Changeset 12843 for main/waeup.kofa/trunk/src/waeup
- Timestamp:
- 1 Apr 2015, 10:51:35 (10 years ago)
- Location:
- main/waeup.kofa/trunk/src/waeup/kofa
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/src/waeup/kofa/permissions.py
r12835 r12843 29 29 30 30 class Anonymous(grok.Permission): 31 """The waeup.Anonymous permission is applied to31 """The Anonymous permission is applied to 32 32 views/pages which are dedicated to anonymous users only. Logged-in users 33 33 can't access these views. … … 36 36 37 37 class Authenticated(grok.Permission): 38 """The waeup.Authenticated permission is applied to pages38 """The Authenticated permission is applied to pages 39 39 which can only be used by logged-in users and not by anonymous users. 40 40 """ … … 42 42 43 43 class ViewAcademics(grok.Permission): 44 """The waeup.viewAcademics permission is applied to all44 """The ViewAcademics permission is applied to all 45 45 views of the Academic Section. Users with this permission can view but 46 46 not edit content in the Academic Section. … … 49 49 50 50 class ManageAcademics(grok.Permission): 51 """The waeup.manageAcademics permission is applied to all edit51 """The ManageAcademics permission is applied to all edit 52 52 pages in the Academic Section. Users who have this permission 53 53 can change/edit context objects. … … 56 56 57 57 class ManagePortal(grok.Permission): 58 """The waeup.managePortal permission is used for very few pages58 """The ManagePortal permission is used for very few pages 59 59 (e.g. the DatacenterSettings page) and is dedicated to portal managers. 60 60 It is furthermore used to control delete methods of container 61 pages in the Academic Section. The waeup.manageAcademics permission,61 pages in the Academic Section. The ManageAcademics permission, 62 62 described above, does enable users to edit content but not to 63 63 remove sub-containers, like faculties, departments or certificates. 64 Users must have the waeup.managePortapermission too to remove64 Users must have the ManagePortal permission too to remove 65 65 entire containers. 66 66 """ … … 68 68 69 69 class ManageUsers(grok.Permission): 70 """The waeup.manageUsers permission is a real superuser permission70 """The ManageUsers permission is a real superuser permission 71 71 and therefore very 'dangerous'. It allows to add, remove or edit 72 72 user accounts. Editing a user account includes the option to assign … … 78 78 79 79 class ShowStudents(grok.Permission): 80 """Users with this permission can see the 'Students' tab and 81 search and browse all students. If they also have the waeup.exportData 82 permission they can export all student data too. 83 84 Bursary or Department Officers don't have the general waeup.exportData 80 """Users with this permission do not neccessarily see the 'Students' tab 81 but they can search for students at department, certificate or course 82 level. If they additionally have the ExportData permission they can 83 export the data as csv files. 84 85 Bursary or Department Officers don't have the general ExportData 85 86 permission (see Roles section) and are only allowed to export bursary 86 87 or payments overview data respectively. … … 89 90 90 91 class ClearAllStudents(grok.Permission): 91 """The waeup.clearAllStudents permission allows to clear all students92 """The ClearAllStudents permission allows to clear all students 92 93 in a department. 93 94 """ … … 95 96 96 97 class EditScores(grok.Permission): 97 """The waeup.editScores permission allows to edit scores in course tickets.98 """The EditScores permission allows to edit scores in course tickets. 98 99 """ 99 100 grok.name('waeup.editScores') 100 101 102 class TriggerTransition(grok.Permission): 103 """The TriggerTransition permission allows to trigger workflow transitions 104 of student and document objects. 105 """ 106 grok.name('waeup.triggerTransition') 107 101 108 class EditUser(grok.Permission): 102 """The waeup.editUser permission is required for editing109 """The EditUser permission is required for editing 103 110 single user accounts. 104 111 """ … … 106 113 107 114 class ManageDataCenter(grok.Permission): 108 """The waeup.manageDataCenter permission allows to access all pages115 """The ManageDataCenter permission allows to access all pages 109 116 in the data center. It does not automatically allow to process data. 110 117 """ … … 112 119 113 120 class ImportData(grok.Permission): 114 """The waeup.importData permission allows to import any kind of portal 115 data. 121 """The ImportData permission allows to batch process (import) any kind of 122 portal data except for user data. This processor requires the ManageUsers 123 permission too. 116 124 """ 117 125 grok.name('waeup.importData') 118 126 119 127 class ExportData(grok.Permission): 120 """The waeup.exportData permission allows to export any kind of portal128 """The ExportData permission allows to export any kind of portal 121 129 data. 122 130 """ … … 133 141 134 142 class ManagePortalConfiguration(grok.Permission): 135 """The waeup.managePortalConfiguration permission allows to143 """The ManagePortalConfiguration permission allows to 136 144 edit global and sessional portal configuration data. 137 145 """ … … 139 147 140 148 class ManageACBatches(grok.Permission): 141 """The waeup.manageACBatches permission allows to view and149 """The ManageACBatches permission allows to view and 142 150 manage accesscodes. 143 151 """ … … 157 165 # Local Roles 158 166 class ApplicationsManager(grok.Role): 167 """ 168 """ 159 169 grok.name('waeup.local.ApplicationsManager') 160 170 grok.title(u'Applications Manager') … … 162 172 163 173 class DepartmentManager(grok.Role): 174 """ 175 """ 164 176 grok.name('waeup.local.DepartmentManager') 165 177 grok.title(u'Department Manager') … … 169 181 170 182 class DepartmentOfficer(grok.Role): 183 """ 184 """ 171 185 grok.name('waeup.local.DepartmentOfficer') 172 186 grok.title(u'Department Officer') … … 326 340 # Site Roles 327 341 class AcademicsOfficer(grok.Role): 342 """An Academics Officer can can view but not edit data in the 343 Academics Section. 344 345 This is the default role which is automatically assigned to all 346 officers of the portal. A user with this role can access all display pages 347 at faculty, department, course, certificate and certificate course level. 348 """ 328 349 grok.name('waeup.AcademicsOfficer') 329 350 grok.title(u'Academics Officer (view only)') … … 331 352 332 353 class AcademicsManager(grok.Role): 354 """An Academics Manager can view and edit all data in the 355 Academics section. A user with this role can access all manage pages 356 at faculty, department, course, certificate and certificate course level. 357 """ 333 358 grok.name('waeup.AcademicsManager') 334 359 grok.title(u'Academics Manager') … … 338 363 339 364 class ACManager(grok.Role): 365 """This is the role for Access Code Managers. 366 An ACManager can view and manage the Accesscodes Section. 367 """ 340 368 grok.name('waeup.ACManager') 341 369 grok.title(u'Access Code Manager') … … 343 371 344 372 class DataCenterManager(grok.Role): 373 """This single-permission role is dedicated to those users 374 who are charged with batch processing of portal data. 375 A DataCenterManager manager can access all pages in the Data Center 376 (see ManageDataCenter permission above). 377 """ 345 378 grok.name('waeup.DataCenterManager') 346 379 grok.title(u'Datacenter Manager') … … 348 381 349 382 class ImportManager(grok.Role): 383 """An ImportManager is a DataCenterManager who is also allowed 384 to batch process (import) data. All batch processors (importers) are 385 available except for the User Processor. This processor requires the 386 UsersManager role too. The ImportManager role includes the 387 DataCenterManager role. 388 """ 350 389 grok.name('waeup.ImportManager') 351 390 grok.title(u'Import Manager') … … 354 393 355 394 class ExportManager(grok.Role): 395 """An ExportManager is a DataCenterManager who is also allowed 396 to export all kind of portal data. The ExportManager role includes the 397 DataCenterManager role. 398 """ 356 399 grok.name('waeup.ExportManager') 357 400 grok.title(u'Export Manager') … … 360 403 361 404 class BursaryOfficer(grok.Role): 405 """BursaryOfficers can export bursary data. They can't access the 406 Data Center but see export buttons in the Academic Section. 407 """ 362 408 grok.name('waeup.BursaryOfficer') 363 409 grok.title(u'Bursary Officer') … … 367 413 368 414 class UsersManager(grok.Role): 415 """See ManageUsers permission. 416 """ 369 417 grok.name('waeup.UsersManager') 370 418 grok.title(u'Users Manager') … … 373 421 374 422 class WorkflowManager(grok.Role): 423 """See TriggerTransition permission. 424 """ 375 425 grok.name('waeup.WorkflowManager') 376 426 grok.title(u'Workflow Manager') … … 406 456 'waeup.editScores', 407 457 'waeup.triggerTransition', 408 'waeup.viewStudentsContainer', 'waeup.viewStudentsTab',458 'waeup.viewStudentsContainer', 409 459 'waeup.handleAccommodation', 410 460 'waeup.viewHostels', 'waeup.manageHostels', … … 416 466 417 467 class CCOfficer(grok.Role): 418 """The Computer Center Officer roleis basically a copy468 """The role of the Computer Center Officer is basically a copy 419 469 of the the PortalManager role. Some 'dangerous' permissions are excluded 420 470 by commenting them out (see source code). If officers need to gain more 421 471 access rights than defined in this role, do not hastily switch to the 422 PortalManager role but add further manager roles instead. These additional472 PortalManager role but add further manager roles instead. Additional 423 473 roles could be: UsersManager, ACManager, ImportManager, WorkflowManager 424 474 or StudentImpersonator. 475 476 CCOfficer is a base class which means that this role is meant 477 for customization. It is not used in the `waeup.kofa` base package. 425 478 """ 426 479 grok.baseclass() … … 446 499 'waeup.editScores', 447 500 #'waeup.triggerTransition', 448 'waeup.viewStudentsContainer', 'waeup.viewStudentsTab',501 'waeup.viewStudentsContainer', 449 502 'waeup.handleAccommodation', 450 503 'waeup.viewHostels', 'waeup.manageHostels', -
main/waeup.kofa/trunk/src/waeup/kofa/students/permissions.py
r10465 r12843 29 29 grok.name('waeup.viewStudent') 30 30 31 class ViewStudentsTab(grok.Permission):32 grok.name('waeup.viewStudentsTab')33 34 31 class ViewMyStudentDataTab(grok.Permission): 35 32 grok.name('waeup.viewMyStudentDataTab') … … 59 56 grok.name('waeup.editStudyLevel') 60 57 61 class TriggerTransition(grok.Permission):62 grok.name('waeup.triggerTransition')63 64 58 class LoginAsStudent(grok.Permission): 65 59 grok.name('waeup.loginAsStudent') … … 69 63 grok.name('waeup.local.StudentRecordOwner') 70 64 grok.title(u'Student Record Owner') 71 grok.permissions('waeup.handleStudent', 'waeup.uploadStudentFile', 72 'waeup.viewStudent', 'waeup.payStudent', 73 'waeup.handleAccommodation', 'waeup.editStudyLevel') 65 grok.permissions('waeup.handleStudent', 66 'waeup.uploadStudentFile', 67 'waeup.viewStudent', 68 'waeup.payStudent', 69 'waeup.handleAccommodation', 70 'waeup.editStudyLevel') 74 71 75 72 # Site Roles … … 77 74 grok.name('waeup.Student') 78 75 grok.title(u'Student (do not assign)') 79 grok.permissions('waeup.viewAcademics', 'waeup.viewMyStudentDataTab', 76 grok.permissions('waeup.viewAcademics', 77 'waeup.viewMyStudentDataTab', 80 78 'waeup.Authenticated') 81 79 … … 83 81 grok.name('waeup.StudentsOfficer') 84 82 grok.title(u'Students Officer (view only)') 85 grok.permissions('waeup.viewStudent', 'waeup.viewStudents',86 'waeup.viewStudentsTab','waeup.viewStudentsContainer')83 grok.permissions('waeup.viewStudent', 84 'waeup.viewStudentsContainer') 87 85 88 86 class StudentsManager(grok.Role): 89 87 grok.name('waeup.StudentsManager') 90 88 grok.title(u'Students Manager') 91 grok.permissions('waeup.viewStudent', 'waeup.viewStudents', 92 'waeup.manageStudent', 'waeup.viewStudentsContainer', 93 'waeup.payStudent', 'waeup.uploadStudentFile', 94 'waeup.viewStudentsTab', 'waeup.handleAccommodation') 89 grok.permissions('waeup.viewStudent', 90 'waeup.manageStudent', 91 'waeup.viewStudentsContainer', 92 'waeup.payStudent', 93 'waeup.uploadStudentFile', 94 'waeup.handleAccommodation') 95 95 96 96 class TranscriptOfficer(grok.Role): … … 100 100 'waeup.viewTranscript', 101 101 'waeup.viewStudent', 102 'waeup.viewStudents',103 'waeup.viewStudentsTab',104 102 'waeup.viewStudentsContainer', 105 103 ) … … 108 106 grok.name('waeup.StudentsClearanceOfficer') 109 107 grok.title(u'Clearance Officer (all students)') 110 grok.permissions('waeup.clearStudent','waeup.viewStudent') 108 grok.permissions('waeup.clearStudent', 109 'waeup.viewStudent') 111 110 112 111 class StudentsCourseAdviser(grok.Role): 113 112 grok.name('waeup.StudentsCourseAdviser') 114 113 grok.title(u'Course Adviser (all students)') 115 grok.permissions('waeup.validateStudent','waeup.viewStudent', 114 grok.permissions('waeup.validateStudent', 115 'waeup.viewStudent', 116 116 'waeup.editStudyLevel') 117 117 -
main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py
r12421 r12843 717 717 grok.context(IKofaObject) 718 718 grok.order(4) 719 grok.require('waeup.viewStudents Tab')719 grok.require('waeup.viewStudentsContainer') 720 720 grok.name('studentstab') 721 721
Note: See TracChangeset for help on using the changeset viewer.