import grok from zc.sourcefactory.basic import BasicSourceFactory class Public(grok.Permission): """Everyone-can-do-this-permission. This permission is meant to be applied to objects/views/pages etc., that should be usable/readable by everyone. We need this to be able to tune default permissions more restrictive and open up some dedicated objects like the front page. """ grok.name('waeup.Public') class Anonymous(grok.Permission): """Only-anonymous-can-do-this-permission. """ grok.name('waeup.Anonymous') class ViewPermission(grok.Permission): grok.name('waeup.View') class ManageUniversity(grok.Permission): grok.name('waeup.manageUniversity') class ManageUsers(grok.Permission): grok.name('waeup.manageUsers') class FacultyRead(grok.Permission): grok.name('waeup.facultyread') # Roles class PortalUser(grok.Role): grok.name('waeup.PortalUser') grok.permissions('waeup.facultyread', 'waeup.View', 'waeup.Public') class PortalManager(grok.Role): grok.name('waeup.PortalManager') grok.permissions('waeup.manageUniversity', 'waeup.manageUsers', 'waeup.View', 'waeup.Public','waeup.manageACBatches') def getRoles(): app = grok.getSite() app = None manager = None if app is not None: from zope.securitypolicy.interfaces import IRolePermissionManager manager = IRolePermissionManager(app, None) else: from zope.securitypolicy.rolepermission import ( rolePermissionManager as manager) role_permission_map = manager.getRolesAndPermissions() result = dict() for item in role_permission_map: if not item[1].startswith('waeup.'): # Ignore non-WAeUP roles... continue if item[1].startswith('waeup.local.'): continue result[item[1]] = True return sorted(result.keys()) class RoleSource(BasicSourceFactory): def getValues(self): return getRoles() def getTitle(self, value): if isinstance(value, basestring): return value.split('.', 2)[1]