| 1 | import grok |
|---|
| 2 | from zc.sourcefactory.basic import BasicSourceFactory |
|---|
| 3 | |
|---|
| 4 | class Public(grok.Permission): |
|---|
| 5 | """Everyone-can-do-this-permission. |
|---|
| 6 | |
|---|
| 7 | This permission is meant to be applied to objects/views/pages |
|---|
| 8 | etc., that should be usable/readable by everyone. |
|---|
| 9 | |
|---|
| 10 | We need this to be able to tune default permissions more |
|---|
| 11 | restrictive and open up some dedicated objects like the front |
|---|
| 12 | page. |
|---|
| 13 | """ |
|---|
| 14 | grok.name('waeup.Public') |
|---|
| 15 | |
|---|
| 16 | class Anonymous(grok.Permission): |
|---|
| 17 | """Only-anonymous-can-do-this-permission. |
|---|
| 18 | """ |
|---|
| 19 | grok.name('waeup.Anonymous') |
|---|
| 20 | |
|---|
| 21 | class ViewPermission(grok.Permission): |
|---|
| 22 | grok.name('waeup.View') |
|---|
| 23 | |
|---|
| 24 | class ManageUniversity(grok.Permission): |
|---|
| 25 | grok.name('waeup.manageUniversity') |
|---|
| 26 | |
|---|
| 27 | class ManageUsers(grok.Permission): |
|---|
| 28 | grok.name('waeup.manageUsers') |
|---|
| 29 | |
|---|
| 30 | class FacultyRead(grok.Permission): |
|---|
| 31 | grok.name('waeup.facultyread') |
|---|
| 32 | |
|---|
| 33 | # Application permissions |
|---|
| 34 | class ViewApplication(grok.Permission): |
|---|
| 35 | grok.name('waeup.viewApplication') |
|---|
| 36 | |
|---|
| 37 | class ViewFullApplication(grok.Permission): |
|---|
| 38 | grok.name('waeup.viewFullApplication') |
|---|
| 39 | |
|---|
| 40 | class EditApplication(grok.Permission): |
|---|
| 41 | grok.name('waeup.editApplication') |
|---|
| 42 | |
|---|
| 43 | class EditFullApplication(grok.Permission): |
|---|
| 44 | grok.name('waeup.editFullApplication') |
|---|
| 45 | |
|---|
| 46 | # Roles |
|---|
| 47 | class PortalUser(grok.Role): |
|---|
| 48 | grok.name('waeup.PortalUser') |
|---|
| 49 | grok.permissions('waeup.facultyread', 'waeup.View', 'waeup.Public') |
|---|
| 50 | |
|---|
| 51 | class PortalManager(grok.Role): |
|---|
| 52 | grok.name('waeup.PortalManager') |
|---|
| 53 | grok.permissions('waeup.manageUniversity', 'waeup.manageUsers', |
|---|
| 54 | 'waeup.View', 'waeup.Public','waeup.manageACBatches') |
|---|
| 55 | |
|---|
| 56 | class ApplicationOwner(grok.Role): |
|---|
| 57 | grok.name('waeup.ApplicationOwner') |
|---|
| 58 | grok.permissions('waeup.viewApplication', 'waeup.editApplication') |
|---|
| 59 | |
|---|
| 60 | def getRoles(): |
|---|
| 61 | app = grok.getSite() |
|---|
| 62 | app = None |
|---|
| 63 | manager = None |
|---|
| 64 | if app is not None: |
|---|
| 65 | from zope.securitypolicy.interfaces import IRolePermissionManager |
|---|
| 66 | manager = IRolePermissionManager(app, None) |
|---|
| 67 | else: |
|---|
| 68 | from zope.securitypolicy.rolepermission import ( |
|---|
| 69 | rolePermissionManager as manager) |
|---|
| 70 | role_permission_map = manager.getRolesAndPermissions() |
|---|
| 71 | result = dict() |
|---|
| 72 | for item in role_permission_map: |
|---|
| 73 | if not item[1].startswith('waeup.'): |
|---|
| 74 | # Ignore non-WAeUP roles... |
|---|
| 75 | continue |
|---|
| 76 | result[item[1]] = True |
|---|
| 77 | return sorted(result.keys()) |
|---|
| 78 | |
|---|
| 79 | class RoleSource(BasicSourceFactory): |
|---|
| 80 | def getValues(self): |
|---|
| 81 | return getRoles() |
|---|
| 82 | def getTitle(self, value): |
|---|
| 83 | if isinstance(value, basestring): |
|---|
| 84 | return value.split('.', 2)[1] |
|---|
