Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7163

Last change on this file since 7163 was 7163, checked in by Henrik Bettermann, 13 years ago
Users must own their own account object in order to edit edit. Therefore we need a local owner role and an event handler which assigns the local role after user creation.
Property svn:eol-style set to `native` Property svn:keywords set to `Id`
File size: 6.1 KB

Rev	Line
[3521]	1	import grok
[6157]	2	from zope.component import getUtilitiesFor
[6144]	3	from zope.interface import Interface
[6163]	4	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[6144]	5	from waeup.sirp.interfaces import ILocalRolesAssignable
[3521]	6
[4789]	7	class Public(grok.Permission):
	8	"""Everyone-can-do-this-permission.
	9
	10	This permission is meant to be applied to objects/views/pages
	11	etc., that should be usable/readable by everyone.
	12
	13	We need this to be able to tune default permissions more
	14	restrictive and open up some dedicated objects like the front
	15	page.
	16	"""
	17	grok.name('waeup.Public')
[6142]	18
[5433]	19	class Anonymous(grok.Permission):
	20	"""Only-anonymous-can-do-this-permission.
	21	"""
[6142]	22	grok.name('waeup.Anonymous')
[4789]	23
	24	class ViewPermission(grok.Permission):
	25	grok.name('waeup.View')
	26
	27	class ManageUniversity(grok.Permission):
	28	grok.name('waeup.manageUniversity')
	29
	30	class ManageUsers(grok.Permission):
	31	grok.name('waeup.manageUsers')
[6142]	32
[7163]	33	class EditUser(grok.Permission):
	34	grok.name('waeup.editUser')
	35
[6127]	36	class ManageDataCenter(grok.Permission):
	37	grok.name('waeup.manageDataCenter')
[6142]	38
[6907]	39	class ManagePortalConfiguration(grok.Permission):
	40	grok.name('waeup.managePortalConfiguration')
[6155]	41
[6125]	42	# Local Roles
	43	class DepartmentOfficer(grok.Role):
[6127]	44	grok.name('waeup.local.DepartmentOfficer')
[6159]	45	grok.title(u'Department Officer')
[6127]	46	grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
[6142]	47
[6655]	48	class ClearanceOfficer(grok.Role):
	49	grok.name('waeup.local.ClearanceOfficer')
	50	grok.title(u'Clearance Officer')
	51	grok.permissions('waeup.View', 'waeup.Public')
	52
	53	class CourseAdviser(grok.Role):
	54	grok.name('waeup.local.CourseAdviser')
	55	grok.title(u'Course Adviser')
	56	grok.permissions('waeup.View', 'waeup.Public')
	57
[7163]	58	class Owner(grok.Role):
	59	grok.name('waeup.local.Owner')
	60	grok.title(u'Owner')
	61	grok.permissions('waeup.editUser')
	62
[6125]	63	# Global Roles
[4789]	64	class PortalUser(grok.Role):
	65	grok.name('waeup.PortalUser')
[6159]	66	grok.title(u'Portal User')
[6125]	67	grok.permissions('waeup.View', 'waeup.Public')
[3521]	68
[4789]	69	class PortalManager(grok.Role):
	70	grok.name('waeup.PortalManager')
[6159]	71	grok.title(u'Portal Manager')
[4789]	72	grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
[6127]	73	'waeup.View', 'waeup.Public','waeup.manageACBatches',
[6198]	74	'waeup.manageDataCenter','waeup.managePortalSettings',
[6907]	75	'waeup.managePortalConfiguration',
[6622]	76	'waeup.manageApplications', 'waeup.handleApplication',
[7148]	77	'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
	78	'waeup.uploadStudentFile',
[7122]	79	'waeup.viewHostels', 'waeup.manageHostels')
[4789]	80
	81	def getRoles():
[6157]	82	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	83	"""
	84	return getUtilitiesFor(IRole)
	85
	86	def getWAeUPRoles(also_local=False):
	87	"""Get all WAeUP roles.
	88
	89	WAeUP roles are ordinary roles whose id by convention starts with
	90	a ``waeup.`` prefix.
	91
	92	If `also_local` is ``True`` (``False`` by default), also local
	93	roles are returned. Local WAeUP roles are such whose id starts
	94	with ``waeup.local.`` prefix (this is also a convention).
	95
	96	Returns a generator of the found roles.
	97	"""
	98	for name, item in getRoles():
	99	if not name.startswith('waeup.'):
[4789]	100	# Ignore non-WAeUP roles...
	101	continue
[6157]	102	if not also_local and name.startswith('waeup.local.'):
	103	# Ignore local roles...
[6045]	104	continue
[6157]	105	yield item
[4789]	106
[6157]	107	def getWAeUPRoleNames():
	108	"""Get the ids of all WAeUP roles.
	109
	110	See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
	111
	112	This function returns a sorted list of WAeUP role names.
	113	"""
	114	return sorted([x.id for x in getWAeUPRoles()])
	115
	116
[6144]	117	class LocalRolesAssignable(grok.Adapter):
	118	"""Default implementation for `ILocalRolesAssignable`.
	119
	120	This adapter returns a list for dictionaries for objects for which
	121	we want to know the roles assignable to them locally.
	122
	123	The returned dicts contain a ``name`` and a ``title`` entry which
	124	give a role (``name``) and a description, for which kind of users
	125	the permission is meant to be used (``title``).
	126
	127	Having this adapter registered we make sure, that for each normal
	128	object we get a valid `ILocalRolesAssignable` adapter.
	129
	130	Objects that want to offer certain local roles, can do so by
[6162]	131	setting a (preferably class-) attribute to a list of role ids.
[6144]	132
	133	You can also define different adapters for different contexts to
	134	have different role lookup mechanisms become available. But in
	135	normal cases it should be sufficient to use this basic adapter.
	136	"""
	137	grok.context(Interface)
	138	grok.provides(ILocalRolesAssignable)
	139
	140	_roles = []
	141
	142	def __init__(self, context):
	143	self.context = context
[6162]	144	role_ids = getattr(context, 'local_roles', self._roles)
	145	self._roles = [(name, role) for name, role in getRoles()
	146	if name in role_ids]
[6144]	147	return
	148
	149	def __call__(self):
	150	"""Get a list of dictionaries containing ``names`` (the roles to
	151	assign) and ``titles`` (some description of the type of user
	152	to assign each role to).
	153	"""
[6162]	154	return [
	155	dict(
	156	name=name,
	157	title=role.title,
[6163]	158	description=role.description)
[6162]	159	for name, role in self._roles]
[6144]	160
[6163]	161	def get_users_with_local_roles(context):
	162	"""Get a list of dicts representing the local roles set for `context`.
	163
	164	Each dict returns `user_name`, `user_title`, `local_role`,
	165	`local_role_title`, and `setting` for each entry in the local
	166	roles map of the `context` object.
	167	"""
[6202]	168	try:
	169	role_map = IPrincipalRoleMap(context)
	170	except TypeError:
	171	# no map no roles.
	172	raise StopIteration
[6163]	173	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	174	user = grok.getSite()['users'].get(user_name,None)
	175	user_title = getattr(user, 'description', user_name)
[6170]	176	local_role_title = dict(getRoles())[local_role].title
[6163]	177	yield dict(user_name = user_name,
	178	user_title = user_title,
	179	local_role = local_role,
	180	local_role_title = local_role_title,
	181	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: