| 1 | WAeUP permissions and roles |
|---|
| 2 | *************************** |
|---|
| 3 | |
|---|
| 4 | Permissions and roles used in a WAeUP portal. |
|---|
| 5 | |
|---|
| 6 | .. :doctest: |
|---|
| 7 | .. :layer: waeup.sirp.testing.WAeUPSIRPUnitTestLayer |
|---|
| 8 | |
|---|
| 9 | Convenience functions |
|---|
| 10 | ===================== |
|---|
| 11 | |
|---|
| 12 | :mod:`waeup.sirp` offers some convenience functions to handle security |
|---|
| 13 | roles. |
|---|
| 14 | |
|---|
| 15 | :func:`getRoles` |
|---|
| 16 | ---------------- |
|---|
| 17 | |
|---|
| 18 | Gives us all roles defined in a WAeUP SIRP portal. We get tuples of |
|---|
| 19 | kind |
|---|
| 20 | |
|---|
| 21 | ``(<ROLE-NAME>, <ROLE>)`` |
|---|
| 22 | |
|---|
| 23 | where ``<ROLE-NAME>`` is the name under which a role was registered |
|---|
| 24 | with the ZCA (a string) and ``<ROLE>`` is the real role object. |
|---|
| 25 | |
|---|
| 26 | >>> from waeup.sirp.permissions import getRoles |
|---|
| 27 | >>> getRoles() |
|---|
| 28 | <generator object...at 0x...> |
|---|
| 29 | |
|---|
| 30 | >>> sorted(list(getRoles())) |
|---|
| 31 | [(u'waeup.AccommodationOfficer', <waeup.sirp.hostels.permissions.AccommodationOfficer object at 0x...] |
|---|
| 32 | |
|---|
| 33 | :func:`getWAeUPRoles` |
|---|
| 34 | --------------------- |
|---|
| 35 | |
|---|
| 36 | Gives us all roles, except the WAeUP specific roles. We can get a list |
|---|
| 37 | with or without local roles: |
|---|
| 38 | |
|---|
| 39 | >>> from waeup.sirp.permissions import getWAeUPRoles |
|---|
| 40 | >>> len(list(getWAeUPRoles())) |
|---|
| 41 | 8 |
|---|
| 42 | |
|---|
| 43 | >>> len(list(getWAeUPRoles(also_local=True))) |
|---|
| 44 | 13 |
|---|
| 45 | |
|---|
| 46 | |
|---|
| 47 | :func:`getRoleNames` |
|---|
| 48 | -------------------- |
|---|
| 49 | |
|---|
| 50 | We can get all role names defined in a WAeUP portal (except 'local' |
|---|
| 51 | roles that are meant not to be assigned globally): |
|---|
| 52 | |
|---|
| 53 | >>> from waeup.sirp.permissions import getWAeUPRoleNames |
|---|
| 54 | >>> list(getWAeUPRoleNames()) |
|---|
| 55 | [u'waeup.AccommodationOfficer', u'waeup.ApplicationsOfficer', |
|---|
| 56 | u'waeup.PortalManager', u'waeup.PortalUser', u'waeup.Student', |
|---|
| 57 | u'waeup.StudentsClearanceOfficer', u'waeup.StudentsManager', |
|---|
| 58 | u'waeup.StudentsOfficer'] |
|---|
| 59 | |
|---|
| 60 | :func:`get_users_with_local_roles` |
|---|
| 61 | ---------------------------------- |
|---|
| 62 | |
|---|
| 63 | We can get all users and their roles for a certain context |
|---|
| 64 | object. This even works for objects that cannot have local roles as |
|---|
| 65 | they are not stored in the ZODB: |
|---|
| 66 | |
|---|
| 67 | >>> from waeup.sirp.permissions import get_users_with_local_roles |
|---|
| 68 | >>> mycontext = object() |
|---|
| 69 | >>> people_and_roles = get_users_with_local_roles(mycontext) |
|---|
| 70 | >>> people_and_roles |
|---|
| 71 | <generator object...at 0x...> |
|---|
| 72 | |
|---|
| 73 | In this case, the result is empty: |
|---|
| 74 | |
|---|
| 75 | >>> people_and_roles = list(people_and_roles) |
|---|
| 76 | >>> people_and_roles |
|---|
| 77 | [] |
|---|
