Ignore:
Timestamp:
1 Apr 2015, 10:51:35 (10 years ago)
Author:
Henrik Bettermann
Message:

Documentation work in progress.

Remove redundant waeup.viewStudentsTab permission.

Location:
main/waeup.kofa/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/docs/source/userdocs/security.rst

    r12829 r12843  
    1313===========
    1414
    15 The whole set of permissions and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are crucial to configure the security settings properly.
     15The whole set of permissions and roles are described in the :py:mod:`Permissions and Roles Module<waeup.kofa.permissions>`. Here we describe only a subset of permission classes which are essential for the security settings configuration.
    1616
    1717General Permissions
    1818-------------------
    1919
    20 .. autoclass:: waeup.kofa.permissions.Public
     20.. autoclass:: waeup.kofa.permissions.Public()
    2121   :noindex:
    2222
    23 .. autoclass:: waeup.kofa.permissions.Anonymous
     23.. autoclass:: waeup.kofa.permissions.Anonymous()
    2424   :noindex:
    2525
    26 .. autoclass:: waeup.kofa.permissions.Authenticated
     26.. autoclass:: waeup.kofa.permissions.Authenticated()
    2727   :noindex:
    2828
    29 .. autoclass:: waeup.kofa.permissions.ManageUsers
     29.. autoclass:: waeup.kofa.permissions.ManageUsers()
    3030   :noindex:
    3131
    32 .. autoclass:: waeup.kofa.permissions.EditUser
     32.. autoclass:: waeup.kofa.permissions.EditUser()
    3333   :noindex:
    3434
    35 .. autoclass:: waeup.kofa.permissions.ManagePortal
     35.. autoclass:: waeup.kofa.permissions.ManagePortal()
    3636   :noindex:
    3737
    38 .. autoclass:: waeup.kofa.permissions.ViewAcademics
     38.. autoclass:: waeup.kofa.permissions.ViewAcademics()
    3939   :noindex:
    4040
    41 .. autoclass:: waeup.kofa.permissions.ManageAcademics
     41.. autoclass:: waeup.kofa.permissions.ManageAcademics()
    4242   :noindex:
    4343
    44 .. autoclass:: waeup.kofa.permissions.ManagePortalConfiguration
     44.. autoclass:: waeup.kofa.permissions.ManagePortalConfiguration()
    4545   :noindex:
    4646
    47 .. autoclass:: waeup.kofa.permissions.ManageDataCenter
     47.. autoclass:: waeup.kofa.permissions.ManageDataCenter()
    4848   :noindex:
    4949
    50 .. autoclass:: waeup.kofa.permissions.ExportData
     50.. autoclass:: waeup.kofa.permissions.ExportData()
    5151   :noindex:
    5252
    53 .. autoclass:: waeup.kofa.permissions.ImportData
     53.. autoclass:: waeup.kofa.permissions.ImportData()
     54   :noindex:
     55
     56.. autoclass:: waeup.kofa.permissions.TriggerTransition()
     57   :noindex:
     58
     59.. autoclass:: waeup.kofa.permissions.ShowStudents()
     60   :noindex:
     61
     62Application Section Permissions
     63-------------------------------
     64
     65.. autoclass:: waeup.kofa.applicants.permissions.ViewApplication()
     66   :noindex:
     67
     68.. autoclass:: waeup.kofa.applicants.permissions.HandleApplication()
     69   :noindex:
     70
     71.. autoclass:: waeup.kofa.applicants.permissions.ManageApplication()
     72   :noindex:
     73
     74.. autoclass:: waeup.kofa.applicants.permissions.PayApplicant()
     75   :noindex:
     76
     77.. autoclass:: waeup.kofa.applicants.permissions.ViewApplicationStatistics()
    5478   :noindex:
    5579
     
    5781---------------------------
    5882
    59 .. autoclass:: waeup.kofa.permissions.ShowStudents
     83.. autoclass:: waeup.kofa.students.permissions.ViewStudent()
    6084   :noindex:
    6185
     86.. autoclass:: waeup.kofa.students.permissions.HandleStudent()
     87   :noindex:
     88
     89.. autoclass:: waeup.kofa.students.permissions.ViewStudentsContainer()
     90   :noindex:
     91
     92.. autoclass:: waeup.kofa.students.permissions.ManageStudent()
     93   :noindex:
     94
     95.. autoclass:: waeup.kofa.students.permissions.PayStudent()
     96   :noindex:
     97
     98.. autoclass:: waeup.kofa.students.permissions.HandleAccommodation()
     99   :noindex:
     100
     101.. autoclass:: waeup.kofa.students.permissions.UploadStudentFile()
     102   :noindex:
     103
     104.. autoclass:: waeup.kofa.students.permissions.ClearStudent()
     105   :noindex:
     106
     107.. autoclass:: waeup.kofa.students.permissions.TriggerTransition()
     108   :noindex:
     109
     110.. autoclass:: waeup.kofa.students.permissions.LoginAsStudent()
     111   :noindex:
     112
     113.. autoclass:: waeup.kofa.students.permissions.EditStudyLevel()
     114   :noindex:
     115
     116.. autoclass:: waeup.kofa.students.permissions.ClearStudent()
     117   :noindex:
     118
     119.. autoclass:: waeup.kofa.students.permissions.ValidateStudent()
     120   :noindex:
    62121
    63122Global Roles
     
    70129The highly specialized roles are:
    71130
    72 .. autoclass:: waeup.kofa.permissions.AcademicsOfficer
     131.. autoclass:: waeup.kofa.permissions.AcademicsOfficer()
    73132   :noindex:
    74133
    75 .. autoclass:: waeup.kofa.permissions.AcademicsManager
     134.. autoclass:: waeup.kofa.permissions.AcademicsManager()
    76135   :noindex:
    77136
    78 .. autoclass:: waeup.kofa.permissions.DataCenterManager
     137.. autoclass:: waeup.kofa.permissions.DataCenterManager()
    79138   :noindex:
    80139
    81 .. autoclass:: waeup.kofa.permissions.ImportManager
     140.. autoclass:: waeup.kofa.permissions.ImportManager()
    82141   :noindex:
    83142
    84 .. autoclass:: waeup.kofa.permissions.ExportManager
     143.. autoclass:: waeup.kofa.permissions.ExportManager()
    85144   :noindex:
    86145
    87 .. autoclass:: waeup.kofa.permissions.ACManager
     146.. autoclass:: waeup.kofa.permissions.ACManager()
    88147   :noindex:
    89148
    90 .. autoclass:: waeup.kofa.permissions.UsersManager
     149.. autoclass:: waeup.kofa.permissions.UsersManager()
    91150   :noindex:
    92151
    93 .. autoclass:: waeup.kofa.permissions.WorkflowManager
     152.. autoclass:: waeup.kofa.permissions.WorkflowManager()
    94153   :noindex:
    95154
     
    99158   :noindex:
    100159
    101 .. autoclass:: waeup.kofa.permissions.CCOfficer
     160.. autoclass:: waeup.kofa.permissions.CCOfficer()
    102161   :noindex:
    103162
  • main/waeup.kofa/trunk/src/waeup/kofa/permissions.py

    r12835 r12843  
    2929
    3030class Anonymous(grok.Permission):
    31     """The waeup.Anonymous permission is applied to
     31    """The Anonymous permission is applied to
    3232    views/pages which are dedicated to anonymous users only. Logged-in users
    3333    can't access these views.
     
    3636
    3737class Authenticated(grok.Permission):
    38     """The waeup.Authenticated permission is applied to pages
     38    """The Authenticated permission is applied to pages
    3939    which can only be used by logged-in users and not by anonymous users.
    4040    """
     
    4242
    4343class ViewAcademics(grok.Permission):
    44     """The waeup.viewAcademics permission is applied to all
     44    """The ViewAcademics permission is applied to all
    4545    views of the Academic Section. Users with this permission can view but
    4646    not edit content in the Academic Section.
     
    4949
    5050class ManageAcademics(grok.Permission):
    51     """The waeup.manageAcademics permission is applied to all edit
     51    """The ManageAcademics permission is applied to all edit
    5252    pages in the Academic Section. Users who have this permission
    5353    can change/edit context objects.
     
    5656
    5757class ManagePortal(grok.Permission):
    58     """The waeup.managePortal permission is used for very few pages
     58    """The ManagePortal permission is used for very few pages
    5959    (e.g. the DatacenterSettings page) and is dedicated to portal managers.
    6060    It is furthermore used to control delete methods of container
    61     pages in the Academic Section. The waeup.manageAcademics permission,
     61    pages in the Academic Section. The ManageAcademics permission,
    6262    described above, does enable users to edit content but not to
    6363    remove sub-containers, like faculties, departments or certificates.
    64     Users must have the waeup.managePorta permission too to remove
     64    Users must have the ManagePortal permission too to remove
    6565    entire containers.
    6666    """
     
    6868
    6969class ManageUsers(grok.Permission):
    70     """The waeup.manageUsers permission is a real superuser permission
     70    """The ManageUsers permission is a real superuser permission
    7171    and therefore very 'dangerous'. It allows to add, remove or edit
    7272    user accounts. Editing a user account includes the option to assign
     
    7878
    7979class ShowStudents(grok.Permission):
    80     """Users with this permission can see the 'Students' tab and
    81     search and browse all students. If they also have the waeup.exportData
    82     permission they can export all student data too.
    83 
    84     Bursary or Department Officers don't have the general waeup.exportData
     80    """Users with this permission do not neccessarily see the 'Students' tab
     81    but they can search for students at department, certificate or course
     82    level. If they additionally have the ExportData permission they can
     83    export the data as csv files.
     84
     85    Bursary or Department Officers don't have the general ExportData
    8586    permission (see Roles section) and are only allowed to export bursary
    8687    or payments overview data respectively.
     
    8990
    9091class ClearAllStudents(grok.Permission):
    91     """The waeup.clearAllStudents permission allows to clear all students
     92    """The ClearAllStudents permission allows to clear all students
    9293    in a department.
    9394    """
     
    9596
    9697class EditScores(grok.Permission):
    97     """The waeup.editScores permission allows to edit scores in course tickets.
     98    """The EditScores permission allows to edit scores in course tickets.
    9899    """
    99100    grok.name('waeup.editScores')
    100101
     102class TriggerTransition(grok.Permission):
     103    """The TriggerTransition permission allows to trigger workflow transitions
     104    of student and document objects.
     105    """
     106    grok.name('waeup.triggerTransition')
     107
    101108class EditUser(grok.Permission):
    102     """The waeup.editUser permission is required for editing
     109    """The EditUser permission is required for editing
    103110    single user accounts.
    104111    """
     
    106113
    107114class ManageDataCenter(grok.Permission):
    108     """The waeup.manageDataCenter permission allows to access all pages
     115    """The ManageDataCenter permission allows to access all pages
    109116    in the data center. It does not automatically allow to process data.
    110117    """
     
    112119
    113120class ImportData(grok.Permission):
    114     """The waeup.importData permission allows to import any kind of portal
    115     data.
     121    """The ImportData permission allows to batch process (import) any kind of
     122    portal data except for user data. This processor requires the ManageUsers
     123    permission too.
    116124    """
    117125    grok.name('waeup.importData')
    118126
    119127class ExportData(grok.Permission):
    120     """The waeup.exportData permission allows to export any kind of portal
     128    """The ExportData permission allows to export any kind of portal
    121129    data.
    122130    """
     
    133141
    134142class ManagePortalConfiguration(grok.Permission):
    135     """The waeup.managePortalConfiguration permission allows to
     143    """The ManagePortalConfiguration permission allows to
    136144    edit global and sessional portal configuration data.
    137145    """
     
    139147
    140148class ManageACBatches(grok.Permission):
    141     """The waeup.manageACBatches permission allows to view and
     149    """The ManageACBatches permission allows to view and
    142150    manage accesscodes.
    143151    """
     
    157165# Local Roles
    158166class ApplicationsManager(grok.Role):
     167    """
     168    """
    159169    grok.name('waeup.local.ApplicationsManager')
    160170    grok.title(u'Applications Manager')
     
    162172
    163173class DepartmentManager(grok.Role):
     174    """
     175    """
    164176    grok.name('waeup.local.DepartmentManager')
    165177    grok.title(u'Department Manager')
     
    169181
    170182class DepartmentOfficer(grok.Role):
     183    """
     184    """
    171185    grok.name('waeup.local.DepartmentOfficer')
    172186    grok.title(u'Department Officer')
     
    326340# Site Roles
    327341class AcademicsOfficer(grok.Role):
     342    """An Academics Officer can  can view but not edit data in the
     343    Academics Section.
     344
     345    This is the default role which is automatically assigned to all
     346    officers of the portal. A user with this role can access all display pages
     347    at faculty, department, course, certificate and certificate course level.
     348    """
    328349    grok.name('waeup.AcademicsOfficer')
    329350    grok.title(u'Academics Officer (view only)')
     
    331352
    332353class AcademicsManager(grok.Role):
     354    """An Academics Manager can view and edit all data in the
     355    Academics section. A user with this role can access all manage pages
     356    at faculty, department, course, certificate and certificate course level.
     357    """
    333358    grok.name('waeup.AcademicsManager')
    334359    grok.title(u'Academics Manager')
     
    338363
    339364class ACManager(grok.Role):
     365    """This is the role for Access Code Managers.
     366    An ACManager can view and manage the Accesscodes Section.
     367    """
    340368    grok.name('waeup.ACManager')
    341369    grok.title(u'Access Code Manager')
     
    343371
    344372class DataCenterManager(grok.Role):
     373    """This single-permission role is dedicated to those users
     374    who are charged with batch processing of portal data.
     375    A DataCenterManager manager can access all pages in the Data Center
     376    (see ManageDataCenter permission above).
     377    """
    345378    grok.name('waeup.DataCenterManager')
    346379    grok.title(u'Datacenter Manager')
     
    348381
    349382class ImportManager(grok.Role):
     383    """An ImportManager is a DataCenterManager who is also allowed
     384    to batch process (import) data. All batch processors (importers) are
     385    available except for the User Processor. This processor requires the
     386    UsersManager role too. The ImportManager role includes the
     387    DataCenterManager role.
     388    """
    350389    grok.name('waeup.ImportManager')
    351390    grok.title(u'Import Manager')
     
    354393
    355394class ExportManager(grok.Role):
     395    """An ExportManager is a DataCenterManager who is also allowed
     396    to export all kind of portal data. The ExportManager role includes the
     397    DataCenterManager role.
     398    """
    356399    grok.name('waeup.ExportManager')
    357400    grok.title(u'Export Manager')
     
    360403
    361404class BursaryOfficer(grok.Role):
     405    """BursaryOfficers can export bursary data. They can't access the
     406    Data Center but see export buttons in the Academic Section.
     407    """
    362408    grok.name('waeup.BursaryOfficer')
    363409    grok.title(u'Bursary Officer')
     
    367413
    368414class UsersManager(grok.Role):
     415    """See ManageUsers permission.
     416    """
    369417    grok.name('waeup.UsersManager')
    370418    grok.title(u'Users Manager')
     
    373421
    374422class WorkflowManager(grok.Role):
     423    """See TriggerTransition permission.
     424    """
    375425    grok.name('waeup.WorkflowManager')
    376426    grok.title(u'Workflow Manager')
     
    406456                     'waeup.editScores',
    407457                     'waeup.triggerTransition',
    408                      'waeup.viewStudentsContainer','waeup.viewStudentsTab',
     458                     'waeup.viewStudentsContainer',
    409459                     'waeup.handleAccommodation',
    410460                     'waeup.viewHostels', 'waeup.manageHostels',
     
    416466
    417467class CCOfficer(grok.Role):
    418     """The Computer Center Officer role is basically a copy
     468    """The role of the Computer Center Officer is basically a copy
    419469    of the the PortalManager role. Some 'dangerous' permissions are excluded
    420470    by commenting them out (see source code). If officers need to gain more
    421471    access rights than defined in this role, do not hastily switch to the
    422     PortalManager role but add further manager roles instead. These additional
     472    PortalManager role but add further manager roles instead. Additional
    423473    roles could be: UsersManager, ACManager, ImportManager, WorkflowManager
    424474    or StudentImpersonator.
     475
     476    CCOfficer is a base class which means that this role is meant
     477    for customization. It is not used in the `waeup.kofa` base package.
    425478    """
    426479    grok.baseclass()
     
    446499                     'waeup.editScores',
    447500                     #'waeup.triggerTransition',
    448                      'waeup.viewStudentsContainer','waeup.viewStudentsTab',
     501                     'waeup.viewStudentsContainer',
    449502                     'waeup.handleAccommodation',
    450503                     'waeup.viewHostels', 'waeup.manageHostels',
  • main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py

    r10465 r12843  
    2929    grok.name('waeup.viewStudent')
    3030
    31 class ViewStudentsTab(grok.Permission):
    32     grok.name('waeup.viewStudentsTab')
    33 
    3431class ViewMyStudentDataTab(grok.Permission):
    3532    grok.name('waeup.viewMyStudentDataTab')
     
    5956    grok.name('waeup.editStudyLevel')
    6057
    61 class TriggerTransition(grok.Permission):
    62     grok.name('waeup.triggerTransition')
    63 
    6458class LoginAsStudent(grok.Permission):
    6559    grok.name('waeup.loginAsStudent')
     
    6963    grok.name('waeup.local.StudentRecordOwner')
    7064    grok.title(u'Student Record Owner')
    71     grok.permissions('waeup.handleStudent', 'waeup.uploadStudentFile',
    72                      'waeup.viewStudent', 'waeup.payStudent',
    73                      'waeup.handleAccommodation', 'waeup.editStudyLevel')
     65    grok.permissions('waeup.handleStudent',
     66                     'waeup.uploadStudentFile',
     67                     'waeup.viewStudent',
     68                     'waeup.payStudent',
     69                     'waeup.handleAccommodation',
     70                     'waeup.editStudyLevel')
    7471
    7572# Site Roles
     
    7774    grok.name('waeup.Student')
    7875    grok.title(u'Student (do not assign)')
    79     grok.permissions('waeup.viewAcademics', 'waeup.viewMyStudentDataTab',
     76    grok.permissions('waeup.viewAcademics',
     77                     'waeup.viewMyStudentDataTab',
    8078                     'waeup.Authenticated')
    8179
     
    8381    grok.name('waeup.StudentsOfficer')
    8482    grok.title(u'Students Officer (view only)')
    85     grok.permissions('waeup.viewStudent','waeup.viewStudents',
    86           'waeup.viewStudentsTab', 'waeup.viewStudentsContainer')
     83    grok.permissions('waeup.viewStudent',
     84                    'waeup.viewStudentsContainer')
    8785
    8886class StudentsManager(grok.Role):
    8987    grok.name('waeup.StudentsManager')
    9088    grok.title(u'Students Manager')
    91     grok.permissions('waeup.viewStudent', 'waeup.viewStudents',
    92                      'waeup.manageStudent', 'waeup.viewStudentsContainer',
    93                      'waeup.payStudent', 'waeup.uploadStudentFile',
    94                      'waeup.viewStudentsTab', 'waeup.handleAccommodation')
     89    grok.permissions('waeup.viewStudent',
     90                     'waeup.manageStudent',
     91                     'waeup.viewStudentsContainer',
     92                     'waeup.payStudent',
     93                     'waeup.uploadStudentFile',
     94                     'waeup.handleAccommodation')
    9595
    9696class TranscriptOfficer(grok.Role):
     
    100100                     'waeup.viewTranscript',
    101101                     'waeup.viewStudent',
    102                      'waeup.viewStudents',
    103                      'waeup.viewStudentsTab',
    104102                     'waeup.viewStudentsContainer',
    105103                     )
     
    108106    grok.name('waeup.StudentsClearanceOfficer')
    109107    grok.title(u'Clearance Officer (all students)')
    110     grok.permissions('waeup.clearStudent','waeup.viewStudent')
     108    grok.permissions('waeup.clearStudent',
     109                     'waeup.viewStudent')
    111110
    112111class StudentsCourseAdviser(grok.Role):
    113112    grok.name('waeup.StudentsCourseAdviser')
    114113    grok.title(u'Course Adviser (all students)')
    115     grok.permissions('waeup.validateStudent','waeup.viewStudent',
     114    grok.permissions('waeup.validateStudent',
     115                     'waeup.viewStudent',
    116116                     'waeup.editStudyLevel')
    117117
  • main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py

    r12421 r12843  
    717717    grok.context(IKofaObject)
    718718    grok.order(4)
    719     grok.require('waeup.viewStudentsTab')
     719    grok.require('waeup.viewStudentsContainer')
    720720    grok.name('studentstab')
    721721
Note: See TracChangeset for help on using the changeset viewer.