source: main/waeup.sirp/trunk/src/waeup/sirp/permissions.txt @ 10009

Last change on this file since 10009 was 7334, checked in by Henrik Bettermann, 13 years ago

Implement local CourseAdviser? roles. These roles can be assigned in departments and certificates. There are 6 different roles, one for each study level. getRolesForPrincipal grants the additional waeup.StudentsCourseAdviser? role only if the current level of a student corresponds with the level number in the external role name.

To do: Assign local roles on CertificateManageFormPage?. Add browser tests.
File size: 2.2 KB
RevLine 
[7321]1SIRP permissions and roles
2**************************
[4127]3
[7321]4Permissions and roles used in a SIRP portal.
[4127]5
[5140]6.. :doctest:
[7321]7.. :layer: waeup.sirp.testing.SIRPUnitTestLayer
[4127]8
[6157]9Convenience functions
10=====================
[4127]11
[6157]12:mod:`waeup.sirp` offers some convenience functions to handle security
13roles.
14
[7186]15:func:`get_all_roles`
16---------------------
[6157]17
[7321]18Gives us all roles defined in SIRP. We get tuples of
[6157]19kind
20
21  ``(<ROLE-NAME>, <ROLE>)``
22
23where ``<ROLE-NAME>`` is the name under which a role was registered
24with the ZCA (a string) and ``<ROLE>`` is the real role object.
25
[7186]26    >>> from waeup.sirp.permissions import get_all_roles
27    >>> get_all_roles()
[6333]28    <generator object...at 0x...>
[4127]29
[7186]30    >>> sorted(list(get_all_roles()))
[7181]31    [(u'waeup.ACManager', <waeup.sirp.permissions.ACManager object at 0x...]
[6157]32
[7186]33:func:`get_waeup_roles`
34-----------------------
[6157]35
[7321]36Gives us all roles, except the SIRP specific roles. We can get a list
[6157]37with or without local roles:
38
[7186]39    >>> from waeup.sirp.permissions import get_waeup_roles
40    >>> len(list(get_waeup_roles()))
[7334]41    11
[6157]42
[7186]43    >>> len(list(get_waeup_roles(also_local=True)))
[7334]44    22
[6157]45
46
[7186]47:func:`get_waeup_role_names`
48----------------------------
[6157]49
[7321]50We can get all role names defined in SIRP (except 'local'
[6157]51roles that are meant not to be assigned globally):
52
[7186]53    >>> from waeup.sirp.permissions import get_waeup_role_names
54    >>> list(get_waeup_role_names())
[7334]55    [u'waeup.ACManager',
56     u'waeup.AcademicsOfficer',
57     u'waeup.AccommodationOfficer',
58     u'waeup.Applicant',
[7168]59     u'waeup.ApplicationsOfficer',
[7334]60     u'waeup.PortalManager',
61     u'waeup.Student',
62     u'waeup.StudentsClearanceOfficer',
63     u'waeup.StudentsCourseAdviser',
64     u'waeup.StudentsManager',
[7154]65     u'waeup.StudentsOfficer']
[6202]66
67:func:`get_users_with_local_roles`
68----------------------------------
69
70We can get all users and their roles for a certain context
71object. This even works for objects that cannot have local roles as
72they are not stored in the ZODB:
73
74    >>> from waeup.sirp.permissions import get_users_with_local_roles
75    >>> mycontext = object()
76    >>> people_and_roles = get_users_with_local_roles(mycontext)
77    >>> people_and_roles
[6333]78    <generator object...at 0x...>
[6202]79
80In this case, the result is empty:
81
82    >>> people_and_roles = list(people_and_roles)
83    >>> people_and_roles
84    []
Note: See TracBrowser for help on using the repository browser.