Ignore:
Timestamp:
2 Apr 2015, 06:11:59 (10 years ago)
Author:
Henrik Bettermann
Message:

Add ReportsManager? role.

Location:
main/waeup.kofa/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/CHANGES.txt

    r12810 r12844  
    441.3.2.dev0 (unreleased)
    55=======================
     6
     7* Add ReportsManager role.
     8
     9* Do not automatically allow ImportManagers to import user data.
    610
    711* Skip empty rows produced by spreadsheet software.
  • main/waeup.kofa/trunk/docs/source/userdocs/security.rst

    r12843 r12844  
    6060   :noindex:
    6161
     62.. autoclass:: waeup.kofa.reports.ManageReports()
     63   :noindex:
     64
    6265Application Section Permissions
    6366-------------------------------
     
    127130Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks.
    128131
    129 The highly specialized roles are:
     132Global General Roles
     133--------------------
    130134
    131135.. autoclass:: waeup.kofa.permissions.AcademicsOfficer()
     
    153157   :noindex:
    154158
     159.. autoclass:: waeup.kofa.reports.ReportsManager()
     160   :noindex:
     161
    155162In contrast to these specialized sets of permissions, there are two sets which delegate extensive powers on portal managers.
    156163
    157 .. autoclass:: waeup.kofa.permissions.PortalManager
     164.. autoclass:: waeup.kofa.permissions.PortalManager()
    158165   :noindex:
    159166
    160167.. autoclass:: waeup.kofa.permissions.CCOfficer()
     168   :noindex:
     169
     170Global Application Section Roles
     171--------------------------------
     172
     173.. autoclass:: waeup.kofa.applicants.permissions.ApplicantRole()
     174   :noindex:
     175
     176.. autoclass:: waeup.kofa.applicants.permissions.ApplicationsOfficer()
     177   :noindex:
     178
     179.. autoclass:: waeup.kofa.applicants.permissions.ApplicationsManager()
     180   :noindex:
     181
     182Global Student Section Roles
     183----------------------------
     184
     185.. autoclass:: waeup.kofa.students.permissions.StudentRole()
     186   :noindex:
     187
     188.. autoclass:: waeup.kofa.students.permissions.StudentsOfficer()
     189   :noindex:
     190
     191.. autoclass:: waeup.kofa.students.permissions.StudentsManager()
     192   :noindex:
     193
     194.. autoclass:: waeup.kofa.students.permissions.StudentsClearanceOfficer()
     195   :noindex:
     196
     197.. autoclass:: waeup.kofa.students.permissions.StudentsCourseAdviser()
     198   :noindex:
     199
     200.. autoclass:: waeup.kofa.students.permissions.StudentImpersonator()
    161201   :noindex:
    162202
  • main/waeup.kofa/trunk/src/waeup/kofa/permissions.py

    r12843 r12844  
    2323
    2424class Public(grok.Permission):
    25     """The everyone-can-do-this-permission is being applied to views/pages
    26     that are used by everyone.
     25    """The Public or everyone-can-do-this-permission is being applied
     26    to views/pages that are used by everyone.
    2727    """
    2828    grok.name('waeup.Public')
     
    3030class Anonymous(grok.Permission):
    3131    """The Anonymous permission is applied to
    32     views/pages which are dedicated to anonymous users only. Logged-in users
    33     can't access these views.
     32    views/pages which are dedicated to anonymous users only.
     33    Logged-in users can't access these views.
    3434    """
    3535    grok.name('waeup.Anonymous')
     
    4949
    5050class ManageAcademics(grok.Permission):
    51     """The ManageAcademics permission is applied to all edit
     51    """The ManageAcademics permission is applied to all edit/manage
    5252    pages in the Academic Section. Users who have this permission
    5353    can change/edit context objects.
     
    5757class ManagePortal(grok.Permission):
    5858    """The ManagePortal permission is used for very few pages
    59     (e.g. the DatacenterSettings page) and is dedicated to portal managers.
    60     It is furthermore used to control delete methods of container
     59    (e.g. the DatacenterSettings page). Only PortalManagers have this
     60    permission. It is furthermore used to control delete methods of container
    6161    pages in the Academic Section. The ManageAcademics permission,
    6262    described above, does enable users to edit content but not to
     
    7272    user accounts. Editing a user account includes the option to assign
    7373    or remove roles. That means that a user with this permission can lock out
    74     other users by either removing their account or by removing all
    75     permsissions. Only the system administrator will be able to revert this.
     74    other users by either removing their account or by removing
     75    permissions.
    7676    """
    7777    grok.name('waeup.manageUsers')
     
    8383    export the data as csv files.
    8484
    85     Bursary or Department Officers don't have the general ExportData
     85    Bursary or Department Officers don't have the ExportData
    8686    permission (see Roles section) and are only allowed to export bursary
    8787    or payments overview data respectively.
     
    9191class ClearAllStudents(grok.Permission):
    9292    """The ClearAllStudents permission allows to clear all students
    93     in a department.
     93    in a department at one sweep.
    9494    """
    9595    grok.name('waeup.clearAllStudents')
     
    114114class ManageDataCenter(grok.Permission):
    115115    """The ManageDataCenter permission allows to access all pages
    116     in the data center. It does not automatically allow to process data.
     116    in the Data Center and to upload files. It does not automatically
     117    allow to process uploaded data.
    117118    """
    118119    grok.name('waeup.manageDataCenter')
     
    120121class ImportData(grok.Permission):
    121122    """The ImportData permission allows to batch process (import) any kind of
    122     portal data except for user data. This processor requires the ManageUsers
    123     permission too.
     123    portal data except for user data. This User Data processor
     124    requires also the ManageUsers permission.
    124125    """
    125126    grok.name('waeup.importData')
    126127
    127128class ExportData(grok.Permission):
    128     """The ExportData permission allows to export any kind of portal
    129     data.
     129    """The ExportData permission allows to export any kind of portal data.
    130130    """
    131131    grok.name('waeup.exportData')
     
    340340# Site Roles
    341341class AcademicsOfficer(grok.Role):
    342     """An Academics Officer can  can view but not edit data in the
     342    """An Academics Officer can view but not edit data in the
    343343    Academics Section.
    344344
     
    353353class AcademicsManager(grok.Role):
    354354    """An Academics Manager can view and edit all data in the
    355     Academics section. A user with this role can access all manage pages
     355    Academics Section, i.e. access all manage pages
    356356    at faculty, department, course, certificate and certificate course level.
    357357    """
     
    364364class ACManager(grok.Role):
    365365    """This is the role for Access Code Managers.
    366     An ACManager can view and manage the Accesscodes Section.
     366    An ACManager can view and manage the Accesscodes Section, see
     367    ManageACBatches permission above.
    367368    """
    368369    grok.name('waeup.ACManager')
     
    373374    """This single-permission role is dedicated to those users
    374375    who are charged with batch processing of portal data.
    375     A DataCenterManager manager can access all pages in the Data Center
    376     (see ManageDataCenter permission above).
     376    A DataCenterManager manager can access all pages in the Data Center,
     377    see ManageDataCenter permission above.
    377378    """
    378379    grok.name('waeup.DataCenterManager')
     
    385386    available except for the User Processor. This processor requires the
    386387    UsersManager role too. The ImportManager role includes the
    387     DataCenterManager role.
     388    DataCenterManager role but not vice versa.
    388389    """
    389390    grok.name('waeup.ImportManager')
     
    395396    """An ExportManager is a DataCenterManager who is also allowed
    396397    to export all kind of portal data. The ExportManager role includes the
    397     DataCenterManager role.
     398    DataCenterManager role but not vice versa.
    398399    """
    399400    grok.name('waeup.ExportManager')
     
    404405class BursaryOfficer(grok.Role):
    405406    """BursaryOfficers can export bursary data. They can't access the
    406     Data Center but see export buttons in the Academic Section.
     407    Data Center but see student data export buttons in the Academic Section.
    407408    """
    408409    grok.name('waeup.BursaryOfficer')
     
    413414
    414415class UsersManager(grok.Role):
    415     """See ManageUsers permission.
     416    """A UsersManager can add, remove or edit
     417    user accounts, see ManageUsers permission for further information.
     418    Be very careful with this role.
    416419    """
    417420    grok.name('waeup.UsersManager')
     
    421424
    422425class WorkflowManager(grok.Role):
    423     """See TriggerTransition permission.
     426    """The WorkflowManager can trigger workflow transitions
     427    of student and document objects, see TriggerTransition permission
     428    for further information.
    424429    """
    425430    grok.name('waeup.WorkflowManager')
     
    430435    """The portal manager role is the maximum set of Kofa permissions
    431436    which are needed to manage the entire portal. This set must not
    432     be changed or customized. It is recommended to assign this role only
    433     to only a few portal administrators. A less dangerous manager role is the
    434     CCOfficer role described below. For the most tasks the CCOfficer role
    435     is sufficient.
     437    be customized. It is recommended to assign this role only
     438    to a few certified Kofa administrators.
     439    A less dangerous manager role is the CCOfficer role described below.
     440    For the most tasks the CCOfficer role is sufficient.
    436441    """
    437442    grok.name('waeup.PortalManager')
     
    474479    or StudentImpersonator.
    475480
    476     CCOfficer is a base class which means that this role is meant
    477     for customization. It is not used in the `waeup.kofa` base package.
     481    CCOfficer is a base class which means that this role is subject to
     482    customization. It is not used in the ``waeup.kofa`` base package.
    478483    """
    479484    grok.baseclass()
  • main/waeup.kofa/trunk/src/waeup/kofa/permissions.txt

    r12439 r12844  
    3939    >>> from waeup.kofa.permissions import get_waeup_roles
    4040    >>> len(list(get_waeup_roles()))
    41     24
     41    25
    4242
    4343    >>> len(list(get_waeup_roles(also_local=True)))
    44     45
     44    46
    4545
    4646
     
    6767     u'waeup.ImportManager',
    6868     u'waeup.PortalManager',
     69     u'waeup.ReportsManager',
    6970     u'waeup.Student',
    7071     u'waeup.StudentImpersonator',
  • main/waeup.kofa/trunk/src/waeup/kofa/reports.py

    r12583 r12844  
    139139    """
    140140
    141 class manageReportsPermission(grok.Permission):
    142     """A permission to manage reports.
     141class ManageReports(grok.Permission):
     142    """The ManageReports permission allows to view, add and remove reports.
    143143    """
    144144    grok.name('waeup.manageReports')
     145
     146class ReportsManager(grok.Role):
     147    """The ReportsManager has the permission to manage reports.
     148    """
     149    grok.name('waeup.ReportsManager')
     150    grok.title(u'Reports Manager')
     151    grok.permissions('waeup.manageReports')
    145152
    146153def get_generators():
Note: See TracChangeset for help on using the changeset viewer.