| [4127] | 1 | WAeUP permissions and roles |
|---|
| 2 | *************************** |
|---|
| 3 | |
|---|
| 4 | Permissions and roles used in a WAeUP portal. |
|---|
| 5 | |
|---|
| [5140] | 6 | .. :doctest: |
|---|
| 7 | .. :layer: waeup.sirp.testing.WAeUPSIRPUnitTestLayer |
|---|
| [4127] | 8 | |
|---|
| [6157] | 9 | Convenience functions |
|---|
| 10 | ===================== |
|---|
| [4127] | 11 | |
|---|
| [6157] | 12 | :mod:`waeup.sirp` offers some convenience functions to handle security |
|---|
| 13 | roles. |
|---|
| 14 | |
|---|
| 15 | :func:`getRoles` |
|---|
| 16 | ---------------- |
|---|
| 17 | |
|---|
| 18 | Gives us all roles defined in a WAeUP SIRP portal. We get tuples of |
|---|
| 19 | kind |
|---|
| 20 | |
|---|
| 21 | ``(<ROLE-NAME>, <ROLE>)`` |
|---|
| 22 | |
|---|
| 23 | where ``<ROLE-NAME>`` is the name under which a role was registered |
|---|
| 24 | with the ZCA (a string) and ``<ROLE>`` is the real role object. |
|---|
| 25 | |
|---|
| [4920] | 26 | >>> from waeup.sirp.permissions import getRoles |
|---|
| [4127] | 27 | >>> getRoles() |
|---|
| [6333] | 28 | <generator object...at 0x...> |
|---|
| [4127] | 29 | |
|---|
| [6157] | 30 | >>> sorted(list(getRoles())) |
|---|
| [6960] | 31 | [(u'waeup.AccommodationOfficer', <waeup.sirp.hostels.permissions.AccommodationOfficer object at 0x...] |
|---|
| [6157] | 32 | |
|---|
| 33 | :func:`getWAeUPRoles` |
|---|
| 34 | --------------------- |
|---|
| 35 | |
|---|
| 36 | Gives us all roles, except the WAeUP specific roles. We can get a list |
|---|
| 37 | with or without local roles: |
|---|
| 38 | |
|---|
| 39 | >>> from waeup.sirp.permissions import getWAeUPRoles |
|---|
| 40 | >>> len(list(getWAeUPRoles())) |
|---|
| [7168] | 41 | 9 |
|---|
| [6157] | 42 | |
|---|
| 43 | >>> len(list(getWAeUPRoles(also_local=True))) |
|---|
| [7168] | 44 | 15 |
|---|
| [6157] | 45 | |
|---|
| 46 | |
|---|
| 47 | :func:`getRoleNames` |
|---|
| 48 | -------------------- |
|---|
| 49 | |
|---|
| 50 | We can get all role names defined in a WAeUP portal (except 'local' |
|---|
| 51 | roles that are meant not to be assigned globally): |
|---|
| 52 | |
|---|
| 53 | >>> from waeup.sirp.permissions import getWAeUPRoleNames |
|---|
| 54 | >>> list(getWAeUPRoleNames()) |
|---|
| [7168] | 55 | [u'waeup.AccommodationOfficer', u'waeup.Applicant', |
|---|
| 56 | u'waeup.ApplicationsOfficer', |
|---|
| [7154] | 57 | u'waeup.PortalManager', u'waeup.PortalUser', u'waeup.Student', |
|---|
| 58 | u'waeup.StudentsClearanceOfficer', u'waeup.StudentsManager', |
|---|
| 59 | u'waeup.StudentsOfficer'] |
|---|
| [6202] | 60 | |
|---|
| 61 | :func:`get_users_with_local_roles` |
|---|
| 62 | ---------------------------------- |
|---|
| 63 | |
|---|
| 64 | We can get all users and their roles for a certain context |
|---|
| 65 | object. This even works for objects that cannot have local roles as |
|---|
| 66 | they are not stored in the ZODB: |
|---|
| 67 | |
|---|
| 68 | >>> from waeup.sirp.permissions import get_users_with_local_roles |
|---|
| 69 | >>> mycontext = object() |
|---|
| 70 | >>> people_and_roles = get_users_with_local_roles(mycontext) |
|---|
| 71 | >>> people_and_roles |
|---|
| [6333] | 72 | <generator object...at 0x...> |
|---|
| [6202] | 73 | |
|---|
| 74 | In this case, the result is empty: |
|---|
| 75 | |
|---|
| 76 | >>> people_and_roles = list(people_and_roles) |
|---|
| 77 | >>> people_and_roles |
|---|
| 78 | [] |
|---|
