## ## securitypolicy.py ## Login : ## Started on Mon Nov 14 09:37:10 2011 Uli Fouquet ## $Id: dynamicroles.py 7159 2011-11-21 10:11:07Z henrik $ ## ## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ## """Security policy components for applicants. Applicants need special security policy treatment, as officers with local roles for departments and faculties might have additional permissions (local roles on depts/faculties) here. """ import grok from zope.securitypolicy.interfaces import ( IPrincipalRoleManager, IPrincipalPermissionManager,) from zope.securitypolicy.principalrole import AnnotationPrincipalRoleManager from zope.securitypolicy.principalpermission import ( AnnotationPrincipalPermissionManager,) from zope.securitypolicy.settings import Allow, Deny, Unset from waeup.sirp.applicants.interfaces import IApplicant from waeup.sirp.students.dynamicroles import StudentPrincipalRoleManager # All components in here have the same context: Applicant instances grok.context(IApplicant) class ApplicantPrincipalRoleManager(StudentPrincipalRoleManager): grok.provides(IPrincipalRoleManager) #: The attribute name to lookup for additional roles extra_attrib = 'course1' subcontainer = None #: List of role names to look for in `extra_attrib` and parents. external_rolenames = ['waeup.local.ClearanceOfficer',] #: Role to add in case one of the above roles was found. additional_rolename = 'waeup.ApplicationsOfficer'