Ignore:
Timestamp:
30 Jan 2020, 22:47:56 (5 years ago)
Author:
Henrik Bettermann
Message:

Add waeup.local.ReportsOfficer role.

Location:
main/waeup.kofa/trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/CHANGES.txt

    r15966 r15968  
    441.6.1.dev0 (unreleased)
    55=======================
     6
     7* Add `waeup.local.ReportsOfficer` role.
    68
    79* Add `TrimmedDataExporter`.
  • main/waeup.kofa/trunk/docs/source/userdocs/security.rst

    r15277 r15968  
    331331   :noindex:
    332332
     333.. autoclass:: waeup.kofa.permissions.LocalReportsOfficer()
     334   :noindex:
     335
    333336.. autoclass:: waeup.kofa.permissions.UGClearanceOfficer()
    334337   :noindex:
  • main/waeup.kofa/trunk/src/waeup/kofa/browser/reports.py

    r14628 r15968  
    2727from waeup.kofa.interfaces import MessageFactory as _
    2828from waeup.kofa.browser.layout import KofaPage, jsaction
    29 from waeup.kofa.utils.helpers import get_current_principal
     29from waeup.kofa.utils.helpers import get_current_principal, get_user_account
    3030from waeup.kofa.reports import (
    3131    IReportsContainer, IReportGenerator, get_generators)
     
    142142    label = _('Create report')
    143143
     144    locally_allowed_reports = (
     145        'level_report', 'raw_score_report', 'session_results_presentation')
     146
    144147    def update(self, START_GENERATOR=None, generator=None):
    145148        utils = queryUtility(IKofaUtils)
     
    162165        being a human readable description of the respective generator
    163166        and ``<NAME>`` being the registration name with the ZCA.
     167
     168        If `waeup.local.ReportsOfficer` role has been assigned at
     169        department level, list only report generator which allow
     170        to filter department data.
    164171        """
    165         result = [(gen.title, name) for name, gen in get_generators()]
     172        try:
     173            local_roles = get_user_account(self.request).getLocalRoles()
     174        except AttributeError:  # Managers have no user account
     175            local_roles = {}
     176        lror = local_roles.get('waeup.local.ReportsOfficer', None)
     177        if lror:
     178            result = [(gen.title, name) for name, gen in get_generators()
     179                                        if name in self.locally_allowed_reports]
     180        else:
     181            result = [(gen.title, name) for name, gen in get_generators()]
    166182        sorted_result = sorted(result, key=lambda value:value[1])
    167183        return sorted_result
  • main/waeup.kofa/trunk/src/waeup/kofa/doctests/permissions.txt

    r15606 r15968  
    4242
    4343    >>> len(list(get_waeup_roles(also_local=True)))
    44     53
     44    54
    4545
    4646
  • main/waeup.kofa/trunk/src/waeup/kofa/permissions.py

    r15964 r15968  
    287287                     'waeup.exportData')
    288288
     289class LocalReportsOfficer(grok.Role):
     290    """The local ReportsOfficer role can be assigned at department level.
     291    The role allows to view all data and to list or export
     292    all student data within the department the local role is assigned.
     293
     294    The LocalReportsOfficer requires the assignment of the global
     295    ReportsOfficer role to access the reports section. If set, it reduces
     296    the number of available report generators and selectable certificates
     297    Local Reports Officer can create only reports for their department.
     298    """
     299    grok.name('waeup.local.ReportsOfficer')
     300    grok.title(u'Student Reports Officer')
     301    grok.permissions('waeup.showStudents',
     302                     'waeup.viewAcademics',
     303                     'waeup.exportData')
    289304
    290305class UGClearanceOfficer(grok.Role):
  • main/waeup.kofa/trunk/src/waeup/kofa/students/dynamicroles.py

    r15163 r15968  
    4343    # role to add in case this role was found
    4444    rolename_mapping = {
    45         'waeup.local.ClearanceOfficer':'waeup.StudentsClearanceOfficer',
     45        'waeup.local.ClearanceOfficer': 'waeup.StudentsClearanceOfficer',
    4646        'waeup.local.LocalStudentsManager': 'waeup.StudentsManager',
    4747        'waeup.local.LocalWorkflowManager': 'waeup.WorkflowManager',
    4848        'waeup.local.TranscriptOfficer': 'waeup.TranscriptOfficer',
    4949        'waeup.local.TranscriptSignee': 'waeup.TranscriptSignee',
     50        'waeup.local.ReportsOfficer': 'waeup.ReportsOfficer',
    5051        }
    5152
  • main/waeup.kofa/trunk/src/waeup/kofa/students/reports/level_report.py

    r14625 r15968  
    2727from waeup.kofa.interfaces import MessageFactory as _
    2828from waeup.kofa.reports import IReport
     29from waeup.kofa.utils.helpers import get_user_account
    2930from waeup.kofa.browser.pdf import get_signature_tables
    3031from waeup.kofa.students.vocabularies import StudyLevelSource
     
    329330        self._set_session_values()
    330331        self._set_level_values()
    331         self._set_faccode_depcode_certcode_values()
     332        try:
     333            local_roles = get_user_account(self.request).getLocalRoles()
     334        except AttributeError:  # Managers have no user account
     335            local_roles = {}
     336        lror = local_roles.get('waeup.local.ReportsOfficer', None)
     337        self._set_faccode_depcode_certcode_values(lror)
    332338        if not faccode_depcode_certcode:
    333339            self.flash(_('No certificate selected.'), type="warning")
     
    384390        return
    385391
    386     def _set_faccode_depcode_certcode_values(self):
     392    def _set_faccode_depcode_certcode_values(self, lror):
    387393        faccode_depcode_certcode = []
    388394        faculties = grok.getSite()['faculties']
    389         for fac in faculties.values():
    390             for dep in fac.values():
     395        if lror:
     396           for dep in lror:
    391397                faccode_depcode_certcode.append(
    392398                    (' All certificates -- %s, %s)'
    393                      %(dep.longtitle, fac.longtitle),
     399                     %(dep.longtitle, dep.__parent__.longtitle),
    394400                     '%s_%s_all'
    395                      %(fac.code, dep.code)))
     401                     %(dep.__parent__.code, dep.code)))
    396402                for cert in dep.certificates.values():
    397403                    faccode_depcode_certcode.append(
    398404                        ('%s -- %s, %s)'
    399                          %(cert.longtitle, dep.longtitle, fac.longtitle),
     405                         %(cert.longtitle, dep.longtitle, dep.__parent__.longtitle),
    400406                         '%s_%s_%s'
    401                          %(fac.code, dep.code, cert.code)))
     407                         %(dep.__parent__.code, dep.code, cert.code)))
     408        else:
     409            for fac in faculties.values():
     410                for dep in fac.values():
     411                    faccode_depcode_certcode.append(
     412                        (' All certificates -- %s, %s)'
     413                         %(dep.longtitle, fac.longtitle),
     414                         '%s_%s_all'
     415                         %(fac.code, dep.code)))
     416                    for cert in dep.certificates.values():
     417                        faccode_depcode_certcode.append(
     418                            ('%s -- %s, %s)'
     419                             %(cert.longtitle, dep.longtitle, fac.longtitle),
     420                             '%s_%s_%s'
     421                             %(fac.code, dep.code, cert.code)))
    402422        self.faccode_depcode_certcode = sorted(
    403423            faccode_depcode_certcode, key=lambda value: value[0])
  • main/waeup.kofa/trunk/src/waeup/kofa/students/reports/tests/test_level_report.py

    r14605 r15968  
    11import os
    22from zc.async.testing import wait_for_result
     3from zope.event import notify
    34from zope.interface.verify import verifyClass, verifyObject
     5from zope.securitypolicy.interfaces import IPrincipalRoleManager
    46from zope.component import getUtility, createObject
    57from waeup.kofa.interfaces import IJobManager
     
    911from waeup.kofa.students.tests.test_browser import StudentsFullSetup
    1012from waeup.kofa.testing import FunctionalLayer
     13from waeup.kofa.authentication import LocalRoleSetEvent
    1114from waeup.kofa.tests.test_async import FunctionalAsyncTestCase
    1215from waeup.kofa.browser.tests.test_pdf import samples_dir
     16from waeup.kofa.tests.test_authentication import SECRET
    1317
    1418class LevelReportTests(CatalogTestSetup):
     
    112116
    113117    def trigger_report_creation(self):
    114         self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     118        #self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     119        # Create reports officer
     120        self.app['users'].addUser('mrreport', SECRET)
     121        self.app['users']['mrreport'].email = 'mrreport@foo.ng'
     122        self.app['users']['mrreport'].title = 'Carlo Pitter'
     123        # Assign global reports officer role
     124        prmglobal = IPrincipalRoleManager(self.app)
     125        prmglobal.assignRoleToPrincipal('waeup.ReportsOfficer', 'mrreport')
     126        # Assign local ReportsOfficer role which restricts the access to
     127        # certain faculties.
     128        self.department = self.app['faculties']['fac1']['dep1']
     129        prmlocal = IPrincipalRoleManager(self.department)
     130        prmlocal.assignRoleToPrincipal(
     131            'waeup.local.ReportsOfficer', 'mrreport')
     132        notify(LocalRoleSetEvent(
     133            self.department, 'waeup.local.ReportsOfficer', 'mrreport',
     134            granted=True))
     135        # Login as reports officer
     136        self.browser.open(self.login_path)
     137        self.browser.getControl(name="form.login").value = 'mrreport'
     138        self.browser.getControl(name="form.password").value = SECRET
     139        self.browser.getControl("Login").click()
    115140        self.browser.open('http://localhost/app/reports')
    116141        self.assertEqual(self.browser.headers['Status'], '200 Ok')
     
    148173        logcontent = open(logfile).read()
    149174        self.assertTrue(
    150             'INFO - zope.mgr - students.reports.level_report.LevelReportGeneratorPage - '
     175            'INFO - mrreport - students.reports.level_report.LevelReportGeneratorPage - '
    151176            'report %s created: Level Report (faculty=fac1, department=dep1, '
    152177            'certificate=CERT1, session=2010, level=100)'
     
    154179            )
    155180        self.assertTrue(
    156             'INFO - zope.mgr - students.reports.level_report.LevelReportPDFView - '
     181            'INFO - mrreport - students.reports.level_report.LevelReportPDFView - '
    157182            'report %s downloaded: LevelReport_rno%s'
    158183            % (job_id, job_id) in logcontent
    159184            )
    160185        self.assertTrue(
    161             'INFO - zope.mgr - browser.reports.ReportsContainerPage - '
     186            'INFO - mrreport - browser.reports.ReportsContainerPage - '
    162187            'report %s discarded' % job_id in logcontent
    163188            )
  • main/waeup.kofa/trunk/src/waeup/kofa/university/department.py

    r14992 r15968  
    4949        'waeup.local.UGClearanceOfficer',
    5050        'waeup.local.PGClearanceOfficer',
     51        'waeup.local.ReportsOfficer',
    5152        'waeup.local.CourseAdviser100',
    5253        'waeup.local.CourseAdviser200',
Note: See TracChangeset for help on using the changeset viewer.