source: main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py @ 12966

Last change on this file since 12966 was 12847, checked in by Henrik Bettermann, 10 years ago

Update security documentation.

  • Property svn:keywords set to Id
File size: 6.6 KB
Line 
1## $Id: permissions.py 12847 2015-04-03 17:45:48Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18"""
19Permissions for the student section.
20"""
21import grok
22
23# Student section permissions
24
25class HandleStudent(grok.Permission):
26    """
27    The HandleStudent permission is reserved for students.
28    Students 'handle' their data. Officers 'manage' the data.
29    """
30    grok.name('waeup.handleStudent')
31
32class ViewStudent(grok.Permission):
33    """
34    The ViewStudent permission allows to view all student data.
35    """
36    grok.name('waeup.viewStudent')
37
38class ViewMyStudentDataTab(grok.Permission):
39    grok.name('waeup.viewMyStudentDataTab')
40
41class ViewStudentsContainer(grok.Permission):
42    """The ViewStudentsContainer permission allows to view the students root
43    container page.
44    """
45    grok.name('waeup.viewStudentsContainer')
46
47class PayStudent(grok.Permission):
48    """The PayStudent permission allows to add an online payment ticket and to
49    manage tickets.
50    """
51    grok.name('waeup.payStudent')
52
53class HandleAccommodation(grok.Permission):
54    """The HandleAccommodation allows to manage bed tickets.
55    """
56    grok.name('waeup.handleAccommodation')
57
58class UploadStudentFile(grok.Permission):
59    """The UploadStudentFile permissions allows to upload the passport picture.
60    The respective page additionally checks the state of the student.
61    """
62    grok.name('waeup.uploadStudentFile')
63
64class ManageStudent(grok.Permission):
65    """The ManageStudent permission allows to edit the data.
66    This permission is meant for clearance officers.
67    """
68    grok.name('waeup.manageStudent')
69
70class ClearStudent(grok.Permission):
71    """The ClearStudent permission is needed to clear students
72    or to reject clearance. This permission is meant for course advisers.
73    """
74    grok.name('waeup.clearStudent')
75
76class ValidateStudent(grok.Permission):
77    """The ValidateStudent permission is needed to validate or reject
78    course lists. This permission is not needed if users
79    already have the TriggerTransition permission.
80    """
81    grok.name('waeup.validateStudent')
82
83class EditStudyLevel(grok.Permission):
84    """The EditStudyLevel permission is needed for editing course lists.
85    Students and course advisers do have this permission.
86    """
87    grok.name('waeup.editStudyLevel')
88
89class LoginAsStudent(grok.Permission):
90    """The LoginAsStudent is needed to set temporary student passwords
91    and login as (impersonate) students.
92    """
93    grok.name('waeup.loginAsStudent')
94
95# Local role
96class StudentRecordOwner(grok.Role):
97    """A student 'owns' her/his student object and subobjects and
98    gains permissions to handle all data, upload a passport picture,
99    add payment tickets, create and edit course lists and handle accommodation.
100    """
101    grok.name('waeup.local.StudentRecordOwner')
102    grok.title(u'Student Record Owner')
103    grok.permissions('waeup.handleStudent',
104                     'waeup.uploadStudentFile',
105                     'waeup.viewStudent',
106                     'waeup.payStudent',
107                     'waeup.handleAccommodation',
108                     'waeup.editStudyLevel')
109
110# Site Roles
111class StudentRole(grok.Role):
112    """This role is dedicated to students only.
113    It defines the permissions a student gains portal-wide.
114    """
115    grok.name('waeup.Student')
116    grok.title(u'Student (do not assign)')
117    grok.permissions('waeup.viewAcademics',
118                     'waeup.viewMyStudentDataTab',
119                     'waeup.Authenticated')
120
121class StudentsOfficer(grok.Role):
122    """The Students Officer is allowed to view all student data.
123    """
124    grok.name('waeup.StudentsOfficer')
125    grok.title(u'Students Officer (view only)')
126    grok.permissions('waeup.viewStudent',
127                     'waeup.viewStudentsContainer')
128
129class StudentsManager(grok.Role):
130    """The Students Officer is allowed to edit all student data, to
131    create payment tickets, to handle bed tickets and to upload passport
132    pictures.
133    """
134    grok.name('waeup.StudentsManager')
135    grok.title(u'Students Manager')
136    grok.permissions('waeup.viewStudent',
137                     'waeup.manageStudent',
138                     'waeup.viewStudentsContainer',
139                     'waeup.payStudent',
140                     'waeup.uploadStudentFile',
141                     'waeup.handleAccommodation')
142
143class TranscriptOfficer(grok.Role):
144    grok.name('waeup.TranscriptOfficer')
145    grok.title(u'Transcript Officer')
146    grok.permissions('waeup.viewAcademics',
147                     'waeup.viewTranscript',
148                     'waeup.viewStudent',
149                     'waeup.viewStudentsContainer',
150                     )
151
152class StudentsClearanceOfficer(grok.Role):
153    """The global StudentsClearanceOfficer role enables users to view all
154    student data, to clear students and to reject clearance portal-wide.
155    Usually, this role is not assigned manually.
156    We are using the correspondent local role instead which assigns the
157    StudentsClearanceOfficer role dynamically.
158    """
159    grok.name('waeup.StudentsClearanceOfficer')
160    grok.title(u'Clearance Officer (all students)')
161    grok.permissions('waeup.clearStudent',
162                     'waeup.viewStudent')
163
164class StudentsCourseAdviser(grok.Role):
165    """The global StudentsCourseAdviser role enables users to view all
166    student data, to edit, validate or reject course lists  portal-wide.
167    Usually, this role is not assigned manually.
168    We are using the correspondent local role instead which assigns the
169    StudentsCourseAdviser role dynamically.
170    """
171    grok.name('waeup.StudentsCourseAdviser')
172    grok.title(u'Course Adviser (all students)')
173    grok.permissions('waeup.validateStudent',
174                     'waeup.viewStudent',
175                     'waeup.editStudyLevel')
176
177class StudentImpersonator(grok.Role):
178    """The Student Impersonator gains the LoginAsStudent permission,
179    nothing else, see description above.
180    """
181    grok.name('waeup.StudentImpersonator')
182    grok.title(u'Student Impersonator')
183    grok.permissions('waeup.loginAsStudent')
Note: See TracBrowser for help on using the repository browser.