source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 6675

Last change on this file since 6675 was 6655, checked in by Henrik Bettermann, 13 years ago

The student section gets its own permissions module. Define new local and global roles (Students Officer, Clearance Officer & Course Adviser).

  • Property svn:eol-style set to native
File size: 5.8 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalSettings(grok.Permission):
37    grok.name('waeup.managePortalSettings')
38
39# Local Roles
40class DepartmentOfficer(grok.Role):
41    grok.name('waeup.local.DepartmentOfficer')
42    grok.title(u'Department Officer')
43    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
44
45class ClearanceOfficer(grok.Role):
46    grok.name('waeup.local.ClearanceOfficer')
47    grok.title(u'Clearance Officer')
48    # to be further defined
49    grok.permissions('waeup.View', 'waeup.Public')
50
51class CourseAdviser(grok.Role):
52    grok.name('waeup.local.CourseAdviser')
53    grok.title(u'Course Adviser')
54    # to be further defined
55    grok.permissions('waeup.View', 'waeup.Public')
56
57# Global Roles
58class PortalUser(grok.Role):
59    grok.name('waeup.PortalUser')
60    grok.title(u'Portal User')
61    grok.permissions('waeup.View', 'waeup.Public')
62
63class PortalManager(grok.Role):
64    grok.name('waeup.PortalManager')
65    grok.title(u'Portal Manager')
66    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
67                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
68                     'waeup.manageDataCenter','waeup.managePortalSettings',
69                     'waeup.manageApplications', 'waeup.handleApplication',
70                     'waeup.viewStudents', 'waeup.manageStudents')
71
72def getRoles():
73    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
74    """
75    return getUtilitiesFor(IRole)
76
77def getWAeUPRoles(also_local=False):
78    """Get all WAeUP roles.
79
80    WAeUP roles are ordinary roles whose id by convention starts with
81    a ``waeup.`` prefix.
82
83    If `also_local` is ``True`` (``False`` by default), also local
84    roles are returned. Local WAeUP roles are such whose id starts
85    with ``waeup.local.`` prefix (this is also a convention).
86
87    Returns a generator of the found roles.
88    """
89    for name, item in getRoles():
90        if not name.startswith('waeup.'):
91            # Ignore non-WAeUP roles...
92            continue
93        if not also_local and name.startswith('waeup.local.'):
94            # Ignore local roles...
95            continue
96        yield item
97
98def getWAeUPRoleNames():
99    """Get the ids of all WAeUP roles.
100
101    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
102
103    This function returns a sorted list of WAeUP role names.
104    """
105    return sorted([x.id for x in getWAeUPRoles()])
106
107
108class LocalRolesAssignable(grok.Adapter):
109    """Default implementation for `ILocalRolesAssignable`.
110
111    This adapter returns a list for dictionaries for objects for which
112    we want to know the roles assignable to them locally.
113
114    The returned dicts contain a ``name`` and a ``title`` entry which
115    give a role (``name``) and a description, for which kind of users
116    the permission is meant to be used (``title``).
117
118    Having this adapter registered we make sure, that for each normal
119    object we get a valid `ILocalRolesAssignable` adapter.
120
121    Objects that want to offer certain local roles, can do so by
122    setting a (preferably class-) attribute to a list of role ids.
123
124    You can also define different adapters for different contexts to
125    have different role lookup mechanisms become available. But in
126    normal cases it should be sufficient to use this basic adapter.
127    """
128    grok.context(Interface)
129    grok.provides(ILocalRolesAssignable)
130
131    _roles = []
132
133    def __init__(self, context):
134        self.context = context
135        role_ids = getattr(context, 'local_roles', self._roles)
136        self._roles = [(name, role) for name, role in getRoles()
137                       if name in role_ids]
138        return
139
140    def __call__(self):
141        """Get a list of dictionaries containing ``names`` (the roles to
142        assign) and ``titles`` (some description of the type of user
143        to assign each role to).
144        """
145        return [
146            dict(
147                name=name,
148                title=role.title,
149                description=role.description)
150            for name, role in self._roles]
151
152def get_users_with_local_roles(context):
153    """Get a list of dicts representing the local roles set for `context`.
154
155    Each dict returns `user_name`, `user_title`, `local_role`,
156    `local_role_title`, and `setting` for each entry in the local
157    roles map of the `context` object.
158    """
159    try:
160        role_map = IPrincipalRoleMap(context)
161    except TypeError:
162        # no map no roles.
163        raise StopIteration
164    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
165        user = grok.getSite()['users'].get(user_name,None)
166        user_title = getattr(user, 'description', user_name)
167        local_role_title = dict(getRoles())[local_role].title
168        yield dict(user_name = user_name,
169                   user_title = user_title,
170                   local_role = local_role,
171                   local_role_title = local_role_title,
172                   setting = setting)
Note: See TracBrowser for help on using the repository browser.