source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6160

Last change on this file since 6160 was 6160, checked in by Henrik Bettermann, 13 years ago

Change class attribute from list of dicts to dict. This makes configuration less error-prone.
  • Property svn:eol-style set to native
File size: 4.4 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalSettings(grok.Permission):
37    grok.name('waeup.managePortalSettings')
38
39class ViewStudents(grok.Permission):
40    grok.name('waeup.viewStudents')
41
42# Local Roles
43class DepartmentOfficer(grok.Role):
44    grok.name('waeup.local.DepartmentOfficer')
45    grok.title(u'Department Officer')
46    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
47
48# Global Roles
49class PortalUser(grok.Role):
50    grok.name('waeup.PortalUser')
51    grok.title(u'Portal User')
52    grok.permissions('waeup.View', 'waeup.Public')
53
54class PortalManager(grok.Role):
55    grok.name('waeup.PortalManager')
56    grok.title(u'Portal Manager')
57    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
58                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
59                     'waeup.manageDataCenter','waeup.managePortalSettings')
60
61def getRoles():
62    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
63    """
64    return getUtilitiesFor(IRole)
65
66def getWAeUPRoles(also_local=False):
67    """Get all WAeUP roles.
68
69    WAeUP roles are ordinary roles whose id by convention starts with
70    a ``waeup.`` prefix.
71
72    If `also_local` is ``True`` (``False`` by default), also local
73    roles are returned. Local WAeUP roles are such whose id starts
74    with ``waeup.local.`` prefix (this is also a convention).
75
76    Returns a generator of the found roles.
77    """
78    for name, item in getRoles():
79        if not name.startswith('waeup.'):
80            # Ignore non-WAeUP roles...
81            continue
82        if not also_local and name.startswith('waeup.local.'):
83            # Ignore local roles...
84            continue
85        yield item
86
87def getWAeUPRoleNames():
88    """Get the ids of all WAeUP roles.
89
90    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
91
92    This function returns a sorted list of WAeUP role names.
93    """
94    return sorted([x.id for x in getWAeUPRoles()])
95
96
97class LocalRolesAssignable(grok.Adapter):
98    """Default implementation for `ILocalRolesAssignable`.
99
100    This adapter returns a list for dictionaries for objects for which
101    we want to know the roles assignable to them locally.
102
103    The returned dicts contain a ``name`` and a ``title`` entry which
104    give a role (``name``) and a description, for which kind of users
105    the permission is meant to be used (``title``).
106
107    Having this adapter registered we make sure, that for each normal
108    object we get a valid `ILocalRolesAssignable` adapter.
109
110    Objects that want to offer certain local roles, can do so by
111    setting a (preferably class-) attribute to a list of dictionaries.
112
113    You can also define different adapters for different contexts to
114    have different role lookup mechanisms become available. But in
115    normal cases it should be sufficient to use this basic adapter.
116    """
117    grok.context(Interface)
118    grok.provides(ILocalRolesAssignable)
119
120    _roles = []
121
122    def __init__(self, context):
123        self.context = context
124        self._roles = getattr(context, 'local_roles', self._roles)
125        return
126
127    def __call__(self):
128        """Get a list of dictionaries containing ``names`` (the roles to
129        assign) and ``titles`` (some description of the type of user
130        to assign each role to).
131        """
132        list_of_dict = [dict(name=x, title=self._roles[x]) for x in self._roles.keys()]
133        return list_of_dict
134
135    def roles(self):
136        """Return a list of roles assignable to the context object.
137        """
138        return self._roles.keys()
Note: See TracBrowser for help on using the repository browser.