Changeset 12844 for main/waeup.kofa/trunk/src/waeup/kofa/permissions.py

Timestamp:

2 Apr 2015, 06:11:59 (10 years ago)

Author:

Henrik Bettermann

Message:

Add ReportsManager? role.

File:

• main/waeup.kofa/trunk/src/waeup/kofa/permissions.py (modified) (20 diffs)

main/waeup.kofa/trunk/src/waeup/kofa/permissions.py

@@ -23 +23 @@
 
 class Public(grok.Permission):
-    """The everyone-can-do-this-permission is being applied to views/pages
-    that are used by everyone.
+    """The Public or everyone-can-do-this-permission is being applied
+    to views/pages that are used by everyone.
     """
     grok.name('waeup.Public')
@@ -30 +30 @@
 class Anonymous(grok.Permission):
     """The Anonymous permission is applied to
-    views/pages which are dedicated to anonymous users only. Logged-in users
-    can't access these views.
+    views/pages which are dedicated to anonymous users only.
+    Logged-in users can't access these views.
     """
     grok.name('waeup.Anonymous')
@@ -49 +49 @@
 
 class ManageAcademics(grok.Permission):
-    """The ManageAcademics permission is applied to all edit
+    """The ManageAcademics permission is applied to all edit/manage
     pages in the Academic Section. Users who have this permission
     can change/edit context objects.
@@ -57 +57 @@
 class ManagePortal(grok.Permission):
     """The ManagePortal permission is used for very few pages
-    (e.g. the DatacenterSettings page) and is dedicated to portal managers.
-    It is furthermore used to control delete methods of container
+    (e.g. the DatacenterSettings page). Only PortalManagers have this 
+    permission. It is furthermore used to control delete methods of container
     pages in the Academic Section. The ManageAcademics permission,
     described above, does enable users to edit content but not to
@@ -72 +72 @@
     user accounts. Editing a user account includes the option to assign
     or remove roles. That means that a user with this permission can lock out
-    other users by either removing their account or by removing all
-    permsissions. Only the system administrator will be able to revert this.
+    other users by either removing their account or by removing 
+    permissions.
     """
     grok.name('waeup.manageUsers')
@@ -83 +83 @@
     export the data as csv files.
 
-    Bursary or Department Officers don't have the general ExportData
+    Bursary or Department Officers don't have the ExportData
     permission (see Roles section) and are only allowed to export bursary
     or payments overview data respectively.
@@ -91 +91 @@
 class ClearAllStudents(grok.Permission):
     """The ClearAllStudents permission allows to clear all students
-    in a department.
+    in a department at one sweep.
     """
     grok.name('waeup.clearAllStudents')
@@ -114 +114 @@
 class ManageDataCenter(grok.Permission):
     """The ManageDataCenter permission allows to access all pages
-    in the data center. It does not automatically allow to process data.
+    in the Data Center and to upload files. It does not automatically
+    allow to process uploaded data.
     """
     grok.name('waeup.manageDataCenter')
@@ -120 +121 @@
 class ImportData(grok.Permission):
     """The ImportData permission allows to batch process (import) any kind of 
-    portal data except for user data. This processor requires the ManageUsers
-    permission too.
+    portal data except for user data. This User Data processor
+    requires also the ManageUsers permission.
     """
     grok.name('waeup.importData')
 
 class ExportData(grok.Permission):
-    """The ExportData permission allows to export any kind of portal
-    data.
+    """The ExportData permission allows to export any kind of portal data.
     """
     grok.name('waeup.exportData')
@@ -340 +340 @@
 # Site Roles
 class AcademicsOfficer(grok.Role):
-    """An Academics Officer can  can view but not edit data in the
+    """An Academics Officer can view but not edit data in the
     Academics Section. 
 
@@ -353 +353 @@
 class AcademicsManager(grok.Role):
     """An Academics Manager can view and edit all data in the
-    Academics section. A user with this role can access all manage pages
+    Academics Section, i.e. access all manage pages
     at faculty, department, course, certificate and certificate course level.
     """
@@ -364 +364 @@
 class ACManager(grok.Role):
     """This is the role for Access Code Managers.
-    An ACManager can view and manage the Accesscodes Section.
+    An ACManager can view and manage the Accesscodes Section, see
+    ManageACBatches permission above.
     """
     grok.name('waeup.ACManager')
@@ -373 +374 @@
     """This single-permission role is dedicated to those users
     who are charged with batch processing of portal data.
-    A DataCenterManager manager can access all pages in the Data Center
-    (see ManageDataCenter permission above).
+    A DataCenterManager manager can access all pages in the Data Center,
+    see ManageDataCenter permission above.
     """
     grok.name('waeup.DataCenterManager')
@@ -385 +386 @@
     available except for the User Processor. This processor requires the
     UsersManager role too. The ImportManager role includes the
-    DataCenterManager role.
+    DataCenterManager role but not vice versa.
     """
     grok.name('waeup.ImportManager')
@@ -395 +396 @@
     """An ExportManager is a DataCenterManager who is also allowed
     to export all kind of portal data. The ExportManager role includes the
-    DataCenterManager role.
+    DataCenterManager role but not vice versa.
     """
     grok.name('waeup.ExportManager')
@@ -404 +405 @@
 class BursaryOfficer(grok.Role):
     """BursaryOfficers can export bursary data. They can't access the
-    Data Center but see export buttons in the Academic Section.
+    Data Center but see student data export buttons in the Academic Section.
     """
     grok.name('waeup.BursaryOfficer')
@@ -413 +414 @@
 
 class UsersManager(grok.Role):
-    """See ManageUsers permission.
+    """A UsersManager can add, remove or edit
+    user accounts, see ManageUsers permission for further information.
+    Be very careful with this role.
     """
     grok.name('waeup.UsersManager')
@@ -421 +424 @@
 
 class WorkflowManager(grok.Role):
-    """See TriggerTransition permission.
+    """The WorkflowManager can trigger workflow transitions
+    of student and document objects, see TriggerTransition permission
+    for further information.
     """
     grok.name('waeup.WorkflowManager')
@@ -430 +435 @@
     """The portal manager role is the maximum set of Kofa permissions
     which are needed to manage the entire portal. This set must not
-    be changed or customized. It is recommended to assign this role only
-    to only a few portal administrators. A less dangerous manager role is the
-    CCOfficer role described below. For the most tasks the CCOfficer role
-    is sufficient.
+    be customized. It is recommended to assign this role only
+    to a few certified Kofa administrators.
+    A less dangerous manager role is the CCOfficer role described below.
+    For the most tasks the CCOfficer role is sufficient.
     """
     grok.name('waeup.PortalManager')
@@ -474 +479 @@
     or StudentImpersonator.
 
-    CCOfficer is a base class which means that this role is meant
-    for customization. It is not used in the `waeup.kofa` base package.
+    CCOfficer is a base class which means that this role is subject to
+    customization. It is not used in the ``waeup.kofa`` base package.
     """
     grok.baseclass()