Changeset 12900
- Timestamp:
- 3 May 2015, 06:49:12 (10 years ago)
- Location:
- main/waeup.kofa/trunk
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/CHANGES.txt
r12897 r12900 18 18 in accordance with other exporter names. 19 19 20 * Add `ReportsManager` role. 20 * Add `ReportsOfficer` and `ReportsManager` roles with corresponding 21 permissions. 21 22 22 23 * Do not automatically allow import managers to import user data. -
main/waeup.kofa/trunk/docs/source/userdocs/security.rst
r12863 r12900 79 79 :noindex: 80 80 81 .. autoclass:: waeup.kofa.reports.HandleReports() 82 :noindex: 83 81 84 .. autoclass:: waeup.kofa.reports.ManageReports() 82 85 :noindex: … … 175 178 176 179 .. autoclass:: waeup.kofa.permissions.WorkflowManager() 180 :noindex: 181 182 .. autoclass:: waeup.kofa.reports.ReportsOfficer() 177 183 :noindex: 178 184 -
main/waeup.kofa/trunk/src/waeup/kofa/browser/reports.py
r12603 r12900 21 21 from zope.component import getUtility, queryUtility 22 22 from zope.location.location import located 23 from zope.security import checkPermission 23 24 from waeup.kofa.interfaces import IJobManager, IKofaUtils 24 25 from waeup.kofa.interfaces import MessageFactory as _ 25 26 from waeup.kofa.browser.layout import KofaPage 26 from waeup.kofa.reports import IReportsContainer, IReportGenerator 27 from waeup.kofa.reports import get_generators 27 from waeup.kofa.utils.helpers import get_current_principal 28 from waeup.kofa.reports import ( 29 IReportsContainer, IReportGenerator, get_generators) 28 30 29 31 … … 36 38 grok.name('index') 37 39 grok.context(IReportsContainer) 38 grok.require('waeup. manageReports')40 grok.require('waeup.handleReports') 39 41 label = _('Reports') 40 42 … … 54 56 grok.getSite().logger.info( 55 57 '%s - report %s discarded' % (ob_class, job_id)) 56 self.entries = self._generate_entries(user_id=None) 58 if not checkPermission('waeup.manageReports', self.context): 59 user = get_current_principal() 60 self.entries = self._generate_entries(user_id=user.id) 61 else: 62 self.entries = self._generate_entries(user_id=None) 57 63 if job_id and DOWNLOAD: 58 64 self.redirect(self._report_url(job_id)) … … 114 120 grok.name('create') 115 121 grok.context(IReportsContainer) 116 grok.require('waeup. manageReports')122 grok.require('waeup.handleReports') 117 123 label = _('Create report') 118 124 -
main/waeup.kofa/trunk/src/waeup/kofa/browser/tests/test_permissions.py
r8920 r12900 26 26 import shutil 27 27 import tempfile 28 from zc.async.testing import wait_for_result 28 29 from zope.app.testing.functional import HTTPCaller as http 29 from zope.component import createObject 30 from zope.securitypolicy.interfaces import IPrincipalRoleManager 31 from zope.component import createObject, getUtility 30 32 from zope.component.hooks import setSite, clearSite 31 33 from zope.security.interfaces import Unauthorized 32 34 from zope.testbrowser.testing import Browser 35 from waeup.kofa.interfaces import IJobManager 33 36 from waeup.kofa.app import University 34 37 from waeup.kofa.testing import ( 35 38 FunctionalLayer, FunctionalTestCase, get_all_loggers, remove_new_loggers, 36 39 remove_logger) 40 from waeup.kofa.tests.test_async import FunctionalAsyncTestCase 41 42 37 43 38 44 manager_pages = [ … … 63 69 ] 64 70 65 class PermissionTest(Functional TestCase):71 class PermissionTest(FunctionalAsyncTestCase, FunctionalTestCase): 66 72 """Here we try to request all pages and check, whether they are 67 73 accessible. … … 92 98 dept.certificates.addCertificate(cert) 93 99 cert.addCertCourse(course) 100 self.app = app 94 101 95 102 self.browser = Browser() … … 110 117 except Unauthorized: 111 118 return False 119 return 120 121 def wait_for_report_job_completed(self, number): 122 # helper function waiting until the current export job is completed 123 manager = getUtility(IJobManager) 124 job_id = self.app['reports'].running_report_jobs[number][0] 125 job = manager.get(job_id) 126 wait_for_result(job) 127 return job_id 128 129 def stored_in_reports(self, job_id): 130 # tell whether job_id is stored in reports's running jobs list 131 for entry in list(self.app['reports'].running_report_jobs): 132 if entry[0] == job_id: 133 return True 134 return False 135 136 def trigger_report_creation(self, session): 137 self.browser.open('http://localhost/app/reports') 138 self.assertEqual(self.browser.headers['Status'], '200 Ok') 139 self.browser.getLink("Create new report").click() 140 self.browser.getControl(name="generator").value = ['student_stats'] 141 self.browser.getControl("Configure").click() 142 self.browser.getControl(name="breakdown").value = ['depcode'] 143 self.browser.getControl(name="mode").value = ['All'] 144 self.browser.getControl(name="session").value = [session] 145 self.browser.getControl("Create").click() 112 146 return 113 147 … … 122 156 self.fail('Path %s cannot be accessed by anonymous.' % path) 123 157 return 158 159 def testReportsPermissions(self): 160 # Create reports officer 161 self.app['users'].addUser('mrofficer', 'mrofficer') 162 self.app['users']['mrofficer'].email = 'mrofficer@foo.ng' 163 self.app['users']['mrofficer'].title = 'Otto Report' 164 prmglobal = IPrincipalRoleManager(self.app) 165 prmglobal.assignRoleToPrincipal('waeup.ReportsOfficer', 'mrofficer') 166 # Create reports manager 167 self.app['users'].addUser('mrmanager', 'mrmanager') 168 self.app['users']['mrmanager'].email = 'mrmanager@foo.ng' 169 self.app['users']['mrmanager'].title = 'Manfred Report' 170 prmglobal.assignRoleToPrincipal('waeup.ReportsManager', 'mrmanager') 171 # The reports officer creates a report which the reports manager 172 # can see. 173 self.browser.open('http://localhost/app/login') 174 self.browser.getControl(name="form.login").value = 'mrofficer' 175 self.browser.getControl(name="form.password").value = 'mrofficer' 176 self.browser.getControl("Login").click() 177 self.trigger_report_creation('2004') 178 job_id = self.wait_for_report_job_completed(0) 179 self.browser.open('http://localhost/app/reports') 180 self.assertTrue( 181 'Student Statistics (depcode, 2004, All, 0)' 182 in self.browser.contents) 183 self.browser.open('http://localhost/app/logout') 184 # The reports manager creates a report which the reports officer 185 # can't see. 186 self.browser.open('http://localhost/app/login') 187 self.browser.getControl(name="form.login").value = 'mrmanager' 188 self.browser.getControl(name="form.password").value = 'mrmanager' 189 self.browser.getControl("Login").click() 190 self.trigger_report_creation('2005') 191 job_id = self.wait_for_report_job_completed(1) 192 self.browser.open('http://localhost/app/reports') 193 # Manager can see both reports. 194 self.assertTrue( 195 'Student Statistics (depcode, 2004, All, 0)' 196 in self.browser.contents) 197 self.assertTrue( 198 'Student Statistics (depcode, 2005, All, 0)' 199 in self.browser.contents) 200 self.browser.open('http://localhost/app/logout') 201 self.browser.open('http://localhost/app/login') 202 self.browser.getControl(name="form.login").value = 'mrofficer' 203 self.browser.getControl(name="form.password").value = 'mrofficer' 204 self.browser.getControl("Login").click() 205 self.browser.open('http://localhost/app/reports') 206 # Officer can only see his report. 207 self.assertTrue( 208 'Student Statistics (depcode, 2004, All, 0)' 209 in self.browser.contents) 210 self.assertFalse( 211 'Student Statistics (depcode, 2005, All, 0)' 212 in self.browser.contents) 213 return -
main/waeup.kofa/trunk/src/waeup/kofa/browser/viewlets.py
r12632 r12900 344 344 """ 345 345 grok.order(4) 346 grok.require('waeup. manageReports')346 grok.require('waeup.handleReports') 347 347 348 348 link = u'reports' -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.py
r12862 r12900 502 502 'waeup.editUser', 503 503 'waeup.loginAsStudent', 504 'waeup.handleReports', 504 505 'waeup.manageReports', 505 506 'waeup.manageJobs', … … 545 546 #'waeup.editUser', 546 547 #'waeup.loginAsStudent', 548 'waeup.handleReports', 547 549 'waeup.manageReports', 548 550 #'waeup.manageJobs', -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.txt
r12844 r12900 39 39 >>> from waeup.kofa.permissions import get_waeup_roles 40 40 >>> len(list(get_waeup_roles())) 41 2 541 26 42 42 43 43 >>> len(list(get_waeup_roles(also_local=True))) 44 4 644 47 45 45 46 46 … … 68 68 u'waeup.PortalManager', 69 69 u'waeup.ReportsManager', 70 u'waeup.ReportsOfficer', 70 71 u'waeup.Student', 71 72 u'waeup.StudentImpersonator', -
main/waeup.kofa/trunk/src/waeup/kofa/reports.py
r12844 r12900 139 139 """ 140 140 141 class HandleReports(grok.Permission): 142 """The HandleReports permission allows to add any kind of report 143 and to view and remove own reports, i.e. reports which were created by 144 the logged-in user. 145 """ 146 grok.name('waeup.handleReports') 147 141 148 class ManageReports(grok.Permission): 142 """The ManageReports permission allows to view, add and remove reports. 149 """The ManageReports permission allows to view, add and remove also 150 the reports of other users. It requires the permission to handle reports. 143 151 """ 144 152 grok.name('waeup.manageReports') 145 153 154 class ReportsOfficer(grok.Role): 155 """The Reports Officer has the permission to to view, add and remove 156 **own** reports. 157 """ 158 grok.name('waeup.ReportsOfficer') 159 grok.title(u'Reports Officer') 160 grok.permissions('waeup.handleReports') 161 146 162 class ReportsManager(grok.Role): 147 """The ReportsManager has the permission to manage reports. 163 """The Reports Manager has the permission to to view, add and remove 164 **all** reports. 148 165 """ 149 166 grok.name('waeup.ReportsManager') 150 167 grok.title(u'Reports Manager') 151 grok.permissions('waeup. manageReports')168 grok.permissions('waeup.handleReports', 'waeup.manageReports') 152 169 153 170 def get_generators(): -
main/waeup.kofa/trunk/src/waeup/kofa/students/reports/level_report.py
r12898 r12900 225 225 grok.context(LevelReportGenerator) 226 226 grok.name('index.html') 227 grok.require('waeup. manageReports')227 grok.require('waeup.handleReports') 228 228 229 229 label = _('Create level report') -
main/waeup.kofa/trunk/src/waeup/kofa/students/reports/student_statistics.py
r12897 r12900 215 215 grok.context(StudentStatisticsReportGenerator) 216 216 grok.name('index.html') 217 grok.require('waeup. manageReports')217 grok.require('waeup.handleReports') 218 218 219 219 label = _('Create student statistics report')
Note: See TracChangeset for help on using the changeset viewer.