source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7188

Last change on this file since 7188 was 7188, checked in by Henrik Bettermann, 13 years ago

Add test for MyRolesPage? in w.s.b.pages. Even if this page is defined in another package, it's a good place to test it.

permissions.py: Fix typo

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.7 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6from waeup.sirp.utils.helpers import get_user_account
7
8class Public(grok.Permission):
9    """Everyone-can-do-this-permission.
10
11    This permission is meant to be applied to objects/views/pages
12    etc., that should be usable/readable by everyone.
13
14    We need this to be able to tune default permissions more
15    restrictive and open up some dedicated objects like the front
16    page.
17    """
18    grok.name('waeup.Public')
19
20class Anonymous(grok.Permission):
21    """Only-anonymous-can-do-this-permission.
22    """
23    grok.name('waeup.Anonymous')
24
25class Authenticated(grok.Permission):
26    """Only-logged-in-users-can-do-this-permission.
27    """
28    grok.name('waeup.Authenticated')
29
30class ViewAcademicsPermission(grok.Permission):
31    grok.name('waeup.viewAcademics')
32
33class ManageUniversity(grok.Permission):
34    grok.name('waeup.manageUniversity')
35
36class ManageUsers(grok.Permission):
37    grok.name('waeup.manageUsers')
38
39class EditUser(grok.Permission):
40    grok.name('waeup.editUser')
41
42class ManageDataCenter(grok.Permission):
43    grok.name('waeup.manageDataCenter')
44
45class ManagePortalConfiguration(grok.Permission):
46    grok.name('waeup.managePortalConfiguration')
47
48class ManageACBatches(grok.Permission):
49    grok.name('waeup.manageACBatches')
50
51# Local Roles
52class DepartmentManager(grok.Role):
53    grok.name('waeup.local.DepartmentManager')
54    grok.title(u'Department Manager')
55    grok.permissions('waeup.manageUniversity')
56
57class ClearanceOfficer(grok.Role):
58    """The clearance officer role is meant for the
59    assignment of dynamic roles only.
60    """
61    grok.name('waeup.local.ClearanceOfficer')
62    grok.title(u'Clearance Officer')
63
64class CourseAdviser(grok.Role):
65    """The course adviser role is meant for the
66    assignment of dynamic roles only.
67    """
68    grok.name('waeup.local.CourseAdviser')
69    grok.title(u'Course Adviser')
70
71class Owner(grok.Role):
72    grok.name('waeup.local.Owner')
73    grok.title(u'Owner')
74    grok.permissions('waeup.editUser')
75
76# Site Roles
77class AcademicsOfficer(grok.Role):
78    grok.name('waeup.AcademicsOfficer')
79    grok.title(u'Academics Officer (view only)')
80    grok.permissions('waeup.viewAcademics')
81
82class ACManager(grok.Role):
83    grok.name('waeup.ACManager')
84    grok.title(u'Access Code Manager')
85    grok.permissions('waeup.manageACBatches')
86
87class PortalManager(grok.Role):
88    grok.name('waeup.PortalManager')
89    grok.title(u'Portal Manager')
90    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
91                     'waeup.viewAcademics', 'waeup.manageACBatches',
92                     'waeup.manageDataCenter','waeup.managePortalSettings',
93                     'waeup.managePortalConfiguration', 'waeup.viewApplication',
94                     'waeup.manageApplication', 'waeup.handleApplication',
95                     'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
96                     'waeup.uploadStudentFile', 'waeup.viewStudents',
97                     'waeup.viewHostels', 'waeup.manageHostels')
98
99def get_all_roles():
100    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
101    """
102    return getUtilitiesFor(IRole)
103
104def get_waeup_roles(also_local=False):
105    """Get all WAeUP roles.
106
107    WAeUP roles are ordinary roles whose id by convention starts with
108    a ``waeup.`` prefix.
109
110    If `also_local` is ``True`` (``False`` by default), also local
111    roles are returned. Local WAeUP roles are such whose id starts
112    with ``waeup.local.`` prefix (this is also a convention).
113
114    Returns a generator of the found roles.
115    """
116    for name, item in get_all_roles():
117        if not name.startswith('waeup.'):
118            # Ignore non-WAeUP roles...
119            continue
120        if not also_local and name.startswith('waeup.local.'):
121            # Ignore local roles...
122            continue
123        yield item
124
125def get_waeup_role_names():
126    """Get the ids of all WAeUP roles.
127
128    See :func:`get_waeup_roles` for what a 'WAeUPRole' is.
129
130    This function returns a sorted list of WAeUP role names.
131    """
132    return sorted([x.id for x in get_waeup_roles()])
133
134class LocalRolesAssignable(grok.Adapter):
135    """Default implementation for `ILocalRolesAssignable`.
136
137    This adapter returns a list for dictionaries for objects for which
138    we want to know the roles assignable to them locally.
139
140    The returned dicts contain a ``name`` and a ``title`` entry which
141    give a role (``name``) and a description, for which kind of users
142    the permission is meant to be used (``title``).
143
144    Having this adapter registered we make sure, that for each normal
145    object we get a valid `ILocalRolesAssignable` adapter.
146
147    Objects that want to offer certain local roles, can do so by
148    setting a (preferably class-) attribute to a list of role ids.
149
150    You can also define different adapters for different contexts to
151    have different role lookup mechanisms become available. But in
152    normal cases it should be sufficient to use this basic adapter.
153    """
154    grok.context(Interface)
155    grok.provides(ILocalRolesAssignable)
156
157    _roles = []
158
159    def __init__(self, context):
160        self.context = context
161        role_ids = getattr(context, 'local_roles', self._roles)
162        self._roles = [(name, role) for name, role in get_all_roles()
163                       if name in role_ids]
164        return
165
166    def __call__(self):
167        """Get a list of dictionaries containing ``names`` (the roles to
168        assign) and ``titles`` (some description of the type of user
169        to assign each role to).
170        """
171        return [
172            dict(
173                name=name,
174                title=role.title,
175                description=role.description)
176            for name, role in self._roles]
177
178def get_users_with_local_roles(context):
179    """Get a list of dicts representing the local roles set for `context`.
180
181    Each dict returns `user_name`, `user_title`, `local_role`,
182    `local_role_title`, and `setting` for each entry in the local
183    roles map of the `context` object.
184    """
185    try:
186        role_map = IPrincipalRoleMap(context)
187    except TypeError:
188        # no map no roles.
189        raise StopIteration
190    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
191        user = grok.getSite()['users'].get(user_name,None)
192        user_title = getattr(user, 'description', user_name)
193        local_role_title = dict(get_all_roles())[local_role].title
194        yield dict(user_name = user_name,
195                   user_title = user_title,
196                   local_role = local_role,
197                   local_role_title = local_role_title,
198                   setting = setting)
Note: See TracBrowser for help on using the repository browser.