source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7172

Last change on this file since 7172 was 7168, checked in by Henrik Bettermann, 13 years ago

Reorganize permissions a bit.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.2 KB
RevLine 
[3521]1import grok
[6157]2from zope.component import getUtilitiesFor
[6144]3from zope.interface import Interface
[6163]4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[6144]5from waeup.sirp.interfaces import ILocalRolesAssignable
[3521]6
[4789]7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
[6142]18
[5433]19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
[6142]22    grok.name('waeup.Anonymous')
[4789]23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
[6142]32
[7163]33class EditUser(grok.Permission):
34    grok.name('waeup.editUser')
35
[6127]36class ManageDataCenter(grok.Permission):
37    grok.name('waeup.manageDataCenter')
[6142]38
[6907]39class ManagePortalConfiguration(grok.Permission):
40    grok.name('waeup.managePortalConfiguration')
[6155]41
[6125]42# Local Roles
43class DepartmentOfficer(grok.Role):
[6127]44    grok.name('waeup.local.DepartmentOfficer')
[6159]45    grok.title(u'Department Officer')
[7168]46    grok.permissions('waeup.manageUniversity')
[6142]47
[7168]48
[6655]49class ClearanceOfficer(grok.Role):
[7168]50    """The clearance officer role is meant for the
51    assignment of dynamic roles only.
52    """
[6655]53    grok.name('waeup.local.ClearanceOfficer')
54    grok.title(u'Clearance Officer')
55
56class CourseAdviser(grok.Role):
[7168]57    """The course adviser role is meant for the
58    assignment of dynamic roles only.
59    """
[6655]60    grok.name('waeup.local.CourseAdviser')
61    grok.title(u'Course Adviser')
62
[7163]63class Owner(grok.Role):
64    grok.name('waeup.local.Owner')
65    grok.title(u'Owner')
66    grok.permissions('waeup.editUser')
67
[6125]68# Global Roles
[4789]69class PortalUser(grok.Role):
70    grok.name('waeup.PortalUser')
[6159]71    grok.title(u'Portal User')
[6125]72    grok.permissions('waeup.View', 'waeup.Public')
[3521]73
[4789]74class PortalManager(grok.Role):
75    grok.name('waeup.PortalManager')
[6159]76    grok.title(u'Portal Manager')
[4789]77    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
[6127]78                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
[6198]79                     'waeup.manageDataCenter','waeup.managePortalSettings',
[6907]80                     'waeup.managePortalConfiguration',
[6622]81                     'waeup.manageApplications', 'waeup.handleApplication',
[7148]82                     'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
83                     'waeup.uploadStudentFile',
[7122]84                     'waeup.viewHostels', 'waeup.manageHostels')
[4789]85
86def getRoles():
[6157]87    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
88    """
89    return getUtilitiesFor(IRole)
90
91def getWAeUPRoles(also_local=False):
92    """Get all WAeUP roles.
93
94    WAeUP roles are ordinary roles whose id by convention starts with
95    a ``waeup.`` prefix.
96
97    If `also_local` is ``True`` (``False`` by default), also local
98    roles are returned. Local WAeUP roles are such whose id starts
99    with ``waeup.local.`` prefix (this is also a convention).
100
101    Returns a generator of the found roles.
102    """
103    for name, item in getRoles():
104        if not name.startswith('waeup.'):
[4789]105            # Ignore non-WAeUP roles...
106            continue
[6157]107        if not also_local and name.startswith('waeup.local.'):
108            # Ignore local roles...
[6045]109            continue
[6157]110        yield item
[4789]111
[6157]112def getWAeUPRoleNames():
113    """Get the ids of all WAeUP roles.
114
115    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
116
117    This function returns a sorted list of WAeUP role names.
118    """
119    return sorted([x.id for x in getWAeUPRoles()])
120
121
[6144]122class LocalRolesAssignable(grok.Adapter):
123    """Default implementation for `ILocalRolesAssignable`.
124
125    This adapter returns a list for dictionaries for objects for which
126    we want to know the roles assignable to them locally.
127
128    The returned dicts contain a ``name`` and a ``title`` entry which
129    give a role (``name``) and a description, for which kind of users
130    the permission is meant to be used (``title``).
131
132    Having this adapter registered we make sure, that for each normal
133    object we get a valid `ILocalRolesAssignable` adapter.
134
135    Objects that want to offer certain local roles, can do so by
[6162]136    setting a (preferably class-) attribute to a list of role ids.
[6144]137
138    You can also define different adapters for different contexts to
139    have different role lookup mechanisms become available. But in
140    normal cases it should be sufficient to use this basic adapter.
141    """
142    grok.context(Interface)
143    grok.provides(ILocalRolesAssignable)
144
145    _roles = []
146
147    def __init__(self, context):
148        self.context = context
[6162]149        role_ids = getattr(context, 'local_roles', self._roles)
150        self._roles = [(name, role) for name, role in getRoles()
151                       if name in role_ids]
[6144]152        return
153
154    def __call__(self):
155        """Get a list of dictionaries containing ``names`` (the roles to
156        assign) and ``titles`` (some description of the type of user
157        to assign each role to).
158        """
[6162]159        return [
160            dict(
161                name=name,
162                title=role.title,
[6163]163                description=role.description)
[6162]164            for name, role in self._roles]
[6144]165
[6163]166def get_users_with_local_roles(context):
167    """Get a list of dicts representing the local roles set for `context`.
168
169    Each dict returns `user_name`, `user_title`, `local_role`,
170    `local_role_title`, and `setting` for each entry in the local
171    roles map of the `context` object.
172    """
[6202]173    try:
174        role_map = IPrincipalRoleMap(context)
175    except TypeError:
176        # no map no roles.
177        raise StopIteration
[6163]178    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
179        user = grok.getSite()['users'].get(user_name,None)
180        user_title = getattr(user, 'description', user_name)
[6170]181        local_role_title = dict(getRoles())[local_role].title
[6163]182        yield dict(user_name = user_name,
183                   user_title = user_title,
184                   local_role = local_role,
185                   local_role_title = local_role_title,
186                   setting = setting)
Note: See TracBrowser for help on using the repository browser.