source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.py @ 7323

Last change on this file since 7323 was 7321, checked in by Henrik Bettermann, 13 years ago

Replace the term 'WAeUP' by SIRP which is a WAeUP product.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 7.8 KB
Line 
1## $Id: permissions.py 7321 2011-12-10 06:15:17Z henrik $
2##
3## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
4## This program is free software; you can redistribute it and/or modify
5## it under the terms of the GNU General Public License as published by
6## the Free Software Foundation; either version 2 of the License, or
7## (at your option) any later version.
8##
9## This program is distributed in the hope that it will be useful,
10## but WITHOUT ANY WARRANTY; without even the implied warranty of
11## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12## GNU General Public License for more details.
13##
14## You should have received a copy of the GNU General Public License
15## along with this program; if not, write to the Free Software
16## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17##
18import grok
19from zope.component import getUtilitiesFor
20from zope.interface import Interface
21from zope.securitypolicy.interfaces import IRole, IPrincipalRoleMap
22from waeup.sirp.interfaces import ILocalRolesAssignable
23
24class Public(grok.Permission):
25    """Everyone-can-do-this-permission.
26
27    This permission is meant to be applied to objects/views/pages
28    etc., that should be usable/readable by everyone.
29
30    We need this to be able to tune default permissions more
31    restrictive and open up some dedicated objects like the front
32    page.
33    """
34    grok.name('waeup.Public')
35
36class Anonymous(grok.Permission):
37    """Only-anonymous-can-do-this-permission.
38    """
39    grok.name('waeup.Anonymous')
40
41class Authenticated(grok.Permission):
42    """Only-logged-in-users-can-do-this-permission.
43    """
44    grok.name('waeup.Authenticated')
45
46class ViewAcademicsPermission(grok.Permission):
47    grok.name('waeup.viewAcademics')
48
49class ManageUniversity(grok.Permission):
50    grok.name('waeup.manageUniversity')
51
52class ManageUsers(grok.Permission):
53    grok.name('waeup.manageUsers')
54
55class ShowStudents(grok.Permission):
56    grok.name('waeup.showStudents')
57
58class EditUser(grok.Permission):
59    grok.name('waeup.editUser')
60
61class ManageDataCenter(grok.Permission):
62    grok.name('waeup.manageDataCenter')
63
64class ManagePortalConfiguration(grok.Permission):
65    grok.name('waeup.managePortalConfiguration')
66
67class ManageACBatches(grok.Permission):
68    grok.name('waeup.manageACBatches')
69
70# Local Roles
71class DepartmentManager(grok.Role):
72    grok.name('waeup.local.DepartmentManager')
73    grok.title(u'Department Manager')
74    grok.permissions('waeup.manageUniversity','waeup.showStudents')
75
76class ClearanceOfficer(grok.Role):
77    """The clearance officer role is meant for the
78    assignment of dynamic roles only.
79    """
80    grok.name('waeup.local.ClearanceOfficer')
81    grok.title(u'Clearance Officer')
82    grok.permissions('waeup.showStudents', 'waeup.viewAcademics')
83
84class CourseAdviser(grok.Role):
85    """The course adviser role is meant for the
86    assignment of dynamic roles only.
87    """
88    grok.name('waeup.local.CourseAdviser')
89    grok.title(u'Course Adviser')
90    grok.permissions('waeup.showStudents')
91
92class Owner(grok.Role):
93    grok.name('waeup.local.Owner')
94    grok.title(u'Owner')
95    grok.permissions('waeup.editUser')
96
97# Site Roles
98class AcademicsOfficer(grok.Role):
99    grok.name('waeup.AcademicsOfficer')
100    grok.title(u'Academics Officer (view only)')
101    grok.permissions('waeup.viewAcademics')
102
103class ACManager(grok.Role):
104    grok.name('waeup.ACManager')
105    grok.title(u'Access Code Manager')
106    grok.permissions('waeup.manageACBatches')
107
108class PortalManager(grok.Role):
109    grok.name('waeup.PortalManager')
110    grok.title(u'Portal Manager')
111    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
112                     'waeup.viewAcademics', 'waeup.manageACBatches',
113                     'waeup.manageDataCenter','waeup.managePortalSettings',
114                     'waeup.managePortalConfiguration', 'waeup.viewApplication',
115                     'waeup.manageApplication', 'waeup.handleApplication',
116                     'waeup.viewApplicantsTab', 'waeup.payApplicant',
117                     'waeup.viewStudent', 'waeup.manageStudent',
118                     'waeup.clearStudent', 'waeup.payStudent',
119                     'waeup.uploadStudentFile', 'waeup.showStudents',
120                     'waeup.viewStudentsContainer','waeup.viewStudentsTab',
121                     'waeup.viewHostels', 'waeup.manageHostels',
122                     )
123
124def get_all_roles():
125    """Return a list of tuples ``<ROLE-NAME>, <ROLE>``.
126    """
127    return getUtilitiesFor(IRole)
128
129def get_waeup_roles(also_local=False):
130    """Get all SIRP roles.
131
132    SIRP roles are ordinary roles whose id by convention starts with
133    a ``waeup.`` prefix.
134
135    If `also_local` is ``True`` (``False`` by default), also local
136    roles are returned. Local SIRP roles are such whose id starts
137    with ``waeup.local.`` prefix (this is also a convention).
138
139    Returns a generator of the found roles.
140    """
141    for name, item in get_all_roles():
142        if not name.startswith('waeup.'):
143            # Ignore non-SIRP roles...
144            continue
145        if not also_local and name.startswith('waeup.local.'):
146            # Ignore local roles...
147            continue
148        yield item
149
150def get_waeup_role_names():
151    """Get the ids of all SIRP roles.
152
153    See :func:`get_waeup_roles` for what a 'SIRPRole' is.
154
155    This function returns a sorted list of SIRP role names.
156    """
157    return sorted([x.id for x in get_waeup_roles()])
158
159class LocalRolesAssignable(grok.Adapter):
160    """Default implementation for `ILocalRolesAssignable`.
161
162    This adapter returns a list for dictionaries for objects for which
163    we want to know the roles assignable to them locally.
164
165    The returned dicts contain a ``name`` and a ``title`` entry which
166    give a role (``name``) and a description, for which kind of users
167    the permission is meant to be used (``title``).
168
169    Having this adapter registered we make sure, that for each normal
170    object we get a valid `ILocalRolesAssignable` adapter.
171
172    Objects that want to offer certain local roles, can do so by
173    setting a (preferably class-) attribute to a list of role ids.
174
175    You can also define different adapters for different contexts to
176    have different role lookup mechanisms become available. But in
177    normal cases it should be sufficient to use this basic adapter.
178    """
179    grok.context(Interface)
180    grok.provides(ILocalRolesAssignable)
181
182    _roles = []
183
184    def __init__(self, context):
185        self.context = context
186        role_ids = getattr(context, 'local_roles', self._roles)
187        self._roles = [(name, role) for name, role in get_all_roles()
188                       if name in role_ids]
189        return
190
191    def __call__(self):
192        """Get a list of dictionaries containing ``names`` (the roles to
193        assign) and ``titles`` (some description of the type of user
194        to assign each role to).
195        """
196        return [
197            dict(
198                name=name,
199                title=role.title,
200                description=role.description)
201            for name, role in self._roles]
202
203def get_users_with_local_roles(context):
204    """Get a list of dicts representing the local roles set for `context`.
205
206    Each dict returns `user_name`, `user_title`, `local_role`,
207    `local_role_title`, and `setting` for each entry in the local
208    roles map of the `context` object.
209    """
210    try:
211        role_map = IPrincipalRoleMap(context)
212    except TypeError:
213        # no map no roles.
214        raise StopIteration
215    for local_role, user_name, setting in role_map.getPrincipalsAndRoles():
216        user = grok.getSite()['users'].get(user_name,None)
217        user_title = getattr(user, 'title', user_name)
218        local_role_title = dict(get_all_roles())[local_role].title
219        yield dict(user_name = user_name,
220                   user_title = user_title,
221                   local_role = local_role,
222                   local_role_title = local_role_title,
223                   setting = setting)
Note: See TracBrowser for help on using the repository browser.