| 1 | import grok |
|---|
| 2 | from zc.sourcefactory.basic import BasicSourceFactory |
|---|
| 3 | |
|---|
| 4 | class Public(grok.Permission): |
|---|
| 5 | """Everyone-can-do-this-permission. |
|---|
| 6 | |
|---|
| 7 | This permission is meant to be applied to objects/views/pages |
|---|
| 8 | etc., that should be usable/readable by everyone. |
|---|
| 9 | |
|---|
| 10 | We need this to be able to tune default permissions more |
|---|
| 11 | restrictive and open up some dedicated objects like the front |
|---|
| 12 | page. |
|---|
| 13 | """ |
|---|
| 14 | grok.name('waeup.Public') |
|---|
| 15 | |
|---|
| 16 | class Anonymous(grok.Permission): |
|---|
| 17 | """Only-anonymous-can-do-this-permission. |
|---|
| 18 | """ |
|---|
| 19 | grok.name('waeup.Anonymous') |
|---|
| 20 | |
|---|
| 21 | class ViewPermission(grok.Permission): |
|---|
| 22 | grok.name('waeup.View') |
|---|
| 23 | |
|---|
| 24 | class ManageUniversity(grok.Permission): |
|---|
| 25 | grok.name('waeup.manageUniversity') |
|---|
| 26 | |
|---|
| 27 | class ManageUsers(grok.Permission): |
|---|
| 28 | grok.name('waeup.manageUsers') |
|---|
| 29 | |
|---|
| 30 | # Local Roles |
|---|
| 31 | class DepartmentOfficer(grok.Role): |
|---|
| 32 | grok.name('waeup.local.DepartmentManager') |
|---|
| 33 | grok.permissions('waeup.manageUniversity') |
|---|
| 34 | |
|---|
| 35 | # Global Roles |
|---|
| 36 | class PortalUser(grok.Role): |
|---|
| 37 | grok.name('waeup.PortalUser') |
|---|
| 38 | grok.permissions('waeup.View', 'waeup.Public') |
|---|
| 39 | |
|---|
| 40 | class PortalManager(grok.Role): |
|---|
| 41 | grok.name('waeup.PortalManager') |
|---|
| 42 | grok.permissions('waeup.manageUniversity', 'waeup.manageUsers', |
|---|
| 43 | 'waeup.View', 'waeup.Public','waeup.manageACBatches') |
|---|
| 44 | |
|---|
| 45 | def getRoles(): |
|---|
| 46 | app = grok.getSite() |
|---|
| 47 | app = None |
|---|
| 48 | manager = None |
|---|
| 49 | if app is not None: |
|---|
| 50 | from zope.securitypolicy.interfaces import IRolePermissionManager |
|---|
| 51 | manager = IRolePermissionManager(app, None) |
|---|
| 52 | else: |
|---|
| 53 | from zope.securitypolicy.rolepermission import ( |
|---|
| 54 | rolePermissionManager as manager) |
|---|
| 55 | role_permission_map = manager.getRolesAndPermissions() |
|---|
| 56 | result = dict() |
|---|
| 57 | for item in role_permission_map: |
|---|
| 58 | if not item[1].startswith('waeup.'): |
|---|
| 59 | # Ignore non-WAeUP roles... |
|---|
| 60 | continue |
|---|
| 61 | if item[1].startswith('waeup.local.'): |
|---|
| 62 | continue |
|---|
| 63 | result[item[1]] = True |
|---|
| 64 | return sorted(result.keys()) |
|---|
| 65 | |
|---|
| 66 | class RoleSource(BasicSourceFactory): |
|---|
| 67 | def getValues(self): |
|---|
| 68 | return getRoles() |
|---|
| 69 | def getTitle(self, value): |
|---|
| 70 | if isinstance(value, basestring): |
|---|
| 71 | return value.split('.', 2)[1] |
|---|
