source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6149

Last change on this file since 6149 was 6148, checked in by Henrik Bettermann, 14 years ago

Use a waeup.viewStudents permission to reserve the waeup.View permission for the academic section. This permission should be renamed later to waeup.viewAcademics.

  • Property svn:eol-style set to native
File size: 3.8 KB
Line 
1import grok
2from zope.interface import Interface
3from waeup.sirp.interfaces import ILocalRolesAssignable
4
5class Public(grok.Permission):
6    """Everyone-can-do-this-permission.
7
8    This permission is meant to be applied to objects/views/pages
9    etc., that should be usable/readable by everyone.
10
11    We need this to be able to tune default permissions more
12    restrictive and open up some dedicated objects like the front
13    page.
14    """
15    grok.name('waeup.Public')
16
17class Anonymous(grok.Permission):
18    """Only-anonymous-can-do-this-permission.
19    """
20    grok.name('waeup.Anonymous')
21
22class ViewPermission(grok.Permission):
23    grok.name('waeup.View')
24
25class ManageUniversity(grok.Permission):
26    grok.name('waeup.manageUniversity')
27
28class ManageUsers(grok.Permission):
29    grok.name('waeup.manageUsers')
30
31class ManageDataCenter(grok.Permission):
32    grok.name('waeup.manageDataCenter')
33
34class ManagePortalSettings(grok.Permission):
35    grok.name('waeup.managePortalSettings')
36   
37class ViewStudents(grok.Permission):
38    grok.name('waeup.viewStudents')
39
40# Local Roles
41class DepartmentOfficer(grok.Role):
42    grok.name('waeup.local.DepartmentOfficer')
43    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
44
45# Global Roles
46class PortalUser(grok.Role):
47    grok.name('waeup.PortalUser')
48    grok.permissions('waeup.View', 'waeup.Public')
49
50class PortalManager(grok.Role):
51    grok.name('waeup.PortalManager')
52    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
53                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
54                     'waeup.manageDataCenter','waeup.managePortalSettings')
55
56def getRoles():
57    app = grok.getSite()
58    app = None
59    manager = None
60    if app is not None:
61        from zope.securitypolicy.interfaces import IRolePermissionManager
62        manager = IRolePermissionManager(app, None)
63    else:
64        from zope.securitypolicy.rolepermission import (
65            rolePermissionManager as manager)
66    role_permission_map =  manager.getRolesAndPermissions()
67    result = dict()
68    for item in role_permission_map:
69        if not item[1].startswith('waeup.'):
70            # Ignore non-WAeUP roles...
71            continue
72        if item[1].startswith('waeup.local.'):
73            continue
74        result[item[1]] = True
75    return sorted(result.keys())
76
77class LocalRolesAssignable(grok.Adapter):
78    """Default implementation for `ILocalRolesAssignable`.
79
80    This adapter returns a list for dictionaries for objects for which
81    we want to know the roles assignable to them locally.
82
83    The returned dicts contain a ``name`` and a ``title`` entry which
84    give a role (``name``) and a description, for which kind of users
85    the permission is meant to be used (``title``).
86
87    Having this adapter registered we make sure, that for each normal
88    object we get a valid `ILocalRolesAssignable` adapter.
89
90    Objects that want to offer certain local roles, can do so by
91    setting a (preferably class-) attribute to a list of dictionaries.
92
93    You can also define different adapters for different contexts to
94    have different role lookup mechanisms become available. But in
95    normal cases it should be sufficient to use this basic adapter.
96    """
97    grok.context(Interface)
98    grok.provides(ILocalRolesAssignable)
99
100    _roles = []
101
102    def __init__(self, context):
103        self.context = context
104        self._roles = getattr(context, 'local_roles', self._roles)
105        return
106
107    def __call__(self):
108        """Get a list of dictionaries containing ``names`` (the roles to
109        assign) and ``titles`` (some description of the type of user
110        to assign each role to).
111        """
112        return self._roles
113
114    def roles(self):
115        """Return a list of roles assignable to the context object.
116        """
117        return [x['name'] for x in self._roles]
Note: See TracBrowser for help on using the repository browser.