Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7181

Last change on this file since 7181 was 7181, checked in by Henrik Bettermann, 14 years ago

StudentsOfficers? are not allowed to view the accommodation and payments containers of students. We therefore use the dedicated permissions waeup.handleAccommodation and waeup.payStudent.

Add role waeup.ACManager with permission waeup.manageACBatches which has already been uses in accesscodes.

Property svn:eol-style set to native
Property svn:keywords set to Id

File size: 6.4 KB

Rev	Line
[3521]	1	import grok
[6157]	2	from zope.component import getUtilitiesFor
[6144]	3	from zope.interface import Interface
[6163]	4	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
[6144]	5	from waeup.sirp.interfaces import ILocalRolesAssignable
[7176]	6	from waeup.sirp.utils.helpers import get_user_account
[3521]	7
[4789]	8	class Public(grok.Permission):
	9	"""Everyone-can-do-this-permission.
	10
	11	This permission is meant to be applied to objects/views/pages
	12	etc., that should be usable/readable by everyone.
	13
	14	We need this to be able to tune default permissions more
	15	restrictive and open up some dedicated objects like the front
	16	page.
	17	"""
	18	grok.name('waeup.Public')
[6142]	19
[5433]	20	class Anonymous(grok.Permission):
	21	"""Only-anonymous-can-do-this-permission.
	22	"""
[6142]	23	grok.name('waeup.Anonymous')
[4789]	24
	25	class ViewPermission(grok.Permission):
	26	grok.name('waeup.View')
	27
	28	class ManageUniversity(grok.Permission):
	29	grok.name('waeup.manageUniversity')
	30
	31	class ManageUsers(grok.Permission):
	32	grok.name('waeup.manageUsers')
[6142]	33
[7163]	34	class EditUser(grok.Permission):
	35	grok.name('waeup.editUser')
	36
[6127]	37	class ManageDataCenter(grok.Permission):
	38	grok.name('waeup.manageDataCenter')
[6142]	39
[6907]	40	class ManagePortalConfiguration(grok.Permission):
	41	grok.name('waeup.managePortalConfiguration')
[6155]	42
[7181]	43	class ManageACBatches(grok.Permission):
	44	grok.name('waeup.manageACBatches')
	45
[6125]	46	# Local Roles
	47	class DepartmentOfficer(grok.Role):
[6127]	48	grok.name('waeup.local.DepartmentOfficer')
[6159]	49	grok.title(u'Department Officer')
[7168]	50	grok.permissions('waeup.manageUniversity')
[6142]	51
[7168]	52
[6655]	53	class ClearanceOfficer(grok.Role):
[7168]	54	"""The clearance officer role is meant for the
	55	assignment of dynamic roles only.
	56	"""
[6655]	57	grok.name('waeup.local.ClearanceOfficer')
	58	grok.title(u'Clearance Officer')
	59
	60	class CourseAdviser(grok.Role):
[7168]	61	"""The course adviser role is meant for the
	62	assignment of dynamic roles only.
	63	"""
[6655]	64	grok.name('waeup.local.CourseAdviser')
	65	grok.title(u'Course Adviser')
	66
[7163]	67	class Owner(grok.Role):
	68	grok.name('waeup.local.Owner')
	69	grok.title(u'Owner')
	70	grok.permissions('waeup.editUser')
	71
[7178]	72	# Site Roles
[4789]	73	class PortalUser(grok.Role):
	74	grok.name('waeup.PortalUser')
[6159]	75	grok.title(u'Portal User')
[6125]	76	grok.permissions('waeup.View', 'waeup.Public')
[3521]	77
[7181]	78	class ACManager(grok.Role):
	79	grok.name('waeup.ACManager')
	80	grok.title(u'Access Code Manager')
	81	grok.permissions('waeup.manageACBatches')
	82
[4789]	83	class PortalManager(grok.Role):
	84	grok.name('waeup.PortalManager')
[6159]	85	grok.title(u'Portal Manager')
[4789]	86	grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
[6127]	87	'waeup.View', 'waeup.Public','waeup.manageACBatches',
[6198]	88	'waeup.manageDataCenter','waeup.managePortalSettings',
[6907]	89	'waeup.managePortalConfiguration',
[6622]	90	'waeup.manageApplications', 'waeup.handleApplication',
[7148]	91	'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
	92	'waeup.uploadStudentFile',
[7122]	93	'waeup.viewHostels', 'waeup.manageHostels')
[4789]	94
[7177]	95	def getAllRoles():
[6157]	96	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
	97	"""
	98	return getUtilitiesFor(IRole)
	99
	100	def getWAeUPRoles(also_local=False):
	101	"""Get all WAeUP roles.
	102
	103	WAeUP roles are ordinary roles whose id by convention starts with
	104	a ``waeup.`` prefix.
	105
	106	If `also_local` is ``True`` (``False`` by default), also local
	107	roles are returned. Local WAeUP roles are such whose id starts
	108	with ``waeup.local.`` prefix (this is also a convention).
	109
	110	Returns a generator of the found roles.
	111	"""
[7177]	112	for name, item in getAllRoles():
[6157]	113	if not name.startswith('waeup.'):
[4789]	114	# Ignore non-WAeUP roles...
	115	continue
[6157]	116	if not also_local and name.startswith('waeup.local.'):
	117	# Ignore local roles...
[6045]	118	continue
[6157]	119	yield item
[4789]	120
[6157]	121	def getWAeUPRoleNames():
	122	"""Get the ids of all WAeUP roles.
	123
	124	See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
	125
	126	This function returns a sorted list of WAeUP role names.
	127	"""
	128	return sorted([x.id for x in getWAeUPRoles()])
	129
[6144]	130	class LocalRolesAssignable(grok.Adapter):
	131	"""Default implementation for `ILocalRolesAssignable`.
	132
	133	This adapter returns a list for dictionaries for objects for which
	134	we want to know the roles assignable to them locally.
	135
	136	The returned dicts contain a ``name`` and a ``title`` entry which
	137	give a role (``name``) and a description, for which kind of users
	138	the permission is meant to be used (``title``).
	139
	140	Having this adapter registered we make sure, that for each normal
	141	object we get a valid `ILocalRolesAssignable` adapter.
	142
	143	Objects that want to offer certain local roles, can do so by
[6162]	144	setting a (preferably class-) attribute to a list of role ids.
[6144]	145
	146	You can also define different adapters for different contexts to
	147	have different role lookup mechanisms become available. But in
	148	normal cases it should be sufficient to use this basic adapter.
	149	"""
	150	grok.context(Interface)
	151	grok.provides(ILocalRolesAssignable)
	152
	153	_roles = []
	154
	155	def __init__(self, context):
	156	self.context = context
[6162]	157	role_ids = getattr(context, 'local_roles', self._roles)
[7177]	158	self._roles = [(name, role) for name, role in getAllRoles()
[6162]	159	if name in role_ids]
[6144]	160	return
	161
	162	def __call__(self):
	163	"""Get a list of dictionaries containing ``names`` (the roles to
	164	assign) and ``titles`` (some description of the type of user
	165	to assign each role to).
	166	"""
[6162]	167	return [
	168	dict(
	169	name=name,
	170	title=role.title,
[6163]	171	description=role.description)
[6162]	172	for name, role in self._roles]
[6144]	173
[6163]	174	def get_users_with_local_roles(context):
	175	"""Get a list of dicts representing the local roles set for `context`.
	176
	177	Each dict returns `user_name`, `user_title`, `local_role`,
	178	`local_role_title`, and `setting` for each entry in the local
	179	roles map of the `context` object.
	180	"""
[6202]	181	try:
	182	role_map = IPrincipalRoleMap(context)
	183	except TypeError:
	184	# no map no roles.
	185	raise StopIteration
[6163]	186	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
	187	user = grok.getSite()['users'].get(user_name,None)
	188	user_title = getattr(user, 'description', user_name)
[7177]	189	local_role_title = dict(getAllRoles())[local_role].title
[6163]	190	yield dict(user_name = user_name,
	191	user_title = user_title,
	192	local_role = local_role,
	193	local_role_title = local_role_title,
	194	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: