source: main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py @ 17935

Last change on this file since 17935 was 17610, checked in by Henrik Bettermann, 13 months ago

Update CHANGES.txt

  • Property svn:keywords set to Id
File size: 8.2 KB
Line 
1## $Id: permissions.py 17610 2023-10-12 09:06:25Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18"""
19Permissions for the students section.
20"""
21import grok
22
23# Students section permissions
24
25class HandleStudent(grok.Permission):
26    """
27    The HandleStudent permission is reserved for students.
28    Students 'handle' their data. Officers 'manage' the data.
29    """
30    grok.name('waeup.handleStudent')
31
32class ViewStudent(grok.Permission):
33    """
34    The ViewStudent permission allows to view all student data.
35    """
36    grok.name('waeup.viewStudent')
37
38class ViewMyStudentDataTab(grok.Permission):
39    grok.name('waeup.viewMyStudentDataTab')
40
41class ViewStudentsContainer(grok.Permission):
42    """The ViewStudentsContainer permission allows to view the students root
43    container page.
44    """
45    grok.name('waeup.viewStudentsContainer')
46
47class PayStudent(grok.Permission):
48    """The PayStudent permission allows to add an online payment ticket and to
49    manage tickets.
50    """
51    grok.name('waeup.payStudent')
52
53class HandleAccommodation(grok.Permission):
54    """The HandleAccommodation permission allows to manage bed tickets.
55    """
56    grok.name('waeup.handleAccommodation')
57
58class UploadStudentFile(grok.Permission):
59    """The UploadStudentFile permissions allows to upload the passport picture.
60    The respective page additionally checks the state of the student.
61    """
62    grok.name('waeup.uploadStudentFile')
63
64class ManageStudent(grok.Permission):
65    """The ManageStudent permission allows to edit the data.
66    This permission is meant for students officers.
67    """
68    grok.name('waeup.manageStudent')
69
70class ClearStudent(grok.Permission):
71    """The ClearStudent permission is needed to clear students
72    or to reject clearance. This permission is meant for clearance officers.
73    """
74    grok.name('waeup.clearStudent')
75
76class ValidateStudent(grok.Permission):
77    """The ValidateStudent permission is needed to validate or reject
78    course lists. This permission is not needed if users
79    already have the TriggerTransition permission.
80    """
81    grok.name('waeup.validateStudent')
82
83class EditStudyLevel(grok.Permission):
84    """The EditStudyLevel permission is needed for editing course lists.
85    Students and course advisers do have this permission.
86    """
87    grok.name('waeup.editStudyLevel')
88
89class LoginAsStudent(grok.Permission):
90    """The LoginAsStudent permission is needed to set temporary student
91    passwords and login as (impersonate) students.
92    """
93    grok.name('waeup.loginAsStudent')
94
95class ViewTranscript(grok.Permission):
96    """The ViewTranscript permission is needed to view transcript pages.
97    """
98    grok.name('waeup.viewTranscript')
99
100class DownloadTranscript(grok.Permission):
101    """The DownloadTranscript permission is needed to download transcript slips.
102    """
103    grok.name('waeup.downloadTranscript')
104
105class ProcessTranscript(grok.Permission):
106    grok.name('waeup.processTranscript')
107    """The ProcessTranscript permission is needed to validate and relase transcripts.
108    """
109
110class SignTranscript(grok.Permission):
111    grok.name('waeup.signTranscript')
112    """The SignTranscript permission is needed to sign transcripts.
113    """
114
115# Local role
116class StudentRecordOwner(grok.Role):
117    """A student 'owns' her/his student object and subobjects and
118    gains permissions to handle all data, upload a passport picture,
119    add payment tickets, create and edit course lists and handle accommodation.
120    """
121    grok.name('waeup.local.StudentRecordOwner')
122    grok.title(u'Student Record Owner')
123    grok.permissions('waeup.handleStudent',
124                     'waeup.uploadStudentFile',
125                     'waeup.viewStudent',
126                     'waeup.payStudent',
127                     'waeup.handleAccommodation',
128                     'waeup.editStudyLevel')
129
130class Parents(grok.Role):
131    """Parents temporarily get access to view the records of their children.
132    """
133    grok.name('waeup.local.Parents')
134    grok.title(u'Parents')
135    grok.permissions('waeup.viewStudent')
136
137# Site Roles
138class StudentRole(grok.Role):
139    """This role is dedicated to students only.
140    It defines the permissions a student gains portal-wide.
141    """
142    grok.name('waeup.Student')
143    grok.title(u'Student (do not assign)')
144    grok.permissions('waeup.viewAcademics',
145                     'waeup.viewMyStudentDataTab',
146                     'waeup.Authenticated')
147
148class StudentsOfficer(grok.Role):
149    """The Students Officer is allowed to view all student data.
150    """
151    grok.name('waeup.StudentsOfficer')
152    grok.title(u'Students Officer (view only)')
153    grok.permissions('waeup.viewStudent',
154                     'waeup.viewStudentsContainer')
155
156class StudentsManager(grok.Role):
157    """The Students Manager is allowed to edit all student data, to
158    create payment tickets, to handle bed tickets and to upload passport
159    pictures.
160    """
161    grok.name('waeup.StudentsManager')
162    grok.title(u'Students Manager')
163    grok.permissions('waeup.viewStudent',
164                     'waeup.manageStudent',
165                     'waeup.viewStudentsContainer',
166                     'waeup.payStudent',
167                     'waeup.uploadStudentFile',
168                     'waeup.handleAccommodation')
169
170class TranscriptOfficer(grok.Role):
171    """The Transcript Officer is allowed to view, to validate and to
172    release student transcripts. The officer is not allowed to
173    manage student data but to edit the transcript remark on a separate
174    manage page.
175    """
176    grok.name('waeup.TranscriptOfficer')
177    grok.title(u'Transcript Officer')
178    grok.permissions('waeup.viewAcademics',
179                     'waeup.viewTranscript',
180                     'waeup.downloadTranscript',
181                     'waeup.processTranscript',
182                     'waeup.viewStudent',
183                     'waeup.viewStudentsContainer',
184                     )
185
186class TranscriptSignee(grok.Role):
187    """The Transcript Signee is allowed to view and to sign student
188    transcripts.
189    """
190    grok.name('waeup.TranscriptSignee')
191    grok.title(u'Transcript Signee')
192    grok.permissions('waeup.viewAcademics',
193                     'waeup.viewTranscript',
194                     'waeup.signTranscript',
195                     'waeup.viewStudent',
196                     )
197
198class StudentsClearanceOfficer(grok.Role):
199    """The global StudentsClearanceOfficer role enables users to view all
200    student data, to clear students and to reject clearance portal-wide.
201    Usually, this role is not assigned manually.
202    We are using the correspondent local role instead which assigns the
203    StudentsClearanceOfficer role dynamically.
204    """
205    grok.name('waeup.StudentsClearanceOfficer')
206    grok.title(u'Clearance Officer (all students)')
207    grok.permissions('waeup.clearStudent',
208                     'waeup.viewStudent')
209
210class StudentsCourseAdviser(grok.Role):
211    """The global StudentsCourseAdviser role enables users to view all
212    student data, to edit, validate or reject course lists  portal-wide.
213    Usually, this role is not assigned manually.
214    We are using the correspondent local role instead which assigns the
215    StudentsCourseAdviser role dynamically.
216    """
217    grok.name('waeup.StudentsCourseAdviser')
218    grok.title(u'Course Adviser (all students)')
219    grok.permissions('waeup.validateStudent',
220                     'waeup.viewStudent',
221                     'waeup.editStudyLevel')
222
223class StudentImpersonator(grok.Role):
224    """The Student Impersonator gains the LoginAsStudent permission,
225    nothing else, see description above.
226    """
227    grok.name('waeup.StudentImpersonator')
228    grok.title(u'Student Impersonator')
229    grok.permissions('waeup.loginAsStudent')
Note: See TracBrowser for help on using the repository browser.