Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6163

Last change on this file since 6163 was 6163, checked in by uli, 13 years ago
Move get_users_with_local_roles and shorten it.
Property svn:eol-style set to `native`
File size: 5.4 KB

Line
1	import grok
2	from zope.component import getUtilitiesFor
3	from zope.interface import Interface
4	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5	from waeup.sirp.interfaces import ILocalRolesAssignable
6
7	class Public(grok.Permission):
8	"""Everyone-can-do-this-permission.
9
10	This permission is meant to be applied to objects/views/pages
11	etc., that should be usable/readable by everyone.
12
13	We need this to be able to tune default permissions more
14	restrictive and open up some dedicated objects like the front
15	page.
16	"""
17	grok.name('waeup.Public')
18
19	class Anonymous(grok.Permission):
20	"""Only-anonymous-can-do-this-permission.
21	"""
22	grok.name('waeup.Anonymous')
23
24	class ViewPermission(grok.Permission):
25	grok.name('waeup.View')
26
27	class ManageUniversity(grok.Permission):
28	grok.name('waeup.manageUniversity')
29
30	class ManageUsers(grok.Permission):
31	grok.name('waeup.manageUsers')
32
33	class ManageDataCenter(grok.Permission):
34	grok.name('waeup.manageDataCenter')
35
36	class ManagePortalSettings(grok.Permission):
37	grok.name('waeup.managePortalSettings')
38
39	class ViewStudents(grok.Permission):
40	grok.name('waeup.viewStudents')
41
42	# Local Roles
43	class DepartmentOfficer(grok.Role):
44	grok.name('waeup.local.DepartmentOfficer')
45	grok.title(u'Department Officer')
46	grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
47
48	# Global Roles
49	class PortalUser(grok.Role):
50	grok.name('waeup.PortalUser')
51	grok.title(u'Portal User')
52	grok.permissions('waeup.View', 'waeup.Public')
53
54	class PortalManager(grok.Role):
55	grok.name('waeup.PortalManager')
56	grok.title(u'Portal Manager')
57	grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
58	'waeup.View', 'waeup.Public','waeup.manageACBatches',
59	'waeup.manageDataCenter','waeup.managePortalSettings')
60
61	def getRoles():
62	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
63	"""
64	return getUtilitiesFor(IRole)
65
66	def getWAeUPRoles(also_local=False):
67	"""Get all WAeUP roles.
68
69	WAeUP roles are ordinary roles whose id by convention starts with
70	a ``waeup.`` prefix.
71
72	If `also_local` is ``True`` (``False`` by default), also local
73	roles are returned. Local WAeUP roles are such whose id starts
74	with ``waeup.local.`` prefix (this is also a convention).
75
76	Returns a generator of the found roles.
77	"""
78	for name, item in getRoles():
79	if not name.startswith('waeup.'):
80	# Ignore non-WAeUP roles...
81	continue
82	if not also_local and name.startswith('waeup.local.'):
83	# Ignore local roles...
84	continue
85	yield item
86
87	def getWAeUPRoleNames():
88	"""Get the ids of all WAeUP roles.
89
90	See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
91
92	This function returns a sorted list of WAeUP role names.
93	"""
94	return sorted([x.id for x in getWAeUPRoles()])
95
96
97	class LocalRolesAssignable(grok.Adapter):
98	"""Default implementation for `ILocalRolesAssignable`.
99
100	This adapter returns a list for dictionaries for objects for which
101	we want to know the roles assignable to them locally.
102
103	The returned dicts contain a ``name`` and a ``title`` entry which
104	give a role (``name``) and a description, for which kind of users
105	the permission is meant to be used (``title``).
106
107	Having this adapter registered we make sure, that for each normal
108	object we get a valid `ILocalRolesAssignable` adapter.
109
110	Objects that want to offer certain local roles, can do so by
111	setting a (preferably class-) attribute to a list of role ids.
112
113	You can also define different adapters for different contexts to
114	have different role lookup mechanisms become available. But in
115	normal cases it should be sufficient to use this basic adapter.
116	"""
117	grok.context(Interface)
118	grok.provides(ILocalRolesAssignable)
119
120	_roles = []
121
122	def __init__(self, context):
123	self.context = context
124	role_ids = getattr(context, 'local_roles', self._roles)
125	self._roles = [(name, role) for name, role in getRoles()
126	if name in role_ids]
127	return
128
129	def __call__(self):
130	"""Get a list of dictionaries containing ``names`` (the roles to
131	assign) and ``titles`` (some description of the type of user
132	to assign each role to).
133	"""
134	return [
135	dict(
136	name=name,
137	title=role.title,
138	description=role.description)
139	for name, role in self._roles]
140
141	def roles(self):
142	"""Return a list of roles assignable to the context object.
143	"""
144	return [name for name, role in self._roles]
145
146	def get_users_with_local_roles(context):
147	"""Get a list of dicts representing the local roles set for `context`.
148
149	Each dict returns `user_name`, `user_title`, `local_role`,
150	`local_role_title`, and `setting` for each entry in the local
151	roles map of the `context` object.
152	"""
153	role_map = IPrincipalRoleMap(context)
154	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
155	user = grok.getSite()['users'].get(user_name,None)
156	user_title = getattr(user, 'description', user_name)
157	local_role_title = getRoles()[local_role].title
158	yield dict(user_name = user_name,
159	user_title = user_title,
160	local_role = local_role,
161	local_role_title = local_role_title,
162	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: