Changeset 12844 for main/waeup.kofa/trunk
- Timestamp:
- 2 Apr 2015, 06:11:59 (10 years ago)
- Location:
- main/waeup.kofa/trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/CHANGES.txt
r12810 r12844 4 4 1.3.2.dev0 (unreleased) 5 5 ======================= 6 7 * Add ReportsManager role. 8 9 * Do not automatically allow ImportManagers to import user data. 6 10 7 11 * Skip empty rows produced by spreadsheet software. -
main/waeup.kofa/trunk/docs/source/userdocs/security.rst
r12843 r12844 60 60 :noindex: 61 61 62 .. autoclass:: waeup.kofa.reports.ManageReports() 63 :noindex: 64 62 65 Application Section Permissions 63 66 ------------------------------- … … 127 130 Many global roles do only bundle one or two permissions. The objective behind is to share responsibilities and distribute tasks. 128 131 129 The highly specialized roles are: 132 Global General Roles 133 -------------------- 130 134 131 135 .. autoclass:: waeup.kofa.permissions.AcademicsOfficer() … … 153 157 :noindex: 154 158 159 .. autoclass:: waeup.kofa.reports.ReportsManager() 160 :noindex: 161 155 162 In contrast to these specialized sets of permissions, there are two sets which delegate extensive powers on portal managers. 156 163 157 .. autoclass:: waeup.kofa.permissions.PortalManager 164 .. autoclass:: waeup.kofa.permissions.PortalManager() 158 165 :noindex: 159 166 160 167 .. autoclass:: waeup.kofa.permissions.CCOfficer() 168 :noindex: 169 170 Global Application Section Roles 171 -------------------------------- 172 173 .. autoclass:: waeup.kofa.applicants.permissions.ApplicantRole() 174 :noindex: 175 176 .. autoclass:: waeup.kofa.applicants.permissions.ApplicationsOfficer() 177 :noindex: 178 179 .. autoclass:: waeup.kofa.applicants.permissions.ApplicationsManager() 180 :noindex: 181 182 Global Student Section Roles 183 ---------------------------- 184 185 .. autoclass:: waeup.kofa.students.permissions.StudentRole() 186 :noindex: 187 188 .. autoclass:: waeup.kofa.students.permissions.StudentsOfficer() 189 :noindex: 190 191 .. autoclass:: waeup.kofa.students.permissions.StudentsManager() 192 :noindex: 193 194 .. autoclass:: waeup.kofa.students.permissions.StudentsClearanceOfficer() 195 :noindex: 196 197 .. autoclass:: waeup.kofa.students.permissions.StudentsCourseAdviser() 198 :noindex: 199 200 .. autoclass:: waeup.kofa.students.permissions.StudentImpersonator() 161 201 :noindex: 162 202 -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.py
r12843 r12844 23 23 24 24 class Public(grok.Permission): 25 """The everyone-can-do-this-permission is being applied to views/pages26 t hat are used by everyone.25 """The Public or everyone-can-do-this-permission is being applied 26 to views/pages that are used by everyone. 27 27 """ 28 28 grok.name('waeup.Public') … … 30 30 class Anonymous(grok.Permission): 31 31 """The Anonymous permission is applied to 32 views/pages which are dedicated to anonymous users only. Logged-in users33 can't access these views.32 views/pages which are dedicated to anonymous users only. 33 Logged-in users can't access these views. 34 34 """ 35 35 grok.name('waeup.Anonymous') … … 49 49 50 50 class ManageAcademics(grok.Permission): 51 """The ManageAcademics permission is applied to all edit 51 """The ManageAcademics permission is applied to all edit/manage 52 52 pages in the Academic Section. Users who have this permission 53 53 can change/edit context objects. … … 57 57 class ManagePortal(grok.Permission): 58 58 """The ManagePortal permission is used for very few pages 59 (e.g. the DatacenterSettings page) and is dedicated to portal managers.60 It is furthermore used to control delete methods of container59 (e.g. the DatacenterSettings page). Only PortalManagers have this 60 permission. It is furthermore used to control delete methods of container 61 61 pages in the Academic Section. The ManageAcademics permission, 62 62 described above, does enable users to edit content but not to … … 72 72 user accounts. Editing a user account includes the option to assign 73 73 or remove roles. That means that a user with this permission can lock out 74 other users by either removing their account or by removing all75 perm sissions. Only the system administrator will be able to revert this.74 other users by either removing their account or by removing 75 permissions. 76 76 """ 77 77 grok.name('waeup.manageUsers') … … 83 83 export the data as csv files. 84 84 85 Bursary or Department Officers don't have the generalExportData85 Bursary or Department Officers don't have the ExportData 86 86 permission (see Roles section) and are only allowed to export bursary 87 87 or payments overview data respectively. … … 91 91 class ClearAllStudents(grok.Permission): 92 92 """The ClearAllStudents permission allows to clear all students 93 in a department .93 in a department at one sweep. 94 94 """ 95 95 grok.name('waeup.clearAllStudents') … … 114 114 class ManageDataCenter(grok.Permission): 115 115 """The ManageDataCenter permission allows to access all pages 116 in the data center. It does not automatically allow to process data. 116 in the Data Center and to upload files. It does not automatically 117 allow to process uploaded data. 117 118 """ 118 119 grok.name('waeup.manageDataCenter') … … 120 121 class ImportData(grok.Permission): 121 122 """The ImportData permission allows to batch process (import) any kind of 122 portal data except for user data. This processor requires the ManageUsers123 permission too.123 portal data except for user data. This User Data processor 124 requires also the ManageUsers permission. 124 125 """ 125 126 grok.name('waeup.importData') 126 127 127 128 class ExportData(grok.Permission): 128 """The ExportData permission allows to export any kind of portal 129 data. 129 """The ExportData permission allows to export any kind of portal data. 130 130 """ 131 131 grok.name('waeup.exportData') … … 340 340 # Site Roles 341 341 class AcademicsOfficer(grok.Role): 342 """An Academics Officer can canview but not edit data in the342 """An Academics Officer can view but not edit data in the 343 343 Academics Section. 344 344 … … 353 353 class AcademicsManager(grok.Role): 354 354 """An Academics Manager can view and edit all data in the 355 Academics section. A user with this role canaccess all manage pages355 Academics Section, i.e. access all manage pages 356 356 at faculty, department, course, certificate and certificate course level. 357 357 """ … … 364 364 class ACManager(grok.Role): 365 365 """This is the role for Access Code Managers. 366 An ACManager can view and manage the Accesscodes Section. 366 An ACManager can view and manage the Accesscodes Section, see 367 ManageACBatches permission above. 367 368 """ 368 369 grok.name('waeup.ACManager') … … 373 374 """This single-permission role is dedicated to those users 374 375 who are charged with batch processing of portal data. 375 A DataCenterManager manager can access all pages in the Data Center 376 (see ManageDataCenter permission above).376 A DataCenterManager manager can access all pages in the Data Center, 377 see ManageDataCenter permission above. 377 378 """ 378 379 grok.name('waeup.DataCenterManager') … … 385 386 available except for the User Processor. This processor requires the 386 387 UsersManager role too. The ImportManager role includes the 387 DataCenterManager role .388 DataCenterManager role but not vice versa. 388 389 """ 389 390 grok.name('waeup.ImportManager') … … 395 396 """An ExportManager is a DataCenterManager who is also allowed 396 397 to export all kind of portal data. The ExportManager role includes the 397 DataCenterManager role .398 DataCenterManager role but not vice versa. 398 399 """ 399 400 grok.name('waeup.ExportManager') … … 404 405 class BursaryOfficer(grok.Role): 405 406 """BursaryOfficers can export bursary data. They can't access the 406 Data Center but see export buttons in the Academic Section.407 Data Center but see student data export buttons in the Academic Section. 407 408 """ 408 409 grok.name('waeup.BursaryOfficer') … … 413 414 414 415 class UsersManager(grok.Role): 415 """See ManageUsers permission. 416 """A UsersManager can add, remove or edit 417 user accounts, see ManageUsers permission for further information. 418 Be very careful with this role. 416 419 """ 417 420 grok.name('waeup.UsersManager') … … 421 424 422 425 class WorkflowManager(grok.Role): 423 """See TriggerTransition permission. 426 """The WorkflowManager can trigger workflow transitions 427 of student and document objects, see TriggerTransition permission 428 for further information. 424 429 """ 425 430 grok.name('waeup.WorkflowManager') … … 430 435 """The portal manager role is the maximum set of Kofa permissions 431 436 which are needed to manage the entire portal. This set must not 432 be c hanged or customized. It is recommended to assign this role only433 to only a few portal administrators. A less dangerous manager role is the434 CCOfficer role described below. For the most tasks the CCOfficer role435 is sufficient.437 be customized. It is recommended to assign this role only 438 to a few certified Kofa administrators. 439 A less dangerous manager role is the CCOfficer role described below. 440 For the most tasks the CCOfficer role is sufficient. 436 441 """ 437 442 grok.name('waeup.PortalManager') … … 474 479 or StudentImpersonator. 475 480 476 CCOfficer is a base class which means that this role is meant477 for customization. It is not used in the `waeup.kofa` base package.481 CCOfficer is a base class which means that this role is subject to 482 customization. It is not used in the ``waeup.kofa`` base package. 478 483 """ 479 484 grok.baseclass() -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.txt
r12439 r12844 39 39 >>> from waeup.kofa.permissions import get_waeup_roles 40 40 >>> len(list(get_waeup_roles())) 41 2 441 25 42 42 43 43 >>> len(list(get_waeup_roles(also_local=True))) 44 4 544 46 45 45 46 46 … … 67 67 u'waeup.ImportManager', 68 68 u'waeup.PortalManager', 69 u'waeup.ReportsManager', 69 70 u'waeup.Student', 70 71 u'waeup.StudentImpersonator', -
main/waeup.kofa/trunk/src/waeup/kofa/reports.py
r12583 r12844 139 139 """ 140 140 141 class manageReportsPermission(grok.Permission):142 """ A permission to manage reports.141 class ManageReports(grok.Permission): 142 """The ManageReports permission allows to view, add and remove reports. 143 143 """ 144 144 grok.name('waeup.manageReports') 145 146 class ReportsManager(grok.Role): 147 """The ReportsManager has the permission to manage reports. 148 """ 149 grok.name('waeup.ReportsManager') 150 grok.title(u'Reports Manager') 151 grok.permissions('waeup.manageReports') 145 152 146 153 def get_generators():
Note: See TracChangeset for help on using the changeset viewer.