Context navigation

← Previous changeset
Next changeset →

Changeset 7184

Timestamp:

24 Nov 2011, 09:20:13 (13 years ago)

Author:

Henrik Bettermann

Message:

Reorganise permissions:

The navigation viewlets now manage the permission requirements themselves. No need to do this in pagetemplates.

Rename permission waeup.View to waeup.viewAcademics because it only refers to the academic section.

Add permission waeup.Authenticated (which is used in students). The StudentRecordOwner? explicitly needs this permission. Otherwise the MyData? tab disappears when changing the password.

Roles do not need to get the waeup.Public permission. This is already guaranteed in site.zcml.

Location:

main/waeup.sirp/trunk/src/waeup/sirp

Files:

: 10 edited

applicants/browser.py (modified) (2 diffs)
applicants/permissions.py (modified) (1 diff)
applicants/tests/test_browser.py (modified) (3 diffs)
browser/pages.py (modified) (6 diffs)
browser/templates/studentsitelayout.pt (modified) (1 diff)
browser/viewlets.py (modified) (6 diffs)
permissions.py (modified) (4 diffs)
students/browser.py (modified) (3 diffs)
students/permissions.py (modified) (3 diffs)
students/viewlets.py (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed

main/waeup.sirp/trunk/src/waeup/sirp/applicants/browser.py

-                      r7166
+                      r7184
         return self.context.access_code
 class ApplicantsTab(PrimaryNavTab):
+class ApplicantsAuthTab(PrimaryNavTab):
     """Applicants tab in primary navigation.
     """
     grok.context(IWAeUPObject)
     grok.order(3)
     grok.require('waeup.Public')
+    grok.require('waeup.viewApplication')
     grok.template('primarynavtab')
     pnav = 3
     tab_title = u'Applicants'
 …
     def link_target(self):
         return self.view.application_url('applicants')
+class ApplicantsAnonTab(ApplicantsAuthTab):
+    """Applicants tab in primary navigation.
+    Display tab only for anonymous. Authenticated users can call the
+    form from the user navigation bar.
+    """
+    grok.require('waeup.Anonymous')
+    tab_title = u'Application'
+    # Also zope.manager has role Anonymous.
+    # To avoid displaying this tab, uncomment the following.
+    #def tab_title(self):
+    #    userid = self.request.principal.id
+    #    if userid != 'zope.anybody':
+    #        tt = u''
+    #    else:
+    #        tt = u'Application'
+    #    return tt
 class ApplicantsContainerPage(WAeUPDisplayFormPage):

main/waeup.sirp/trunk/src/waeup/sirp/applicants/permissions.py

r7178	r7184
46	46	class ApplicantRole(grok.Role):
47	47	grok.name('waeup.Applicant')
48		grok.permissions('waeup.~~Public', 'waeup.View~~')
	48	grok.permissions('waeup.viewAcademics')
49	49
50	50	class ApplicationsOfficer(grok.Role):

main/waeup.sirp/trunk/src/waeup/sirp/applicants/tests/test_browser.py

-                      r7137
+                      r7184
             'Manage' in self.browser.contents)
     def test_anonymous_no_actions(self):
         # Make sure anonymous users cannot access actions
 …
         return
+    def test_local_roles_add_delete(self):
+        # Managers can assign and delete local roles of applicants root
+        myusers = self.app['users']
+        myusers.addUser('bob', 'bobssecret')
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.manage_root_path)
+        self.browser.getControl(name="user").value = ['bob']
+        self.browser.getControl(name="local_role").value = [
+            'waeup.ApplicationsOfficer']
+        self.browser.getControl("Add local role").click()
+        self.assertTrue('<td>bob</td>' in self.browser.contents)
+        # Remove the role assigned
+        ctrl = self.browser.getControl(name='role_id')
+        ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
+        self.browser.getControl("Remove selected local roles").click()
+        self.assertTrue('Successfully removed:' in self.browser.contents)
+        self.assertFalse('<td>bob</td>' in self.browser.contents)
+        return
+    # We have no local roles yet
+    #def test_local_roles_add_delete(self):
+    #    # Managers can assign and delete local roles of applicants root
+    #    myusers = self.app['users']
+    #    myusers.addUser('bob', 'bobssecret')
+    #    self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+    #    self.browser.open(self.manage_root_path)
+    #    self.browser.getControl(name="user").value = ['bob']
+    #    self.browser.getControl(name="local_role").value = [
+    #        'waeup.local.ApplicationsOfficer']
+    #    self.browser.getControl("Add local role").click()
+    #    self.assertTrue('<td>bob</td>' in self.browser.contents)
+    #    # Remove the role assigned
+    #    ctrl = self.browser.getControl(name='role_id')
+    #    ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
+    #    self.browser.getControl("Remove selected local roles").click()
+    #    self.assertTrue('Successfully removed:' in self.browser.contents)
+    #    self.assertFalse('<td>bob</td>' in self.browser.contents)
+    #    return
     def test_add_delete_container(self):
 …
         return
+    def test_local_roles_add_delete(self):
+        # Managers can assign and delete local roles of applicants containers
+        myusers = self.app['users']
+        myusers.addUser('bob', 'bobssecret')
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open(self.manage_container_path)
+        self.browser.getControl(name="user").value = ['bob']
+        self.browser.getControl(name="local_role").value = [
+            'waeup.ApplicationsOfficer']
+        self.browser.getControl("Add local role").click()
+        self.assertTrue('<td>bob</td>' in self.browser.contents)
+        ctrl = self.browser.getControl(name='role_id')
+        ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
+        self.browser.getControl("Remove selected local roles").click()
+        self.assertTrue('Successfully removed:' in self.browser.contents)
+        self.assertFalse('<td>bob</td>' in self.browser.contents)
+        return
+    # We have no local roles yet
+    #def test_local_roles_add_delete(self):
+    #    # Managers can assign and delete local roles of applicants containers
+    #    myusers = self.app['users']
+    #    myusers.addUser('bob', 'bobssecret')
+    #    self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+    #    self.browser.open(self.manage_container_path)
+    #    self.browser.getControl(name="user").value = ['bob']
+    #    self.browser.getControl(name="local_role").value = [
+    #        'waeup.local.ApplicationsOfficer']
+    #    self.browser.getControl("Add local role").click()
+    #    self.assertTrue('<td>bob</td>' in self.browser.contents)
+    #    ctrl = self.browser.getControl(name='role_id')
+    #    ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
+    #    self.browser.getControl("Remove selected local roles").click()
+    #    self.assertTrue('Successfully removed:' in self.browser.contents)
+    #    self.assertFalse('<td>bob</td>' in self.browser.contents)
+    #    return
 class LoginTest(FunctionalTestCase):

main/waeup.sirp/trunk/src/waeup/sirp/browser/pages.py

-                      r7179
+                      r7184
     """
     grok.context(IFacultyContainer)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     grok.name('index')
     title = 'Academics'
 …
     """
     grok.context(IFaculty)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     grok.name('index')
     pnav = 1
 …
     """
     grok.context(IDepartment)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     grok.name('index')
     pnav = 1
 …
     grok.context(ICourse)
     grok.name('index')
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     pnav = 1
     #form_fields = grok.AutoFields(ICourse)
 …
     grok.context(ICertificate)
     grok.name('index')
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     pnav = 1
     form_fields = grok.AutoFields(ICertificate)
 …
     grok.context(ICertificateCourse)
     grok.name('index')
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     pnav = 1
     #form_fields = grok.AutoFields(ICertificateCourse)

main/waeup.sirp/trunk/src/waeup/sirp/browser/templates/studentsitelayout.pt

-                      r7129
+                      r7184
             </span> </h1>
           <div id="navigation" class="yui-navset" style="text-align:right;">
+            <ul id="primary-navigation" tal:condition="layout/isAuthenticated">
+            <ul id="primary-navigation">
+              <tal:primary_nav content="structure provider:primary_nav" />
               <tal:primary_nav content="structure provider:primary_nav_student" />
-            </ul>
-            <ul id="primary-navigation" tal:condition="not: layout/isAuthenticated">
-              <tal:primary_nav content="structure provider:primary_nav" />
             </ul>
             <ul id="user-navigation">

main/waeup.sirp/trunk/src/waeup/sirp/browser/viewlets.py

-                      r7179
+                      r7184
     grok.viewletmanager(PrimaryNavManager)
     grok.order(1)
     grok.require('waeup.View')
+    grok.require('waeup.Public')
     pnav = 0 # This is a kind of id of a tab. If some page provides
 …
     """
     grok.order(2)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     grok.template('primarynavtab')
 …
 class ContactTab(PrimaryNavTab):
     """Contact tab in primary navigation.
+    Display tab only for anonymous. Authenticated users can call the
+    form from the user navigation bar.
     """
     grok.order(6)
     grok.require('waeup.Anonymous')
     grok.template('primarynavtab')
+    tab_title = u'Enquiries'
     pnav = 2
+    def tab_title(self):
         """Display tab only for anonymous. Authenticated users can call the
         form from the user navigation bar.
         """
         userid = self.request.principal.id
         if userid != 'zope.anybody':
             tt = u''
         else:
             tt = u'Enquiries'
         return tt
     @property
     def active(self):
         view_pnav = getattr(self.view, 'pnav', 0)
         userid = self.request.principal.id
         if view_pnav == self.pnav and userid == 'zope.anybody':
             return 'active'
         return ''
+    # Also zope.manager has role Anonymous.
+    # To avoid displaying this tab, uncomment the following.
+    #def tab_title(self):
+    #    userid = self.request.principal.id
+    #    if userid != 'zope.anybody':
+    #        tt = u''
+    #    else:
+    #        tt = u'Enquiries'
+    #    return tt
+    #@property
+    #def active(self):
+    #    view_pnav = getattr(self.view, 'pnav', 0)
+    #    userid = self.request.principal.id
+    #    if view_pnav == self.pnav and userid == 'zope.anybody':
+    #        return 'active'
+    #    return ''
     @property
 …
     grok.viewletmanager(SubobjectLister)
     grok.context(IFacultyContainer)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     def render(self):
 …
     grok.viewletmanager(SubobjectLister)
     grok.context(IFaculty)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     def render(self):
 …
     grok.viewletmanager(SubobjectLister)
     grok.context(IFaculty)
     grok.require('waeup.View')
+    grok.require('waeup.viewAcademics')
     def render(self):

main/waeup.sirp/trunk/src/waeup/sirp/permissions.py

-                      r7181
+                      r7184
     grok.name('waeup.Anonymous')
+class ViewPermission(grok.Permission):
+    grok.name('waeup.View')
+class Authenticated(grok.Permission):
+    """Only-logged-in-users-can-do-this-permission.
+    """
+    grok.name('waeup.Authenticated')
+class ViewAcademicsPermission(grok.Permission):
+    grok.name('waeup.viewAcademics')
 class ManageUniversity(grok.Permission):
 …
     grok.permissions('waeup.manageUniversity')
 class ClearanceOfficer(grok.Role):
     """The clearance officer role is meant for the
 …
     grok.name('waeup.PortalUser')
     grok.title(u'Portal User')
     grok.permissions('waeup.View', 'waeup.Public')
+    grok.permissions('waeup.viewAcademics')
 class ACManager(grok.Role):
 …
     grok.title(u'Portal Manager')
     grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
                      'waeup.View', 'waeup.Public','waeup.manageACBatches',
+                     'waeup.viewAcademics', 'waeup.manageACBatches',
                      'waeup.manageDataCenter','waeup.managePortalSettings',
                      'waeup.managePortalConfiguration',
                      'waeup.manageApplications', 'waeup.handleApplication',
+                     'waeup.managePortalConfiguration', 'waeup.viewApplication',
+                     'waeup.manageApplication', 'waeup.handleApplication',
                      'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
                      'waeup.uploadStudentFile',
+                     'waeup.uploadStudentFile', 'waeup.viewStudents',
                      'waeup.viewHostels', 'waeup.manageHostels')

main/waeup.sirp/trunk/src/waeup/sirp/students/browser.py

-                      r7181
+                      r7184
 from waeup.sirp.browser.resources import datepicker, datatable, tabs
 from waeup.sirp.browser.viewlets import (
     ManageActionButton, PrimaryNavTab, AddActionButton)
+    ManageActionButton, AddActionButton)
 from waeup.sirp.interfaces import (
     IWAeUPObject, IUserAccount, IExtFileStore, IPasswordValidator)
 …
     return
-class StudentsTab(PrimaryNavTab):
-    """Students tab in primary navigation.
-    """
-    grok.context(IWAeUPObject)
-    grok.order(4)
-    grok.require('waeup.viewStudent')
-    grok.template('primarynavtab')
-    pnav = 4
-    tab_title = u'Students'
-    @property
-    def link_target(self):
-        return self.view.application_url('students')
 class StudentsBreadcrumb(Breadcrumb):
     """A breadcrumb for the students container.
 …
     grok.context(IStudentsContainer)
     grok.name('index')
     grok.require('waeup.viewStudent')
+    grok.require('waeup.viewStudents')
     grok.template('containerpage')
     label = 'Student Section'

main/waeup.sirp/trunk/src/waeup/sirp/students/permissions.py

-                      r7181
+                      r7184
     grok.name('waeup.viewStudent')
+class ViewStudents(grok.Permission):
+    grok.name('waeup.viewStudents')
 class PayStudent(grok.Permission):
     grok.name('waeup.payStudent')
 …
     grok.permissions('waeup.handleStudent', 'waeup.uploadStudentFile',
                      'waeup.viewStudent', 'waeup.payStudent',
                      'waeup.handleAccommodation')
+                     'waeup.handleAccommodation', 'waeup.Authenticated')
 # Site Roles
 class StudentRole(grok.Role):
     grok.name('waeup.Student')
     grok.permissions('waeup.Public', 'waeup.View')
+    grok.permissions('waeup.viewAcademics')
 class StudentsOfficer(grok.Role):
     grok.name('waeup.StudentsOfficer')
     grok.title(u'Students Officer (view only)')
     grok.permissions('waeup.viewStudent',)
+    grok.permissions('waeup.viewStudent','waeup.viewStudents')
 class StudentsManager(grok.Role):
 …
     grok.permissions('waeup.viewStudent', 'waeup.manageStudent',
                      'waeup.payStudent', 'waeup.uploadStudentFile',
                      'waeup.handleAccommodation')
+                     'waeup.handleAccommodation', 'waeup.viewStudents')
 class StudentsClearanceOfficer(grok.Role):

main/waeup.sirp/trunk/src/waeup/sirp/students/viewlets.py

-                      r7181
+                      r7184
 from waeup.sirp.utils.helpers import string_from_bytes, file_size
 from waeup.sirp.browser import DEFAULT_IMAGE_PATH
+from waeup.sirp.browser.viewlets import PrimaryNavTab
 from waeup.sirp.students.browser import (
     StudentClearanceDisplayFormPage, StudentClearanceManageFormPage,
 …
     text = u'History'
+class StudentsTab(PrimaryNavTab):
+    """Students tab in primary navigation.
+    """
+    grok.context(IWAeUPObject)
+    grok.order(4)
+    grok.require('waeup.viewStudents')
+    grok.template('primarynavtab')
+    pnav = 4
+    tab_title = u'Students'
+    @property
+    def link_target(self):
+        return self.view.application_url('students')
 class PrimaryStudentNavManager(grok.ViewletManager):
     """Viewlet manager for the primary navigation tab.
 …
     grok.template('primarynavtab')
     grok.order(1)
     grok.require('waeup.View')
+    grok.require('waeup.Authenticated')
     pnav = 0
     tab_title = u'Some Text'
 …
         return ''
 class HomeTab(PrimaryStudentNavTab):
     """Home-tab in primary navigation.
     """
     grok.order(1)
     grok.require('waeup.Public')
     pnav = 0
     tab_title = u'Home'
 class ProspectusTab(PrimaryStudentNavTab):
     """Faculties-tab in primary navigation.
     """
     grok.order(2)
     grok.require('waeup.View')
     pnav = 1
     tab_title = u'Prospectus'
     @property
     def link_target(self):
         return self.view.application_url('faculties')
+#class HomeTab(PrimaryStudentNavTab):
+#    """Home-tab in primary navigation.
+#    """
+#    grok.order(1)
+#    grok.require('waeup.Authenticated')
+#    pnav = 0
+#    tab_title = u'Home'
+#class ProspectusTab(PrimaryStudentNavTab):
+#    """Faculties-tab in primary navigation.
+#    """
+#    grok.order(2)
+#    grok.require('waeup.viewAcademics')
+#    pnav = 1
+#    tab_title = u'Prospectus'
+#    @property
+#    def link_target(self):
+#        return self.view.application_url('faculties')
 class MyDataTab(PrimaryStudentNavTab):
 …
     """
     grok.order(3)
     grok.require('waeup.Public')
+    grok.require('waeup.Authenticated')
     pnav = 4
     tab_title = u'My Data'

Note: See TracChangeset for help on using the changeset viewer.

Context navigation

Changeset 7184

Legend:

Download in other formats: