- Timestamp:
- 31 Mar 2015, 14:50:49 (10 years ago)
- Location:
- main/waeup.kofa/trunk/src/waeup/kofa
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py
r12586 r12835 1106 1106 ) 1107 1107 ) 1108 available_fields = sorted(available_fields, key=lambda k: k['f_name']) 1108 available_fields = sorted(available_fields, key=lambda k: k[ 1109 'f_name']) 1109 1110 importer_props.append( 1110 1111 dict(title=x.name, name=x.util_name, fields=available_fields)) -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.py
r12440 r12835 23 23 24 24 class Public(grok.Permission): 25 """Everyone-can-do-this-permission. 26 27 This permission is meant to be applied to objects/views/pages 28 etc., that should be usable/readable by everyone. 29 30 We need this to be able to tune default permissions more 31 restrictive and open up some dedicated objects like the front 32 page. 25 """The everyone-can-do-this-permission is being applied to views/pages 26 that are used by everyone. 33 27 """ 34 28 grok.name('waeup.Public') 35 29 36 30 class Anonymous(grok.Permission): 37 """Only-anonymous-can-do-this-permission. 31 """The waeup.Anonymous permission is applied to 32 views/pages which are dedicated to anonymous users only. Logged-in users 33 can't access these views. 38 34 """ 39 35 grok.name('waeup.Anonymous') 40 36 41 37 class Authenticated(grok.Permission): 42 """Only-logged-in-users-can-do-this-permission. 38 """The waeup.Authenticated permission is applied to pages 39 which can only be used by logged-in users and not by anonymous users. 43 40 """ 44 41 grok.name('waeup.Authenticated') 45 42 46 class ViewAcademicsPermission(grok.Permission): 43 class ViewAcademics(grok.Permission): 44 """The waeup.viewAcademics permission is applied to all 45 views of the Academic Section. Users with this permission can view but 46 not edit content in the Academic Section. 47 """ 47 48 grok.name('waeup.viewAcademics') 48 49 49 class ManageAcademicsPermission(grok.Permission): 50 class ManageAcademics(grok.Permission): 51 """The waeup.manageAcademics permission is applied to all edit 52 pages in the Academic Section. Users who have this permission 53 can change/edit context objects. 54 """ 50 55 grok.name('waeup.manageAcademics') 51 56 52 57 class ManagePortal(grok.Permission): 58 """The waeup.managePortal permission is used for very few pages 59 (e.g. the DatacenterSettings page) and is dedicated to portal managers. 60 It is furthermore used to control delete methods of container 61 pages in the Academic Section. The waeup.manageAcademics permission, 62 described above, does enable users to edit content but not to 63 remove sub-containers, like faculties, departments or certificates. 64 Users must have the waeup.managePorta permission too to remove 65 entire containers. 66 """ 53 67 grok.name('waeup.managePortal') 54 68 55 69 class ManageUsers(grok.Permission): 70 """The waeup.manageUsers permission is a real superuser permission 71 and therefore very 'dangerous'. It allows to add, remove or edit 72 user accounts. Editing a user account includes the option to assign 73 or remove roles. That means that a user with this permission can lock out 74 other users by either removing their account or by removing all 75 permsissions. Only the system administrator will be able to revert this. 76 """ 56 77 grok.name('waeup.manageUsers') 57 78 58 79 class ShowStudents(grok.Permission): 80 """Users with this permission can see the 'Students' tab and 81 search and browse all students. If they also have the waeup.exportData 82 permission they can export all student data too. 83 84 Bursary or Department Officers don't have the general waeup.exportData 85 permission (see Roles section) and are only allowed to export bursary 86 or payments overview data respectively. 87 """ 59 88 grok.name('waeup.showStudents') 60 89 61 90 class ClearAllStudents(grok.Permission): 91 """The waeup.clearAllStudents permission allows to clear all students 92 in a department. 93 """ 62 94 grok.name('waeup.clearAllStudents') 63 95 64 96 class EditScores(grok.Permission): 97 """The waeup.editScores permission allows to edit scores in course tickets. 98 """ 65 99 grok.name('waeup.editScores') 66 100 67 101 class EditUser(grok.Permission): 102 """The waeup.editUser permission is required for editing 103 single user accounts. 104 """ 68 105 grok.name('waeup.editUser') 69 106 70 107 class ManageDataCenter(grok.Permission): 108 """The waeup.manageDataCenter permission allows to access all pages 109 in the data center. It does not automatically allow to process data. 110 """ 71 111 grok.name('waeup.manageDataCenter') 72 112 73 113 class ImportData(grok.Permission): 114 """The waeup.importData permission allows to import any kind of portal 115 data. 116 """ 74 117 grok.name('waeup.importData') 75 118 76 119 class ExportData(grok.Permission): 120 """The waeup.exportData permission allows to export any kind of portal 121 data. 122 """ 77 123 grok.name('waeup.exportData') 78 124 … … 87 133 88 134 class ManagePortalConfiguration(grok.Permission): 135 """The waeup.managePortalConfiguration permission allows to 136 edit global and sessional portal configuration data. 137 """ 89 138 grok.name('waeup.managePortalConfiguration') 90 139 91 140 class ManageACBatches(grok.Permission): 141 """The waeup.manageACBatches permission allows to view and 142 manage accesscodes. 143 """ 92 144 grok.name('waeup.manageACBatches') 93 145 94 146 class PutBiometricDataPermission(grok.Permission): 95 """ Permissionto upload/change biometric data.147 """This permission allows to upload/change biometric data. 96 148 """ 97 149 grok.name('waeup.putBiometricData') 98 150 99 151 class GetBiometricDataPermission(grok.Permission): 100 """ Permissionto read biometric data.152 """This permission allows to read biometric data. 101 153 """ 102 154 grok.name('waeup.getBiometricData') … … 281 333 grok.name('waeup.AcademicsManager') 282 334 grok.title(u'Academics Manager') 335 title = u'Academics Manager' 283 336 grok.permissions('waeup.viewAcademics', 284 337 'waeup.manageAcademics') … … 325 378 326 379 class PortalManager(grok.Role): 380 """The portal manager role is the maximum set of Kofa permissions 381 which are needed to manage the entire portal. This set must not 382 be changed or customized. It is recommended to assign this role only 383 to only a few portal administrators. A less dangerous manager role is the 384 CCOfficer role described below. For the most tasks the CCOfficer role 385 is sufficient. 386 """ 327 387 grok.name('waeup.PortalManager') 328 388 grok.title(u'Portal Manager') … … 356 416 357 417 class CCOfficer(grok.Role): 358 """This is basically a copy of the the PortalManager class. We exclude some 359 'dangerous' permissions by commenting them out. 418 """The Computer Center Officer role is basically a copy 419 of the the PortalManager role. Some 'dangerous' permissions are excluded 420 by commenting them out (see source code). If officers need to gain more 421 access rights than defined in this role, do not hastily switch to the 422 PortalManager role but add further manager roles instead. These additional 423 roles could be: UsersManager, ACManager, ImportManager, WorkflowManager 424 or StudentImpersonator. 360 425 """ 361 426 grok.baseclass()
Note: See TracChangeset for help on using the changeset viewer.