source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7178

Last change on this file since 7178 was 7178, checked in by Henrik Bettermann, 13 years ago

Let's be more precise: Global roles actually are site roles. Since the user does not understand the term 'site' we should use the term 'portal' in the UI instead. Now we have portal (site) roles, local roles and dynamic roles.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 6.2 KB
Line 
1import grok
2from zope.component import getUtilitiesFor
3from zope.interface import Interface
4from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
5from waeup.sirp.interfaces import ILocalRolesAssignable
6from waeup.sirp.utils.helpers import get_user_account
7
8class Public(grok.Permission):
9    """Everyone-can-do-this-permission.
10
11    This permission is meant to be applied to objects/views/pages
12    etc., that should be usable/readable by everyone.
13
14    We need this to be able to tune default permissions more
15    restrictive and open up some dedicated objects like the front
16    page.
17    """
18    grok.name('waeup.Public')
19
20class Anonymous(grok.Permission):
21    """Only-anonymous-can-do-this-permission.
22    """
23    grok.name('waeup.Anonymous')
24
25class ViewPermission(grok.Permission):
26    grok.name('waeup.View')
27
28class ManageUniversity(grok.Permission):
29    grok.name('waeup.manageUniversity')
30
31class ManageUsers(grok.Permission):
32    grok.name('waeup.manageUsers')
33
34class EditUser(grok.Permission):
35    grok.name('waeup.editUser')
36
37class ManageDataCenter(grok.Permission):
38    grok.name('waeup.manageDataCenter')
39
40class ManagePortalConfiguration(grok.Permission):
41    grok.name('waeup.managePortalConfiguration')
42
43# Local Roles
44class DepartmentOfficer(grok.Role):
45    grok.name('waeup.local.DepartmentOfficer')
46    grok.title(u'Department Officer')
47    grok.permissions('waeup.manageUniversity')
48
49
50class ClearanceOfficer(grok.Role):
51    """The clearance officer role is meant for the
52    assignment of dynamic roles only.
53    """
54    grok.name('waeup.local.ClearanceOfficer')
55    grok.title(u'Clearance Officer')
56
57class CourseAdviser(grok.Role):
58    """The course adviser role is meant for the
59    assignment of dynamic roles only.
60    """
61    grok.name('waeup.local.CourseAdviser')
62    grok.title(u'Course Adviser')
63
64class Owner(grok.Role):
65    grok.name('waeup.local.Owner')
66    grok.title(u'Owner')
67    grok.permissions('waeup.editUser')
68
69# Site Roles
70class PortalUser(grok.Role):
71    grok.name('waeup.PortalUser')
72    grok.title(u'Portal User')
73    grok.permissions('waeup.View', 'waeup.Public')
74
75class PortalManager(grok.Role):
76    grok.name('waeup.PortalManager')
77    grok.title(u'Portal Manager')
78    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
79                     'waeup.View', 'waeup.Public','waeup.manageACBatches',
80                     'waeup.manageDataCenter','waeup.managePortalSettings',
81                     'waeup.managePortalConfiguration',
82                     'waeup.manageApplications', 'waeup.handleApplication',
83                     'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
84                     'waeup.uploadStudentFile',
85                     'waeup.viewHostels', 'waeup.manageHostels')
86
87def getAllRoles():
88    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
89    """
90    return getUtilitiesFor(IRole)
91
92def getWAeUPRoles(also_local=False):
93    """Get all WAeUP roles.
94
95    WAeUP roles are ordinary roles whose id by convention starts with
96    a ``waeup.`` prefix.
97
98    If `also_local` is ``True`` (``False`` by default), also local
99    roles are returned. Local WAeUP roles are such whose id starts
100    with ``waeup.local.`` prefix (this is also a convention).
101
102    Returns a generator of the found roles.
103    """
104    for name, item in getAllRoles():
105        if not name.startswith('waeup.'):
106            # Ignore non-WAeUP roles...
107            continue
108        if not also_local and name.startswith('waeup.local.'):
109            # Ignore local roles...
110            continue
111        yield item
112
113def getWAeUPRoleNames():
114    """Get the ids of all WAeUP roles.
115
116    See :func:`getWAeUPRoles` for what a 'WAeUPRole' is.
117
118    This function returns a sorted list of WAeUP role names.
119    """
120    return sorted([x.id for x in getWAeUPRoles()])
121
122class LocalRolesAssignable(grok.Adapter):
123    """Default implementation for `ILocalRolesAssignable`.
124
125    This adapter returns a list for dictionaries for objects for which
126    we want to know the roles assignable to them locally.
127
128    The returned dicts contain a ``name`` and a ``title`` entry which
129    give a role (``name``) and a description, for which kind of users
130    the permission is meant to be used (``title``).
131
132    Having this adapter registered we make sure, that for each normal
133    object we get a valid `ILocalRolesAssignable` adapter.
134
135    Objects that want to offer certain local roles, can do so by
136    setting a (preferably class-) attribute to a list of role ids.
137
138    You can also define different adapters for different contexts to
139    have different role lookup mechanisms become available. But in
140    normal cases it should be sufficient to use this basic adapter.
141    """
142    grok.context(Interface)
143    grok.provides(ILocalRolesAssignable)
144
145    _roles = []
146
147    def __init__(self, context):
148        self.context = context
149        role_ids = getattr(context, 'local_roles', self._roles)
150        self._roles = [(name, role) for name, role in getAllRoles()
151                       if name in role_ids]
152        return
153
154    def __call__(self):
155        """Get a list of dictionaries containing ``names`` (the roles to
156        assign) and ``titles`` (some description of the type of user
157        to assign each role to).
158        """
159        return [
160            dict(
161                name=name,
162                title=role.title,
163                description=role.description)
164            for name, role in self._roles]
165
166def get_users_with_local_roles(context):
167    """Get a list of dicts representing the local roles set for `context`.
168
169    Each dict returns `user_name`, `user_title`, `local_role`,
170    `local_role_title`, and `setting` for each entry in the local
171    roles map of the `context` object.
172    """
173    try:
174        role_map = IPrincipalRoleMap(context)
175    except TypeError:
176        # no map no roles.
177        raise StopIteration
178    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
179        user = grok.getSite()['users'].get(user_name,None)
180        user_title = getattr(user, 'description', user_name)
181        local_role_title = dict(getAllRoles())[local_role].title
182        yield dict(user_name = user_name,
183                   user_title = user_title,
184                   local_role = local_role,
185                   local_role_title = local_role_title,
186                   setting = setting)
Note: See TracBrowser for help on using the repository browser.