source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6520

Last change on this file since 6520 was 6202, checked in by uli, 13 years ago

#37

  • Property svn:eol-style set to native
File size: 5.4 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalSettings(grok.Permission):
37    grok.name('waeup.managePortalSettings')
38
39class ViewStudents(grok.Permission):
40    grok.name('waeup.viewStudents')
41
42# Local Roles
43class DepartmentOfficer(grok.Role):
44    grok.name('waeup.local.DepartmentOfficer')
45    grok.title(u'Department Officer')
46    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
47
48# Global Roles
49class PortalUser(grok.Role):
50    grok.name('waeup.PortalUser')
51    grok.title(u'Portal User')
52    grok.permissions('waeup.View', 'waeup.Public')
53
54class PortalManager(grok.Role):
55    grok.name('waeup.PortalManager')
56    grok.title(u'Portal Manager')
57    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
58                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
59                     'waeup.manageDataCenter','waeup.managePortalSettings',
60                     'waeup.manageApplications', 'waeup.handleApplication')
61
62def getRoles():
63    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
64    """
65    return getUtilitiesFor(IRole)
66
67def getWAeUPRoles(also_local=False):
68    """Get all WAeUP roles.
69
70    WAeUP roles are ordinary roles whose id by convention starts with
71    a ``waeup.`` prefix.
72
73    If `also_local` is ``True`` (``False`` by default), also local
74    roles are returned. Local WAeUP roles are such whose id starts
75    with ``waeup.local.`` prefix (this is also a convention).
76
77    Returns a generator of the found roles.
78    """
79    for name, item in getRoles():
80        if not name.startswith('waeup.'):
81            # Ignore non-WAeUP roles...
82            continue
83        if not also_local and name.startswith('waeup.local.'):
84            # Ignore local roles...
85            continue
86        yield item
87
88def getWAeUPRoleNames():
89    """Get the ids of all WAeUP roles.
90
91    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
92
93    This function returns a sorted list of WAeUP role names.
94    """
95    return sorted([x.id for x in getWAeUPRoles()])
96
97
98class LocalRolesAssignable(grok.Adapter):
99    """Default implementation for `ILocalRolesAssignable`.
100
101    This adapter returns a list for dictionaries for objects for which
102    we want to know the roles assignable to them locally.
103
104    The returned dicts contain a ``name`` and a ``title`` entry which
105    give a role (``name``) and a description, for which kind of users
106    the permission is meant to be used (``title``).
107
108    Having this adapter registered we make sure, that for each normal
109    object we get a valid `ILocalRolesAssignable` adapter.
110
111    Objects that want to offer certain local roles, can do so by
112    setting a (preferably class-) attribute to a list of role ids.
113
114    You can also define different adapters for different contexts to
115    have different role lookup mechanisms become available. But in
116    normal cases it should be sufficient to use this basic adapter.
117    """
118    grok.context(Interface)
119    grok.provides(ILocalRolesAssignable)
120
121    _roles = []
122
123    def __init__(self, context):
124        self.context = context
125        role_ids = getattr(context, 'local_roles', self._roles)
126        self._roles = [(name, role) for name, role in getRoles()
127                       if name in role_ids]
128        return
129
130    def __call__(self):
131        """Get a list of dictionaries containing ``names`` (the roles to
132        assign) and ``titles`` (some description of the type of user
133        to assign each role to).
134        """
135        return [
136            dict(
137                name=name,
138                title=role.title,
139                description=role.description)
140            for name, role in self._roles]
141
142def get_users_with_local_roles(context):
143    """Get a list of dicts representing the local roles set for `context`.
144
145    Each dict returns `user_name`, `user_title`, `local_role`,
146    `local_role_title`, and `setting` for each entry in the local
147    roles map of the `context` object.
148    """
149    try:
150        role_map = IPrincipalRoleMap(context)
151    except TypeError:
152        # no map no roles.
153        raise StopIteration
154    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
155        user = grok.getSite()['users'].get(user_name,None)
156        user_title = getattr(user, 'description', user_name)
157        local_role_title = dict(getRoles())[local_role].title
158        yield dict(user_name = user_name,
159                   user_title = user_title,
160                   local_role = local_role,
161                   local_role_title = local_role_title,
162                   setting = setting)
Note: See TracBrowser for help on using the repository browser.