source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7034

Last change on this file since 7034 was 6907, checked in by Henrik Bettermann, 13 years ago

Implement a configuration container. Transfer attributes from University class to ConfigurationContainer? class.

  • Property svn:eol-style set to native
File size: 5.8 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6
7class Public(grok.Permission):
8    """Everyone-can-do-this-permission.
9
10    This permission is meant to be applied to objects/views/pages
11    etc., that should be usable/readable by everyone.
12
13    We need this to be able to tune default permissions more
14    restrictive and open up some dedicated objects like the front
15    page.
16    """
17    grok.name('waeup.Public')
18
19class Anonymous(grok.Permission):
20    """Only-anonymous-can-do-this-permission.
21    """
22    grok.name('waeup.Anonymous')
23
24class ViewPermission(grok.Permission):
25    grok.name('waeup.View')
26
27class ManageUniversity(grok.Permission):
28    grok.name('waeup.manageUniversity')
29
30class ManageUsers(grok.Permission):
31    grok.name('waeup.manageUsers')
32
33class ManageDataCenter(grok.Permission):
34    grok.name('waeup.manageDataCenter')
35
36class ManagePortalConfiguration(grok.Permission):
37    grok.name('waeup.managePortalConfiguration')
38
39# Local Roles
40class DepartmentOfficer(grok.Role):
41    grok.name('waeup.local.DepartmentOfficer')
42    grok.title(u'Department Officer')
43    grok.permissions('waeup.manageUniversity','waeup.View', 'waeup.Public')
44
45class ClearanceOfficer(grok.Role):
46    grok.name('waeup.local.ClearanceOfficer')
47    grok.title(u'Clearance Officer')
48    # to be further defined
49    grok.permissions('waeup.View', 'waeup.Public')
50
51class CourseAdviser(grok.Role):
52    grok.name('waeup.local.CourseAdviser')
53    grok.title(u'Course Adviser')
54    # to be further defined
55    grok.permissions('waeup.View', 'waeup.Public')
56
57# Global Roles
58class PortalUser(grok.Role):
59    grok.name('waeup.PortalUser')
60    grok.title(u'Portal User')
61    grok.permissions('waeup.View', 'waeup.Public')
62
63class PortalManager(grok.Role):
64    grok.name('waeup.PortalManager')
65    grok.title(u'Portal Manager')
66    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
67                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
68                     'waeup.manageDataCenter','waeup.managePortalSettings',
69                     'waeup.managePortalConfiguration',
70                     'waeup.manageApplications', 'waeup.handleApplication',
71                     'waeup.viewStudents', 'waeup.manageStudents')
72
73def getRoles():
74    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
75    """
76    return getUtilitiesFor(IRole)
77
78def getWAeUPRoles(also_local=False):
79    """Get all WAeUP roles.
80
81    WAeUP roles are ordinary roles whose id by convention starts with
82    a ``waeup.`` prefix.
83
84    If `also_local` is ``True`` (``False`` by default), also local
85    roles are returned. Local WAeUP roles are such whose id starts
86    with ``waeup.local.`` prefix (this is also a convention).
87
88    Returns a generator of the found roles.
89    """
90    for name, item in getRoles():
91        if not name.startswith('waeup.'):
92            # Ignore non-WAeUP roles...
93            continue
94        if not also_local and name.startswith('waeup.local.'):
95            # Ignore local roles...
96            continue
97        yield item
98
99def getWAeUPRoleNames():
100    """Get the ids of all WAeUP roles.
101
102    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
103
104    This function returns a sorted list of WAeUP role names.
105    """
106    return sorted([x.id for x in getWAeUPRoles()])
107
108
109class LocalRolesAssignable(grok.Adapter):
110    """Default implementation for `ILocalRolesAssignable`.
111
112    This adapter returns a list for dictionaries for objects for which
113    we want to know the roles assignable to them locally.
114
115    The returned dicts contain a ``name`` and a ``title`` entry which
116    give a role (``name``) and a description, for which kind of users
117    the permission is meant to be used (``title``).
118
119    Having this adapter registered we make sure, that for each normal
120    object we get a valid `ILocalRolesAssignable` adapter.
121
122    Objects that want to offer certain local roles, can do so by
123    setting a (preferably class-) attribute to a list of role ids.
124
125    You can also define different adapters for different contexts to
126    have different role lookup mechanisms become available. But in
127    normal cases it should be sufficient to use this basic adapter.
128    """
129    grok.context(Interface)
130    grok.provides(ILocalRolesAssignable)
131
132    _roles = []
133
134    def __init__(self, context):
135        self.context = context
136        role_ids = getattr(context, 'local_roles', self._roles)
137        self._roles = [(name, role) for name, role in getRoles()
138                       if name in role_ids]
139        return
140
141    def __call__(self):
142        """Get a list of dictionaries containing ``names`` (the roles to
143        assign) and ``titles`` (some description of the type of user
144        to assign each role to).
145        """
146        return [
147            dict(
148                name=name,
149                title=role.title,
150                description=role.description)
151            for name, role in self._roles]
152
153def get_users_with_local_roles(context):
154    """Get a list of dicts representing the local roles set for `context`.
155
156    Each dict returns `user_name`, `user_title`, `local_role`,
157    `local_role_title`, and `setting` for each entry in the local
158    roles map of the `context` object.
159    """
160    try:
161        role_map = IPrincipalRoleMap(context)
162    except TypeError:
163        # no map no roles.
164        raise StopIteration
165    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
166        user = grok.getSite()['users'].get(user_name,None)
167        user_title = getattr(user, 'description', user_name)
168        local_role_title = dict(getRoles())[local_role].title
169        yield dict(user_name = user_name,
170                   user_title = user_title,
171                   local_role = local_role,
172                   local_role_title = local_role_title,
173                   setting = setting)
Note: See TracBrowser for help on using the repository browser.