| [3521] | 1 | import grok |
|---|
| [4789] | 2 | from zc.sourcefactory.basic import BasicSourceFactory |
|---|
| [3521] | 3 | |
|---|
| [4789] | 4 | class Public(grok.Permission): |
|---|
| 5 | """Everyone-can-do-this-permission. |
|---|
| 6 | |
|---|
| 7 | This permission is meant to be applied to objects/views/pages |
|---|
| 8 | etc., that should be usable/readable by everyone. |
|---|
| 9 | |
|---|
| 10 | We need this to be able to tune default permissions more |
|---|
| 11 | restrictive and open up some dedicated objects like the front |
|---|
| 12 | page. |
|---|
| 13 | """ |
|---|
| 14 | grok.name('waeup.Public') |
|---|
| [5433] | 15 | |
|---|
| 16 | class Anonymous(grok.Permission): |
|---|
| 17 | """Only-anonymous-can-do-this-permission. |
|---|
| 18 | """ |
|---|
| 19 | grok.name('waeup.Anonymous') |
|---|
| [4789] | 20 | |
|---|
| 21 | class ViewPermission(grok.Permission): |
|---|
| 22 | grok.name('waeup.View') |
|---|
| 23 | |
|---|
| 24 | class ManageUniversity(grok.Permission): |
|---|
| 25 | grok.name('waeup.manageUniversity') |
|---|
| 26 | |
|---|
| 27 | class ManageUsers(grok.Permission): |
|---|
| 28 | grok.name('waeup.manageUsers') |
|---|
| 29 | |
|---|
| [3521] | 30 | class FacultyRead(grok.Permission): |
|---|
| 31 | grok.name('waeup.facultyread') |
|---|
| [5937] | 32 | |
|---|
| 33 | # Roles |
|---|
| [4789] | 34 | class PortalUser(grok.Role): |
|---|
| 35 | grok.name('waeup.PortalUser') |
|---|
| 36 | grok.permissions('waeup.facultyread', 'waeup.View', 'waeup.Public') |
|---|
| [3521] | 37 | |
|---|
| [4789] | 38 | class PortalManager(grok.Role): |
|---|
| 39 | grok.name('waeup.PortalManager') |
|---|
| 40 | grok.permissions('waeup.manageUniversity', 'waeup.manageUsers', |
|---|
| [5410] | 41 | 'waeup.View', 'waeup.Public','waeup.manageACBatches') |
|---|
| [4789] | 42 | |
|---|
| 43 | def getRoles(): |
|---|
| 44 | app = grok.getSite() |
|---|
| 45 | app = None |
|---|
| 46 | manager = None |
|---|
| 47 | if app is not None: |
|---|
| 48 | from zope.securitypolicy.interfaces import IRolePermissionManager |
|---|
| 49 | manager = IRolePermissionManager(app, None) |
|---|
| 50 | else: |
|---|
| 51 | from zope.securitypolicy.rolepermission import ( |
|---|
| 52 | rolePermissionManager as manager) |
|---|
| 53 | role_permission_map = manager.getRolesAndPermissions() |
|---|
| 54 | result = dict() |
|---|
| 55 | for item in role_permission_map: |
|---|
| 56 | if not item[1].startswith('waeup.'): |
|---|
| 57 | # Ignore non-WAeUP roles... |
|---|
| 58 | continue |
|---|
| [6045] | 59 | if item[1].startswith('waeup.local.'): |
|---|
| 60 | continue |
|---|
| [4789] | 61 | result[item[1]] = True |
|---|
| 62 | return sorted(result.keys()) |
|---|
| 63 | |
|---|
| 64 | class RoleSource(BasicSourceFactory): |
|---|
| 65 | def getValues(self): |
|---|
| 66 | return getRoles() |
|---|
| 67 | def getTitle(self, value): |
|---|
| 68 | if isinstance(value, basestring): |
|---|
| 69 | return value.split('.', 2)[1] |
|---|
