Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6198

Last change on this file since 6198 was 6198, checked in by Henrik Bettermann, 13 years ago

Convert waeup.local.ApplicationsOfficer? to waeup.ApplicationsOfficer?.
Change and simplify permission settings in application section.
Assign application section permissions to Portal Manager.

Actually we need a Campus Manager (Academics Section Manager) too. Then manageUniversity should be renamed to manageAcademics.

Property svn:eol-style set to native

File size: 5.3 KB

Line
1	import grok
2	from zope.component import getUtilitiesFor
3	from zope.interface import Interface
4	from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5	from waeup.sirp.interfaces import ILocalRolesAssignable
6
7	class Public(grok.Permission):
8	"""Everyone-can-do-this-permission.
9
10	This permission is meant to be applied to objects/views/pages
11	etc., that should be usable/readable by everyone.
12
13	We need this to be able to tune default permissions more
14	restrictive and open up some dedicated objects like the front
15	page.
16	"""
17	grok.name('waeup.Public')
18
19	class Anonymous(grok.Permission):
20	"""Only-anonymous-can-do-this-permission.
21	"""
22	grok.name('waeup.Anonymous')
23
24	class ViewPermission(grok.Permission):
25	grok.name('waeup.View')
26
27	class ManageUniversity(grok.Permission):
28	grok.name('waeup.manageUniversity')
29
30	class ManageUsers(grok.Permission):
31	grok.name('waeup.manageUsers')
32
33	class ManageDataCenter(grok.Permission):
34	grok.name('waeup.manageDataCenter')
35
36	class ManagePortalSettings(grok.Permission):
37	grok.name('waeup.managePortalSettings')
38
39	class ViewStudents(grok.Permission):
40	grok.name('waeup.viewStudents')
41
42	# Local Roles
43	class DepartmentOfficer(grok.Role):
44	grok.name('waeup.local.DepartmentOfficer')
45	grok.title(u'Department Officer')
46	grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
47
48	# Global Roles
49	class PortalUser(grok.Role):
50	grok.name('waeup.PortalUser')
51	grok.title(u'Portal User')
52	grok.permissions('waeup.View', 'waeup.Public')
53
54	class PortalManager(grok.Role):
55	grok.name('waeup.PortalManager')
56	grok.title(u'Portal Manager')
57	grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
58	'waeup.View', 'waeup.Public','waeup.manageACBatches',
59	'waeup.manageDataCenter','waeup.managePortalSettings',
60	'waeup.manageApplications', 'waeup.handleApplication')
61
62	def getRoles():
63	"""Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
64	"""
65	return getUtilitiesFor(IRole)
66
67	def getWAeUPRoles(also_local=False):
68	"""Get all WAeUP roles.
69
70	WAeUP roles are ordinary roles whose id by convention starts with
71	a ``waeup.`` prefix.
72
73	If `also_local` is ``True`` (``False`` by default), also local
74	roles are returned. Local WAeUP roles are such whose id starts
75	with ``waeup.local.`` prefix (this is also a convention).
76
77	Returns a generator of the found roles.
78	"""
79	for name, item in getRoles():
80	if not name.startswith('waeup.'):
81	# Ignore non-WAeUP roles...
82	continue
83	if not also_local and name.startswith('waeup.local.'):
84	# Ignore local roles...
85	continue
86	yield item
87
88	def getWAeUPRoleNames():
89	"""Get the ids of all WAeUP roles.
90
91	See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
92
93	This function returns a sorted list of WAeUP role names.
94	"""
95	return sorted([x.id for x in getWAeUPRoles()])
96
97
98	class LocalRolesAssignable(grok.Adapter):
99	"""Default implementation for `ILocalRolesAssignable`.
100
101	This adapter returns a list for dictionaries for objects for which
102	we want to know the roles assignable to them locally.
103
104	The returned dicts contain a ``name`` and a ``title`` entry which
105	give a role (``name``) and a description, for which kind of users
106	the permission is meant to be used (``title``).
107
108	Having this adapter registered we make sure, that for each normal
109	object we get a valid `ILocalRolesAssignable` adapter.
110
111	Objects that want to offer certain local roles, can do so by
112	setting a (preferably class-) attribute to a list of role ids.
113
114	You can also define different adapters for different contexts to
115	have different role lookup mechanisms become available. But in
116	normal cases it should be sufficient to use this basic adapter.
117	"""
118	grok.context(Interface)
119	grok.provides(ILocalRolesAssignable)
120
121	_roles = []
122
123	def __init__(self, context):
124	self.context = context
125	role_ids = getattr(context, 'local_roles', self._roles)
126	self._roles = [(name, role) for name, role in getRoles()
127	if name in role_ids]
128	return
129
130	def __call__(self):
131	"""Get a list of dictionaries containing ``names`` (the roles to
132	assign) and ``titles`` (some description of the type of user
133	to assign each role to).
134	"""
135	return [
136	dict(
137	name=name,
138	title=role.title,
139	description=role.description)
140	for name, role in self._roles]
141
142	def get_users_with_local_roles(context):
143	"""Get a list of dicts representing the local roles set for `context`.
144
145	Each dict returns `user_name`, `user_title`, `local_role`,
146	`local_role_title`, and `setting` for each entry in the local
147	roles map of the `context` object.
148	"""
149	role_map = IPrincipalRoleMap(context)
150	for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
151	user = grok.getSite()['users'].get(user_name,None)
152	user_title = getattr(user, 'description', user_name)
153	local_role_title = dict(getRoles())[local_role].title
154	yield dict(user_name = user_name,
155	user_title = user_title,
156	local_role = local_role,
157	local_role_title = local_role_title,
158	setting = setting)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: