source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 4969

import grok
from zc.sourcefactory.basic import BasicSourceFactory

class Public(grok.Permission):
    """Everyone-can-do-this-permission.

    This permission is meant to be applied to objects/views/pages
    etc., that should be usable/readable by everyone.

    We need this to be able to tune default permissions more
    restrictive and open up some dedicated objects like the front
    page.
    """
    grok.name('waeup.Public')

class ViewPermission(grok.Permission):
    grok.name('waeup.View')

class ManageUniversity(grok.Permission):
    grok.name('waeup.manageUniversity')

class ManageUsers(grok.Permission):
    grok.name('waeup.manageUsers')
    
class FacultyRead(grok.Permission):
    grok.name('waeup.facultyread')
    
class PortalUser(grok.Role):
    grok.name('waeup.PortalUser')
    grok.permissions('waeup.facultyread', 'waeup.View', 'waeup.Public')

class PortalManager(grok.Role):
    grok.name('waeup.PortalManager')
    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
                     'waeup.View', 'waeup.Public')

def getRoles():
    app = grok.getSite()
    app = None
    manager = None
    if app is not None:
        from zope.securitypolicy.interfaces import IRolePermissionManager
        manager = IRolePermissionManager(app, None)
    else:
        from zope.securitypolicy.rolepermission import (
            rolePermissionManager as manager)
    role_permission_map =  manager.getRolesAndPermissions()
    result = dict()
    for item in role_permission_map:
        if not item[1].startswith('waeup.'):
            # Ignore non-WAeUP roles...
            continue
        result[item[1]] = True
    return sorted(result.keys())

class RoleSource(BasicSourceFactory):
    def getValues(self):
        return getRoles()
    def getTitle(self, value):
        if isinstance(value, basestring):
            return value.split('.', 2)[1]