Changeset 15968
- Timestamp:
- 30 Jan 2020, 22:47:56 (5 years ago)
- Location:
- main/waeup.kofa/trunk
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/CHANGES.txt
r15966 r15968 4 4 1.6.1.dev0 (unreleased) 5 5 ======================= 6 7 * Add `waeup.local.ReportsOfficer` role. 6 8 7 9 * Add `TrimmedDataExporter`. -
main/waeup.kofa/trunk/docs/source/userdocs/security.rst
r15277 r15968 331 331 :noindex: 332 332 333 .. autoclass:: waeup.kofa.permissions.LocalReportsOfficer() 334 :noindex: 335 333 336 .. autoclass:: waeup.kofa.permissions.UGClearanceOfficer() 334 337 :noindex: -
main/waeup.kofa/trunk/src/waeup/kofa/browser/reports.py
r14628 r15968 27 27 from waeup.kofa.interfaces import MessageFactory as _ 28 28 from waeup.kofa.browser.layout import KofaPage, jsaction 29 from waeup.kofa.utils.helpers import get_current_principal 29 from waeup.kofa.utils.helpers import get_current_principal, get_user_account 30 30 from waeup.kofa.reports import ( 31 31 IReportsContainer, IReportGenerator, get_generators) … … 142 142 label = _('Create report') 143 143 144 locally_allowed_reports = ( 145 'level_report', 'raw_score_report', 'session_results_presentation') 146 144 147 def update(self, START_GENERATOR=None, generator=None): 145 148 utils = queryUtility(IKofaUtils) … … 162 165 being a human readable description of the respective generator 163 166 and ``<NAME>`` being the registration name with the ZCA. 167 168 If `waeup.local.ReportsOfficer` role has been assigned at 169 department level, list only report generator which allow 170 to filter department data. 164 171 """ 165 result = [(gen.title, name) for name, gen in get_generators()] 172 try: 173 local_roles = get_user_account(self.request).getLocalRoles() 174 except AttributeError: # Managers have no user account 175 local_roles = {} 176 lror = local_roles.get('waeup.local.ReportsOfficer', None) 177 if lror: 178 result = [(gen.title, name) for name, gen in get_generators() 179 if name in self.locally_allowed_reports] 180 else: 181 result = [(gen.title, name) for name, gen in get_generators()] 166 182 sorted_result = sorted(result, key=lambda value:value[1]) 167 183 return sorted_result -
main/waeup.kofa/trunk/src/waeup/kofa/doctests/permissions.txt
r15606 r15968 42 42 43 43 >>> len(list(get_waeup_roles(also_local=True))) 44 5 344 54 45 45 46 46 -
main/waeup.kofa/trunk/src/waeup/kofa/permissions.py
r15964 r15968 287 287 'waeup.exportData') 288 288 289 class LocalReportsOfficer(grok.Role): 290 """The local ReportsOfficer role can be assigned at department level. 291 The role allows to view all data and to list or export 292 all student data within the department the local role is assigned. 293 294 The LocalReportsOfficer requires the assignment of the global 295 ReportsOfficer role to access the reports section. If set, it reduces 296 the number of available report generators and selectable certificates 297 Local Reports Officer can create only reports for their department. 298 """ 299 grok.name('waeup.local.ReportsOfficer') 300 grok.title(u'Student Reports Officer') 301 grok.permissions('waeup.showStudents', 302 'waeup.viewAcademics', 303 'waeup.exportData') 289 304 290 305 class UGClearanceOfficer(grok.Role): -
main/waeup.kofa/trunk/src/waeup/kofa/students/dynamicroles.py
r15163 r15968 43 43 # role to add in case this role was found 44 44 rolename_mapping = { 45 'waeup.local.ClearanceOfficer': 'waeup.StudentsClearanceOfficer',45 'waeup.local.ClearanceOfficer': 'waeup.StudentsClearanceOfficer', 46 46 'waeup.local.LocalStudentsManager': 'waeup.StudentsManager', 47 47 'waeup.local.LocalWorkflowManager': 'waeup.WorkflowManager', 48 48 'waeup.local.TranscriptOfficer': 'waeup.TranscriptOfficer', 49 49 'waeup.local.TranscriptSignee': 'waeup.TranscriptSignee', 50 'waeup.local.ReportsOfficer': 'waeup.ReportsOfficer', 50 51 } 51 52 -
main/waeup.kofa/trunk/src/waeup/kofa/students/reports/level_report.py
r14625 r15968 27 27 from waeup.kofa.interfaces import MessageFactory as _ 28 28 from waeup.kofa.reports import IReport 29 from waeup.kofa.utils.helpers import get_user_account 29 30 from waeup.kofa.browser.pdf import get_signature_tables 30 31 from waeup.kofa.students.vocabularies import StudyLevelSource … … 329 330 self._set_session_values() 330 331 self._set_level_values() 331 self._set_faccode_depcode_certcode_values() 332 try: 333 local_roles = get_user_account(self.request).getLocalRoles() 334 except AttributeError: # Managers have no user account 335 local_roles = {} 336 lror = local_roles.get('waeup.local.ReportsOfficer', None) 337 self._set_faccode_depcode_certcode_values(lror) 332 338 if not faccode_depcode_certcode: 333 339 self.flash(_('No certificate selected.'), type="warning") … … 384 390 return 385 391 386 def _set_faccode_depcode_certcode_values(self ):392 def _set_faccode_depcode_certcode_values(self, lror): 387 393 faccode_depcode_certcode = [] 388 394 faculties = grok.getSite()['faculties'] 389 for fac in faculties.values():390 for dep in fac.values():395 if lror: 396 for dep in lror: 391 397 faccode_depcode_certcode.append( 392 398 (' All certificates -- %s, %s)' 393 %(dep.longtitle, fac.longtitle),399 %(dep.longtitle, dep.__parent__.longtitle), 394 400 '%s_%s_all' 395 %( fac.code, dep.code)))401 %(dep.__parent__.code, dep.code))) 396 402 for cert in dep.certificates.values(): 397 403 faccode_depcode_certcode.append( 398 404 ('%s -- %s, %s)' 399 %(cert.longtitle, dep.longtitle, fac.longtitle),405 %(cert.longtitle, dep.longtitle, dep.__parent__.longtitle), 400 406 '%s_%s_%s' 401 %(fac.code, dep.code, cert.code))) 407 %(dep.__parent__.code, dep.code, cert.code))) 408 else: 409 for fac in faculties.values(): 410 for dep in fac.values(): 411 faccode_depcode_certcode.append( 412 (' All certificates -- %s, %s)' 413 %(dep.longtitle, fac.longtitle), 414 '%s_%s_all' 415 %(fac.code, dep.code))) 416 for cert in dep.certificates.values(): 417 faccode_depcode_certcode.append( 418 ('%s -- %s, %s)' 419 %(cert.longtitle, dep.longtitle, fac.longtitle), 420 '%s_%s_%s' 421 %(fac.code, dep.code, cert.code))) 402 422 self.faccode_depcode_certcode = sorted( 403 423 faccode_depcode_certcode, key=lambda value: value[0]) -
main/waeup.kofa/trunk/src/waeup/kofa/students/reports/tests/test_level_report.py
r14605 r15968 1 1 import os 2 2 from zc.async.testing import wait_for_result 3 from zope.event import notify 3 4 from zope.interface.verify import verifyClass, verifyObject 5 from zope.securitypolicy.interfaces import IPrincipalRoleManager 4 6 from zope.component import getUtility, createObject 5 7 from waeup.kofa.interfaces import IJobManager … … 9 11 from waeup.kofa.students.tests.test_browser import StudentsFullSetup 10 12 from waeup.kofa.testing import FunctionalLayer 13 from waeup.kofa.authentication import LocalRoleSetEvent 11 14 from waeup.kofa.tests.test_async import FunctionalAsyncTestCase 12 15 from waeup.kofa.browser.tests.test_pdf import samples_dir 16 from waeup.kofa.tests.test_authentication import SECRET 13 17 14 18 class LevelReportTests(CatalogTestSetup): … … 112 116 113 117 def trigger_report_creation(self): 114 self.browser.addHeader('Authorization', 'Basic mgr:mgrpw') 118 #self.browser.addHeader('Authorization', 'Basic mgr:mgrpw') 119 # Create reports officer 120 self.app['users'].addUser('mrreport', SECRET) 121 self.app['users']['mrreport'].email = 'mrreport@foo.ng' 122 self.app['users']['mrreport'].title = 'Carlo Pitter' 123 # Assign global reports officer role 124 prmglobal = IPrincipalRoleManager(self.app) 125 prmglobal.assignRoleToPrincipal('waeup.ReportsOfficer', 'mrreport') 126 # Assign local ReportsOfficer role which restricts the access to 127 # certain faculties. 128 self.department = self.app['faculties']['fac1']['dep1'] 129 prmlocal = IPrincipalRoleManager(self.department) 130 prmlocal.assignRoleToPrincipal( 131 'waeup.local.ReportsOfficer', 'mrreport') 132 notify(LocalRoleSetEvent( 133 self.department, 'waeup.local.ReportsOfficer', 'mrreport', 134 granted=True)) 135 # Login as reports officer 136 self.browser.open(self.login_path) 137 self.browser.getControl(name="form.login").value = 'mrreport' 138 self.browser.getControl(name="form.password").value = SECRET 139 self.browser.getControl("Login").click() 115 140 self.browser.open('http://localhost/app/reports') 116 141 self.assertEqual(self.browser.headers['Status'], '200 Ok') … … 148 173 logcontent = open(logfile).read() 149 174 self.assertTrue( 150 'INFO - zope.mgr- students.reports.level_report.LevelReportGeneratorPage - '175 'INFO - mrreport - students.reports.level_report.LevelReportGeneratorPage - ' 151 176 'report %s created: Level Report (faculty=fac1, department=dep1, ' 152 177 'certificate=CERT1, session=2010, level=100)' … … 154 179 ) 155 180 self.assertTrue( 156 'INFO - zope.mgr- students.reports.level_report.LevelReportPDFView - '181 'INFO - mrreport - students.reports.level_report.LevelReportPDFView - ' 157 182 'report %s downloaded: LevelReport_rno%s' 158 183 % (job_id, job_id) in logcontent 159 184 ) 160 185 self.assertTrue( 161 'INFO - zope.mgr- browser.reports.ReportsContainerPage - '186 'INFO - mrreport - browser.reports.ReportsContainerPage - ' 162 187 'report %s discarded' % job_id in logcontent 163 188 ) -
main/waeup.kofa/trunk/src/waeup/kofa/university/department.py
r14992 r15968 49 49 'waeup.local.UGClearanceOfficer', 50 50 'waeup.local.PGClearanceOfficer', 51 'waeup.local.ReportsOfficer', 51 52 'waeup.local.CourseAdviser100', 52 53 'waeup.local.CourseAdviser200',
Note: See TracChangeset for help on using the changeset viewer.