source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6627

Last change on this file since 6627 was 6622, checked in by Henrik Bettermann, 13 years ago

Add some basic UI stuff to start and to play with.

  • Property svn:eol-style set to native
File size: 5.6 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalSettings(grok.Permission):
37    grok.name('waeup.managePortalSettings')
38
39class ViewStudents(grok.Permission):
40    grok.name('waeup.viewStudents')
41
42class ManageStudents(grok.Permission):
43    grok.name('waeup.manageStudents')
44
45# Local Roles
46class DepartmentOfficer(grok.Role):
47    grok.name('waeup.local.DepartmentOfficer')
48    grok.title(u'Department Officer')
49    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
50
51# Global Roles
52class PortalUser(grok.Role):
53    grok.name('waeup.PortalUser')
54    grok.title(u'Portal User')
55    grok.permissions('waeup.View', 'waeup.Public')
56
57class PortalManager(grok.Role):
58    grok.name('waeup.PortalManager')
59    grok.title(u'Portal Manager')
60    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
61                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
62                     'waeup.manageDataCenter','waeup.managePortalSettings',
63                     'waeup.manageApplications', 'waeup.handleApplication',
64                     'waeup.viewStudents', 'waeup.manageStudents')
65
66def getRoles():
67    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
68    """
69    return getUtilitiesFor(IRole)
70
71def getWAeUPRoles(also_local=False):
72    """Get all WAeUP roles.
73
74    WAeUP roles are ordinary roles whose id by convention starts with
75    a ``waeup.`` prefix.
76
77    If `also_local` is ``True`` (``False`` by default), also local
78    roles are returned. Local WAeUP roles are such whose id starts
79    with ``waeup.local.`` prefix (this is also a convention).
80
81    Returns a generator of the found roles.
82    """
83    for name, item in getRoles():
84        if not name.startswith('waeup.'):
85            # Ignore non-WAeUP roles...
86            continue
87        if not also_local and name.startswith('waeup.local.'):
88            # Ignore local roles...
89            continue
90        yield item
91
92def getWAeUPRoleNames():
93    """Get the ids of all WAeUP roles.
94
95    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
96
97    This function returns a sorted list of WAeUP role names.
98    """
99    return sorted([x.id for x in getWAeUPRoles()])
100
101
102class LocalRolesAssignable(grok.Adapter):
103    """Default implementation for `ILocalRolesAssignable`.
104
105    This adapter returns a list for dictionaries for objects for which
106    we want to know the roles assignable to them locally.
107
108    The returned dicts contain a ``name`` and a ``title`` entry which
109    give a role (``name``) and a description, for which kind of users
110    the permission is meant to be used (``title``).
111
112    Having this adapter registered we make sure, that for each normal
113    object we get a valid `ILocalRolesAssignable` adapter.
114
115    Objects that want to offer certain local roles, can do so by
116    setting a (preferably class-) attribute to a list of role ids.
117
118    You can also define different adapters for different contexts to
119    have different role lookup mechanisms become available. But in
120    normal cases it should be sufficient to use this basic adapter.
121    """
122    grok.context(Interface)
123    grok.provides(ILocalRolesAssignable)
124
125    _roles = []
126
127    def __init__(self, context):
128        self.context = context
129        role_ids = getattr(context, 'local_roles', self._roles)
130        self._roles = [(name, role) for name, role in getRoles()
131                       if name in role_ids]
132        return
133
134    def __call__(self):
135        """Get a list of dictionaries containing ``names`` (the roles to
136        assign) and ``titles`` (some description of the type of user
137        to assign each role to).
138        """
139        return [
140            dict(
141                name=name,
142                title=role.title,
143                description=role.description)
144            for name, role in self._roles]
145
146def get_users_with_local_roles(context):
147    """Get a list of dicts representing the local roles set for `context`.
148
149    Each dict returns `user_name`, `user_title`, `local_role`,
150    `local_role_title`, and `setting` for each entry in the local
151    roles map of the `context` object.
152    """
153    try:
154        role_map = IPrincipalRoleMap(context)
155    except TypeError:
156        # no map no roles.
157        raise StopIteration
158    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
159        user = grok.getSite()['users'].get(user_name,None)
160        user_title = getattr(user, 'description', user_name)
161        local_role_title = dict(getRoles())[local_role].title
162        yield dict(user_name = user_name,
163                   user_title = user_title,
164                   local_role = local_role,
165                   local_role_title = local_role_title,
166                   setting = setting)
Note: See TracBrowser for help on using the repository browser.