):
[12847]59    """The UploadStudentFile permissions allows to upload the passport picture.
60    The respective page additionally checks the state of the student.
61    """
[7127]62    grok.name('waeup.uploadStudentFile')
63
[7136]64class ManageStudent(grok.Permission):
[12847]65    """The ManageStudent permission allows to edit the data.
[13026]66    This permission is meant for students officers.
[12847]67    """
[7136]68    grok.name('waeup.manageStudent')
[6655]69
[7136]70class ClearStudent(grok.Permission):
[12847]71    """The ClearStudent permission is needed to clear students
[13026]72    or to reject clearance. This permission is meant for clearance officers.
[12847]73    """
[7136]74    grok.name('waeup.clearStudent')
75
[7334]76class ValidateStudent(grok.Permission):
[12847]77    """The ValidateStudent permission is needed to validate or reject
78    course lists. This permission is not needed if users
79    already have the TriggerTransition permission.
80    """
[7334]81    grok.name('waeup.validateStudent')
82
[9924]83class EditStudyLevel(grok.Permission):
[12847]84    """The EditStudyLevel permission is needed for editing course lists.
85    Students and course advisers do have this permission.
86    """
[9924]87    grok.name('waeup.editStudyLevel')
88
[9335]89class LoginAsStudent(grok.Permission):
[12847]90    """The LoginAsStudent is needed to set temporary student passwords
91    and login as (impersonate) students.
92    """
[9335]93    grok.name('waeup.loginAsStudent')
94
[15163]95class ViewTranscript(grok.Permission):
96    """The ViewTranscript role is needed to view transcript pages and slips.
97    """
98    grok.name('waeup.viewTranscript')
99
100class ProcessTranscript(grok.Permission):
101    grok.name('waeup.processTranscript')
102    """The ProcessTranscript role is needed to validate and relase transcripts.
103    """
104
105class SignTranscript(grok.Permission):
106    grok.name('waeup.signTranscript')
[15173]107    """The SignTranscript role is needed to sign transcripts.
[15163]108    """
109
[6660]110# Local role
111class StudentRecordOwner(grok.Role):
[12847]112    """A student 'owns' her/his student object and subobjects and
113    gains permissions to handle all data, upload a passport picture,
114    add payment tickets, create and edit course lists and handle accommodation.
115    """
[6660]116    grok.name('waeup.local.StudentRecordOwner')
117    grok.title(u'Student Record Owner')
[12843]118    grok.permissions('waeup.handleStudent',
119                     'waeup.uploadStudentFile',
120                     'waeup.viewStudent',
121                     'waeup.payStudent',
122                     'waeup.handleAccommodation',
123                     'waeup.editStudyLevel')
[6660]124
[15606]125class Parents(grok.Role):
126    """Parents temporarily get access to view the records of their children.
127    """
128    grok.name('waeup.local.Parents')
129    grok.title(u'Parents')
130    grok.permissions('waeup.viewStudent')
131
[7178]132# Site Roles
[6678]133class StudentRole(grok.Role):
[12847]134    """This role is dedicated to students only.
135    It defines the permissions a student gains portal-wide.
136    """
[6678]137    grok.name('waeup.Student')
[9939]138    grok.title(u'Student (do not assign)')
[12843]139    grok.permissions('waeup.viewAcademics',
140                     'waeup.viewMyStudentDataTab',
[8367]141                     'waeup.Authenticated')
[6678]142
[6655]143class StudentsOfficer(grok.Role):
[12847]144    """The Students Officer is allowed to view all student data.
145    """
[6655]146    grok.name('waeup.StudentsOfficer')
[7154]147    grok.title(u'Students Officer (view only)')
[12843]148    grok.permissions('waeup.viewStudent',
149                     'waeup.viewStudentsContainer')
[7154]150
151class StudentsManager(grok.Role):
[13762]152    """The Students Manager is allowed to edit all student data, to
[12847]153    create payment tickets, to handle bed tickets and to upload passport
154    pictures.
155    """
[7154]156    grok.name('waeup.StudentsManager')
157    grok.title(u'Students Manager')
[12843]158    grok.permissions('waeup.viewStudent',
159                     'waeup.manageStudent',
160                     'waeup.viewStudentsContainer',
161                     'waeup.payStudent',
162                     'waeup.uploadStudentFile',
163                     'waeup.handleAccommodation')
[7154]164
[10465]165class TranscriptOfficer(grok.Role):
[15163]166    """The Transcript Officer is allowed to view, to validate and to
167    release student transcripts. The officer is not allowed to
[15333]168    manage student data but to edit the transcript remark on a separate
169    manage page.
[15163]170    """
[10465]171    grok.name('waeup.TranscriptOfficer')
172    grok.title(u'Transcript Officer')
173    grok.permissions('waeup.viewAcademics',
174                     'waeup.viewTranscript',
[15163]175                     'waeup.processTranscript',
[10465]176                     'waeup.viewStudent',
177                     'waeup.viewStudentsContainer',
178                     )
179
[15163]180class TranscriptSignee(grok.Role):
181    """The Transcript Signee is allowed to view and to sign student
182    transcripts.
183    """
184    grok.name('waeup.TranscriptSignee')
185    grok.title(u'Transcript Signee')
186    grok.permissions('waeup.viewAcademics',
187                     'waeup.viewTranscript',
188                     'waeup.signTranscript',
189                     'waeup.viewStudent',
190                     )
191
[7154]192class StudentsClearanceOfficer(grok.Role):
[12847]193    """The global StudentsClearanceOfficer role enables users to view all
194    student data, to clear students and to reject clearance portal-wide.
195    Usually, this role is not assigned manually.
196    We are using the correspondent local role instead which assigns the
197    StudentsClearanceOfficer role dynamically.
198    """
[7154]199    grok.name('waeup.StudentsClearanceOfficer')
200    grok.title(u'Clearance Officer (all students)')
[12843]201    grok.permissions('waeup.clearStudent',
202                     'waeup.viewStudent')
[7334]203
204class StudentsCourseAdviser(grok.Role):
[12847]205    """The global StudentsCourseAdviser role enables users to view all
206    student data, to edit, validate or reject course lists  portal-wide.
207    Usually, this role is not assigned manually.
208    We are using the correspondent local role instead which assigns the
209    StudentsCourseAdviser role dynamically.
210    """
[7334]211    grok.name('waeup.StudentsCourseAdviser')
212    grok.title(u'Course Adviser (all students)')
[12843]213    grok.permissions('waeup.validateStudent',
214                     'waeup.viewStudent',
[9924]215                     'waeup.editStudyLevel')
[9335]216
217class StudentImpersonator(grok.Role):
[12847]218    """The Student Impersonator gains the LoginAsStudent permission,
219    nothing else, see description above.
220    """
[9335]221    grok.name('waeup.StudentImpersonator')
222    grok.title(u'Student Impersonator')
223    grok.permissions('waeup.loginAsStudent')
Note: See TracBrowser for help on using the repository browser.