source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6155

import grok
from zope.interface import Interface
from waeup.sirp.interfaces import ILocalRolesAssignable

class Public(grok.Permission):
    """Everyone-can-do-this-permission.

    This permission is meant to be applied to objects/views/pages
    etc., that should be usable/readable by everyone.

    We need this to be able to tune default permissions more
    restrictive and open up some dedicated objects like the front
    page.
    """
    grok.name('waeup.Public')

class Anonymous(grok.Permission):
    """Only-anonymous-can-do-this-permission.
    """
    grok.name('waeup.Anonymous')

class ViewPermission(grok.Permission):
    grok.name('waeup.View')

class ManageUniversity(grok.Permission):
    grok.name('waeup.manageUniversity')

class ManageUsers(grok.Permission):
    grok.name('waeup.manageUsers')

class ManageDataCenter(grok.Permission):
    grok.name('waeup.manageDataCenter')

class ManagePortalSettings(grok.Permission):
    grok.name('waeup.managePortalSettings')

class ViewStudents(grok.Permission):
    grok.name('waeup.viewStudents')

# Local Roles
class DepartmentOfficer(grok.Role):
    grok.name('waeup.local.DepartmentOfficer')
    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')

# Global Roles
class PortalUser(grok.Role):
    grok.name('waeup.PortalUser')
    grok.permissions('waeup.View', 'waeup.Public')

class PortalManager(grok.Role):
    grok.name('waeup.PortalManager')
    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
                     'waeup.manageDataCenter','waeup.managePortalSettings')

def getRoles():
    app = grok.getSite()
    app = None
    manager = None
    if app is not None:
        from zope.securitypolicy.interfaces import IRolePermissionManager
        manager = IRolePermissionManager(app, None)
    else:
        from zope.securitypolicy.rolepermission import (
            rolePermissionManager as manager)
    role_permission_map =  manager.getRolesAndPermissions()
    result = dict()
    for item in role_permission_map:
        if not item[1].startswith('waeup.'):
            # Ignore non-WAeUP roles...
            continue
        if item[1].startswith('waeup.local.'):
            continue
        result[item[1]] = True
    return sorted(result.keys())

class LocalRolesAssignable(grok.Adapter):
    """Default implementation for `ILocalRolesAssignable`.

    This adapter returns a list for dictionaries for objects for which
    we want to know the roles assignable to them locally.

    The returned dicts contain a ``name`` and a ``title`` entry which
    give a role (``name``) and a description, for which kind of users
    the permission is meant to be used (``title``).

    Having this adapter registered we make sure, that for each normal
    object we get a valid `ILocalRolesAssignable` adapter.

    Objects that want to offer certain local roles, can do so by
    setting a (preferably class-) attribute to a list of dictionaries.

    You can also define different adapters for different contexts to
    have different role lookup mechanisms become available. But in
    normal cases it should be sufficient to use this basic adapter.
    """
    grok.context(Interface)
    grok.provides(ILocalRolesAssignable)

    _roles = []

    def __init__(self, context):
        self.context = context
        self._roles = getattr(context, 'local_roles', self._roles)
        return

    def __call__(self):
        """Get a list of dictionaries containing ``names`` (the roles to
        assign) and ``titles`` (some description of the type of user
        to assign each role to).
        """
        return self._roles

    def roles(self):
        """Return a list of roles assignable to the context object.
        """
        return [x['name'] for x in self._roles]