Changeset 12847 for main/waeup.kofa/trunk/src/waeup/kofa/applicants/permissions.py

Timestamp:

3 Apr 2015, 17:45:48 (9 years ago)

Author:

Henrik Bettermann

Message:

Update security documentation.

File:

• main/waeup.kofa/trunk/src/waeup/kofa/applicants/permissions.py (modified) (4 diffs)

main/waeup.kofa/trunk/src/waeup/kofa/applicants/permissions.py

@@ -24 +24 @@
 
 class HandleApplication(grok.Permission):
+    """The HandleApplication permission is reserved for applicants.
+    Applicants 'handle' their data. Officers 'manage' the data.
+    """
     grok.name('waeup.handleApplication')
 
 class ViewApplication(grok.Permission):
+    """The ViewApplication permission allows to view application records.
+    """
     grok.name('waeup.viewApplication')
 
@@ -36 +41 @@
 
 class ManageApplication(grok.Permission):
+    """The ManageApplication permission allows to edit the data. This
+    permission is reserved for officers and portal managers.
+    """
     grok.name('waeup.manageApplication')
 
 class ViewApplicationStatistics(grok.Permission):
+    """The ViewApplicationStatistics permission allows to perform statistical
+    evaluations. Only portal managers have this permission.
+    """
     grok.name('waeup.viewApplicationStatistics')
 
 class PayApplicant(grok.Permission):
+    """The PayApplicant permission allows to add an online payment ticket.
+    """
     grok.name('waeup.payApplicant')
 
 # Local role
+
 class ApplicationOwner(grok.Role):
+    """An applicant 'owns' her/his application record and
+    gains permissions to handle the record, upload a passport picture or
+    add payment tickets.
+    """
     grok.name('waeup.local.ApplicationOwner')
     grok.title(u'Application Owner')
-    grok.permissions('waeup.handleApplication', 'waeup.viewApplication',
+    grok.permissions('waeup.handleApplication',
+                     'waeup.viewApplication',
                      'waeup.payApplicant')
 
-# Site role
+# Site roles
 
 class ApplicantRole(grok.Role):
+    """This role is dedicated to applicants only. It defines the permissions
+    an applicant gains portal-wide.
+    """
     grok.name('waeup.Applicant')
     grok.permissions('waeup.viewAcademics', 'waeup.viewMyApplicationDataTab',
@@ -59 +81 @@
 
 class ApplicationsOfficer(grok.Role):
+    """The Applications Officer is allowed to view all application records.
+    """
     grok.name('waeup.ApplicationsOfficer')
     grok.title(u'Applications Officer (view only)')
@@ -64 +88 @@
 
 class ApplicationsManager(grok.Role):
+    """The Applications Officer is allowed to edit all application records.
+    The role allows also to add payment tickets.
+    """
     grok.name('waeup.ApplicationsManager')
     grok.title(u'Applications Manager')