source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7181

Last change on this file since 7181 was 7181, checked in by Henrik Bettermann, 14 years ago

StudentsOfficers? are not allowed to view the accommodation and payments containers of students. We therefore use the dedicated permissions waeup.handleAccommodation and waeup.payStudent.

Add role waeup.ACManager with permission waeup.manageACBatches which has already been uses in accesscodes.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.4 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6from waeup.sirp.utils.helpers import get_user_account
7
8class Public(grok.Permission):
9    """Everyone-can-do-this-permission.
10
11    This permission is meant to be applied to objects/views/pages
12    etc., that should be usable/readable by everyone.
13
14    We need this to be able to tune default permissions more
15    restrictive and open up some dedicated objects like the front
16    page.
17    """
18    grok.name('waeup.Public')
19
20class Anonymous(grok.Permission):
21    """Only-anonymous-can-do-this-permission.
22    """
23    grok.name('waeup.Anonymous')
24
25class ViewPermission(grok.Permission):
26    grok.name('waeup.View')
27
28class ManageUniversity(grok.Permission):
29    grok.name('waeup.manageUniversity')
30
31class ManageUsers(grok.Permission):
32    grok.name('waeup.manageUsers')
33
34class EditUser(grok.Permission):
35    grok.name('waeup.editUser')
36
37class ManageDataCenter(grok.Permission):
38    grok.name('waeup.manageDataCenter')
39
40class ManagePortalConfiguration(grok.Permission):
41    grok.name('waeup.managePortalConfiguration')
42
43class ManageACBatches(grok.Permission):
44    grok.name('waeup.manageACBatches')
45
46# Local Roles
47class DepartmentOfficer(grok.Role):
48    grok.name('waeup.local.DepartmentOfficer')
49    grok.title(u'Department Officer')
50    grok.permissions('waeup.manageUniversity')
51
52
53class ClearanceOfficer(grok.Role):
54    """The clearance officer role is meant for the
55    assignment of dynamic roles only.
56    """
57    grok.name('waeup.local.ClearanceOfficer')
58    grok.title(u'Clearance Officer')
59
60class CourseAdviser(grok.Role):
61    """The course adviser role is meant for the
62    assignment of dynamic roles only.
63    """
64    grok.name('waeup.local.CourseAdviser')
65    grok.title(u'Course Adviser')
66
67class Owner(grok.Role):
68    grok.name('waeup.local.Owner')
69    grok.title(u'Owner')
70    grok.permissions('waeup.editUser')
71
72# Site Roles
73class PortalUser(grok.Role):
74    grok.name('waeup.PortalUser')
75    grok.title(u'Portal User')
76    grok.permissions('waeup.View', 'waeup.Public')
77
78class ACManager(grok.Role):
79    grok.name('waeup.ACManager')
80    grok.title(u'Access Code Manager')
81    grok.permissions('waeup.manageACBatches')
82
83class PortalManager(grok.Role):
84    grok.name('waeup.PortalManager')
85    grok.title(u'Portal Manager')
86    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
87                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
88                     'waeup.manageDataCenter','waeup.managePortalSettings',
89                     'waeup.managePortalConfiguration',
90                     'waeup.manageApplications', 'waeup.handleApplication',
91                     'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
92                     'waeup.uploadStudentFile',
93                     'waeup.viewHostels', 'waeup.manageHostels')
94
95def getAllRoles():
96    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
97    """
98    return getUtilitiesFor(IRole)
99
100def getWAeUPRoles(also_local=False):
101    """Get all WAeUP roles.
102
103    WAeUP roles are ordinary roles whose id by convention starts with
104    a ``waeup.`` prefix.
105
106    If `also_local` is ``True`` (``False`` by default), also local
107    roles are returned. Local WAeUP roles are such whose id starts
108    with ``waeup.local.`` prefix (this is also a convention).
109
110    Returns a generator of the found roles.
111    """
112    for name, item in getAllRoles():
113        if not name.startswith('waeup.'):
114            # Ignore non-WAeUP roles...
115            continue
116        if not also_local and name.startswith('waeup.local.'):
117            # Ignore local roles...
118            continue
119        yield item
120
121def getWAeUPRoleNames():
122    """Get the ids of all WAeUP roles.
123
124    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
125
126    This function returns a sorted list of WAeUP role names.
127    """
128    return sorted([x.id for x in getWAeUPRoles()])
129
130class LocalRolesAssignable(grok.Adapter):
131    """Default implementation for `ILocalRolesAssignable`.
132
133    This adapter returns a list for dictionaries for objects for which
134    we want to know the roles assignable to them locally.
135
136    The returned dicts contain a ``name`` and a ``title`` entry which
137    give a role (``name``) and a description, for which kind of users
138    the permission is meant to be used (``title``).
139
140    Having this adapter registered we make sure, that for each normal
141    object we get a valid `ILocalRolesAssignable` adapter.
142
143    Objects that want to offer certain local roles, can do so by
144    setting a (preferably class-) attribute to a list of role ids.
145
146    You can also define different adapters for different contexts to
147    have different role lookup mechanisms become available. But in
148    normal cases it should be sufficient to use this basic adapter.
149    """
150    grok.context(Interface)
151    grok.provides(ILocalRolesAssignable)
152
153    _roles = []
154
155    def __init__(self, context):
156        self.context = context
157        role_ids = getattr(context, 'local_roles', self._roles)
158        self._roles = [(name, role) for name, role in getAllRoles()
159                       if name in role_ids]
160        return
161
162    def __call__(self):
163        """Get a list of dictionaries containing ``names`` (the roles to
164        assign) and ``titles`` (some description of the type of user
165        to assign each role to).
166        """
167        return [
168            dict(
169                name=name,
170                title=role.title,
171                description=role.description)
172            for name, role in self._roles]
173
174def get_users_with_local_roles(context):
175    """Get a list of dicts representing the local roles set for `context`.
176
177    Each dict returns `user_name`, `user_title`, `local_role`,
178    `local_role_title`, and `setting` for each entry in the local
179    roles map of the `context` object.
180    """
181    try:
182        role_map = IPrincipalRoleMap(context)
183    except TypeError:
184        # no map no roles.
185        raise StopIteration
186    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
187        user = grok.getSite()['users'].get(user_name,None)
188        user_title = getattr(user, 'description', user_name)
189        local_role_title = dict(getAllRoles())[local_role].title
190        yield dict(user_name = user_name,
191                   user_title = user_title,
192                   local_role = local_role,
193                   local_role_title = local_role_title,
194                   setting = setting)
Note: See TracBrowser for help on using the repository browser.