| 1 | SIRP permissions and roles |
|---|
| 2 | ************************** |
|---|
| 3 | |
|---|
| 4 | Permissions and roles used in a SIRP portal. |
|---|
| 5 | |
|---|
| 6 | .. :doctest: |
|---|
| 7 | .. :layer: waeup.sirp.testing.SIRPUnitTestLayer |
|---|
| 8 | |
|---|
| 9 | Convenience functions |
|---|
| 10 | ===================== |
|---|
| 11 | |
|---|
| 12 | :mod:`waeup.sirp` offers some convenience functions to handle security |
|---|
| 13 | roles. |
|---|
| 14 | |
|---|
| 15 | :func:`get_all_roles` |
|---|
| 16 | --------------------- |
|---|
| 17 | |
|---|
| 18 | Gives us all roles defined in SIRP. We get tuples of |
|---|
| 19 | kind |
|---|
| 20 | |
|---|
| 21 | ``(<ROLE-NAME>, <ROLE>)`` |
|---|
| 22 | |
|---|
| 23 | where ``<ROLE-NAME>`` is the name under which a role was registered |
|---|
| 24 | with the ZCA (a string) and ``<ROLE>`` is the real role object. |
|---|
| 25 | |
|---|
| 26 | >>> from waeup.sirp.permissions import get_all_roles |
|---|
| 27 | >>> get_all_roles() |
|---|
| 28 | <generator object...at 0x...> |
|---|
| 29 | |
|---|
| 30 | >>> sorted(list(get_all_roles())) |
|---|
| 31 | [(u'waeup.ACManager', <waeup.sirp.permissions.ACManager object at 0x...] |
|---|
| 32 | |
|---|
| 33 | :func:`get_waeup_roles` |
|---|
| 34 | ----------------------- |
|---|
| 35 | |
|---|
| 36 | Gives us all roles, except the SIRP specific roles. We can get a list |
|---|
| 37 | with or without local roles: |
|---|
| 38 | |
|---|
| 39 | >>> from waeup.sirp.permissions import get_waeup_roles |
|---|
| 40 | >>> len(list(get_waeup_roles())) |
|---|
| 41 | 10 |
|---|
| 42 | |
|---|
| 43 | >>> len(list(get_waeup_roles(also_local=True))) |
|---|
| 44 | 16 |
|---|
| 45 | |
|---|
| 46 | |
|---|
| 47 | :func:`get_waeup_role_names` |
|---|
| 48 | ---------------------------- |
|---|
| 49 | |
|---|
| 50 | We can get all role names defined in SIRP (except 'local' |
|---|
| 51 | roles that are meant not to be assigned globally): |
|---|
| 52 | |
|---|
| 53 | >>> from waeup.sirp.permissions import get_waeup_role_names |
|---|
| 54 | >>> list(get_waeup_role_names()) |
|---|
| 55 | [u'waeup.ACManager', u'waeup.AcademicsOfficer', |
|---|
| 56 | u'waeup.AccommodationOfficer', u'waeup.Applicant', |
|---|
| 57 | u'waeup.ApplicationsOfficer', |
|---|
| 58 | u'waeup.PortalManager', u'waeup.Student', |
|---|
| 59 | u'waeup.StudentsClearanceOfficer', u'waeup.StudentsManager', |
|---|
| 60 | u'waeup.StudentsOfficer'] |
|---|
| 61 | |
|---|
| 62 | :func:`get_users_with_local_roles` |
|---|
| 63 | ---------------------------------- |
|---|
| 64 | |
|---|
| 65 | We can get all users and their roles for a certain context |
|---|
| 66 | object. This even works for objects that cannot have local roles as |
|---|
| 67 | they are not stored in the ZODB: |
|---|
| 68 | |
|---|
| 69 | >>> from waeup.sirp.permissions import get_users_with_local_roles |
|---|
| 70 | >>> mycontext = object() |
|---|
| 71 | >>> people_and_roles = get_users_with_local_roles(mycontext) |
|---|
| 72 | >>> people_and_roles |
|---|
| 73 | <generator object...at 0x...> |
|---|
| 74 | |
|---|
| 75 | In this case, the result is empty: |
|---|
| 76 | |
|---|
| 77 | >>> people_and_roles = list(people_and_roles) |
|---|
| 78 | >>> people_and_roles |
|---|
| 79 | [] |
|---|
