Ignore:
Timestamp:
24 Nov 2011, 09:20:13 (13 years ago)
Author:
Henrik Bettermann
Message:

Reorganise permissions:

The navigation viewlets now manage the permission requirements themselves. No need to do this in pagetemplates.

Rename permission waeup.View to waeup.viewAcademics because it only refers to the academic section.

Add permission waeup.Authenticated (which is used in students). The StudentRecordOwner? explicitly needs this permission. Otherwise the MyData? tab disappears when changing the password.

Roles do not need to get the waeup.Public permission. This is already guaranteed in site.zcml.

Location:
main/waeup.sirp/trunk/src/waeup/sirp
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.sirp/trunk/src/waeup/sirp/applicants/browser.py

    r7166 r7184  
    234234        return self.context.access_code
    235235
    236 class ApplicantsTab(PrimaryNavTab):
     236class ApplicantsAuthTab(PrimaryNavTab):
    237237    """Applicants tab in primary navigation.
    238238    """
    239 
    240239    grok.context(IWAeUPObject)
    241240    grok.order(3)
    242     grok.require('waeup.Public')
     241    grok.require('waeup.viewApplication')
    243242    grok.template('primarynavtab')
    244 
    245243    pnav = 3
    246244    tab_title = u'Applicants'
     
    249247    def link_target(self):
    250248        return self.view.application_url('applicants')
     249
     250class ApplicantsAnonTab(ApplicantsAuthTab):
     251    """Applicants tab in primary navigation.
     252
     253    Display tab only for anonymous. Authenticated users can call the
     254    form from the user navigation bar.
     255    """
     256    grok.require('waeup.Anonymous')
     257    tab_title = u'Application'
     258
     259    # Also zope.manager has role Anonymous.
     260    # To avoid displaying this tab, uncomment the following.
     261    #def tab_title(self):
     262    #    userid = self.request.principal.id
     263    #    if userid != 'zope.anybody':
     264    #        tt = u''
     265    #    else:
     266    #        tt = u'Application'
     267    #    return tt
    251268
    252269class ApplicantsContainerPage(WAeUPDisplayFormPage):
  • main/waeup.sirp/trunk/src/waeup/sirp/applicants/permissions.py

    r7178 r7184  
    4646class ApplicantRole(grok.Role):
    4747    grok.name('waeup.Applicant')
    48     grok.permissions('waeup.Public', 'waeup.View')
     48    grok.permissions('waeup.viewAcademics')
    4949
    5050class ApplicationsOfficer(grok.Role):
  • main/waeup.sirp/trunk/src/waeup/sirp/applicants/tests/test_browser.py

    r7137 r7184  
    138138            'Manage' in self.browser.contents)
    139139
     140   
    140141    def test_anonymous_no_actions(self):
    141142        # Make sure anonymous users cannot access actions
     
    173174        return
    174175
    175     def test_local_roles_add_delete(self):
    176         # Managers can assign and delete local roles of applicants root
    177         myusers = self.app['users']
    178         myusers.addUser('bob', 'bobssecret')
    179         self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
    180         self.browser.open(self.manage_root_path)
    181         self.browser.getControl(name="user").value = ['bob']
    182         self.browser.getControl(name="local_role").value = [
    183             'waeup.ApplicationsOfficer']
    184         self.browser.getControl("Add local role").click()
    185         self.assertTrue('<td>bob</td>' in self.browser.contents)
    186         # Remove the role assigned
    187         ctrl = self.browser.getControl(name='role_id')
    188         ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
    189         self.browser.getControl("Remove selected local roles").click()
    190         self.assertTrue('Successfully removed:' in self.browser.contents)
    191         self.assertFalse('<td>bob</td>' in self.browser.contents)
    192         return
     176    # We have no local roles yet
     177    #def test_local_roles_add_delete(self):
     178    #    # Managers can assign and delete local roles of applicants root
     179    #    myusers = self.app['users']
     180    #    myusers.addUser('bob', 'bobssecret')
     181    #    self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     182    #    self.browser.open(self.manage_root_path)
     183    #    self.browser.getControl(name="user").value = ['bob']
     184    #    self.browser.getControl(name="local_role").value = [
     185    #        'waeup.local.ApplicationsOfficer']
     186    #    self.browser.getControl("Add local role").click()
     187    #    self.assertTrue('<td>bob</td>' in self.browser.contents)
     188    #    # Remove the role assigned
     189    #    ctrl = self.browser.getControl(name='role_id')
     190    #    ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
     191    #    self.browser.getControl("Remove selected local roles").click()
     192    #    self.assertTrue('Successfully removed:' in self.browser.contents)
     193    #    self.assertFalse('<td>bob</td>' in self.browser.contents)
     194    #    return
    193195
    194196    def test_add_delete_container(self):
     
    423425        return
    424426
    425     def test_local_roles_add_delete(self):
    426         # Managers can assign and delete local roles of applicants containers
    427         myusers = self.app['users']
    428         myusers.addUser('bob', 'bobssecret')
    429         self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
    430         self.browser.open(self.manage_container_path)
    431         self.browser.getControl(name="user").value = ['bob']
    432         self.browser.getControl(name="local_role").value = [
    433             'waeup.ApplicationsOfficer']
    434         self.browser.getControl("Add local role").click()
    435         self.assertTrue('<td>bob</td>' in self.browser.contents)
    436         ctrl = self.browser.getControl(name='role_id')
    437         ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
    438         self.browser.getControl("Remove selected local roles").click()
    439         self.assertTrue('Successfully removed:' in self.browser.contents)
    440         self.assertFalse('<td>bob</td>' in self.browser.contents)
    441         return
     427    # We have no local roles yet
     428    #def test_local_roles_add_delete(self):
     429    #    # Managers can assign and delete local roles of applicants containers
     430    #    myusers = self.app['users']
     431    #    myusers.addUser('bob', 'bobssecret')
     432    #    self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     433    #    self.browser.open(self.manage_container_path)
     434    #    self.browser.getControl(name="user").value = ['bob']
     435    #    self.browser.getControl(name="local_role").value = [
     436    #        'waeup.local.ApplicationsOfficer']
     437    #    self.browser.getControl("Add local role").click()
     438    #    self.assertTrue('<td>bob</td>' in self.browser.contents)
     439    #    ctrl = self.browser.getControl(name='role_id')
     440    #    ctrl.getControl(value='bob|waeup.ApplicationsOfficer').selected = True
     441    #    self.browser.getControl("Remove selected local roles").click()
     442    #    self.assertTrue('Successfully removed:' in self.browser.contents)
     443    #    self.assertFalse('<td>bob</td>' in self.browser.contents)
     444    #    return
    442445
    443446class LoginTest(FunctionalTestCase):
  • main/waeup.sirp/trunk/src/waeup/sirp/browser/pages.py

    r7179 r7184  
    11281128    """
    11291129    grok.context(IFacultyContainer)
    1130     grok.require('waeup.View')
     1130    grok.require('waeup.viewAcademics')
    11311131    grok.name('index')
    11321132    title = 'Academics'
     
    12061206    """
    12071207    grok.context(IFaculty)
    1208     grok.require('waeup.View')
     1208    grok.require('waeup.viewAcademics')
    12091209    grok.name('index')
    12101210    pnav = 1
     
    13271327    """
    13281328    grok.context(IDepartment)
    1329     grok.require('waeup.View')
     1329    grok.require('waeup.viewAcademics')
    13301330    grok.name('index')
    13311331    pnav = 1
     
    15471547    grok.context(ICourse)
    15481548    grok.name('index')
    1549     grok.require('waeup.View')
     1549    grok.require('waeup.viewAcademics')
    15501550    pnav = 1
    15511551    #form_fields = grok.AutoFields(ICourse)
     
    15941594    grok.context(ICertificate)
    15951595    grok.name('index')
    1596     grok.require('waeup.View')
     1596    grok.require('waeup.viewAcademics')
    15971597    pnav = 1
    15981598    form_fields = grok.AutoFields(ICertificate)
     
    17021702    grok.context(ICertificateCourse)
    17031703    grok.name('index')
    1704     grok.require('waeup.View')
     1704    grok.require('waeup.viewAcademics')
    17051705    pnav = 1
    17061706    #form_fields = grok.AutoFields(ICertificateCourse)
  • main/waeup.sirp/trunk/src/waeup/sirp/browser/templates/studentsitelayout.pt

    r7129 r7184  
    2929            </span> </h1>
    3030          <div id="navigation" class="yui-navset" style="text-align:right;">
    31             <ul id="primary-navigation" tal:condition="layout/isAuthenticated">
     31            <ul id="primary-navigation">
     32              <tal:primary_nav content="structure provider:primary_nav" />
    3233              <tal:primary_nav content="structure provider:primary_nav_student" />
    33             </ul>
    34             <ul id="primary-navigation" tal:condition="not: layout/isAuthenticated">
    35               <tal:primary_nav content="structure provider:primary_nav" />
    3634            </ul>
    3735            <ul id="user-navigation">
  • main/waeup.sirp/trunk/src/waeup/sirp/browser/viewlets.py

    r7179 r7184  
    551551    grok.viewletmanager(PrimaryNavManager)
    552552    grok.order(1)
    553     grok.require('waeup.View')
     553    grok.require('waeup.Public')
    554554
    555555    pnav = 0 # This is a kind of id of a tab. If some page provides
     
    590590    """
    591591    grok.order(2)
    592     grok.require('waeup.View')
     592    grok.require('waeup.viewAcademics')
    593593    grok.template('primarynavtab')
    594594
     
    603603class ContactTab(PrimaryNavTab):
    604604    """Contact tab in primary navigation.
     605
     606    Display tab only for anonymous. Authenticated users can call the
     607    form from the user navigation bar.
    605608    """
    606609    grok.order(6)
    607610    grok.require('waeup.Anonymous')
    608611    grok.template('primarynavtab')
    609    
     612    tab_title = u'Enquiries'
    610613    pnav = 2
    611     def tab_title(self):
    612         """Display tab only for anonymous. Authenticated users can call the
    613         form from the user navigation bar.
    614         """
    615         userid = self.request.principal.id
    616         if userid != 'zope.anybody':
    617             tt = u''
    618         else:
    619             tt = u'Enquiries'         
    620         return tt
    621 
    622     @property
    623     def active(self):
    624         view_pnav = getattr(self.view, 'pnav', 0)
    625         userid = self.request.principal.id
    626         if view_pnav == self.pnav and userid == 'zope.anybody':
    627             return 'active'
    628         return ''
     614
     615    # Also zope.manager has role Anonymous.
     616    # To avoid displaying this tab, uncomment the following.
     617    #def tab_title(self):
     618    #    userid = self.request.principal.id
     619    #    if userid != 'zope.anybody':
     620    #        tt = u''
     621    #    else:
     622    #        tt = u'Enquiries'
     623    #    return tt
     624
     625    #@property
     626    #def active(self):
     627    #    view_pnav = getattr(self.view, 'pnav', 0)
     628    #    userid = self.request.principal.id
     629    #    if view_pnav == self.pnav and userid == 'zope.anybody':
     630    #        return 'active'
     631    #    return ''
    629632
    630633    @property
     
    717720    grok.viewletmanager(SubobjectLister)
    718721    grok.context(IFacultyContainer)
    719     grok.require('waeup.View')
     722    grok.require('waeup.viewAcademics')
    720723
    721724    def render(self):
     
    728731    grok.viewletmanager(SubobjectLister)
    729732    grok.context(IFaculty)
    730     grok.require('waeup.View')
     733    grok.require('waeup.viewAcademics')
    731734
    732735    def render(self):
     
    740743    grok.viewletmanager(SubobjectLister)
    741744    grok.context(IFaculty)
    742     grok.require('waeup.View')
     745    grok.require('waeup.viewAcademics')
    743746
    744747    def render(self):
  • main/waeup.sirp/trunk/src/waeup/sirp/permissions.py

    r7181 r7184  
    2323    grok.name('waeup.Anonymous')
    2424
    25 class ViewPermission(grok.Permission):
    26     grok.name('waeup.View')
     25class Authenticated(grok.Permission):
     26    """Only-logged-in-users-can-do-this-permission.
     27    """
     28    grok.name('waeup.Authenticated')
     29
     30class ViewAcademicsPermission(grok.Permission):
     31    grok.name('waeup.viewAcademics')
    2732
    2833class ManageUniversity(grok.Permission):
     
    5055    grok.permissions('waeup.manageUniversity')
    5156
    52 
    5357class ClearanceOfficer(grok.Role):
    5458    """The clearance officer role is meant for the
     
    7478    grok.name('waeup.PortalUser')
    7579    grok.title(u'Portal User')
    76     grok.permissions('waeup.View', 'waeup.Public')
     80    grok.permissions('waeup.viewAcademics')
    7781
    7882class ACManager(grok.Role):
     
    8589    grok.title(u'Portal Manager')
    8690    grok.permissions('waeup.manageUniversity', 'waeup.manageUsers',
    87                      'waeup.View', 'waeup.Public','waeup.manageACBatches',
     91                     'waeup.viewAcademics', 'waeup.manageACBatches',
    8892                     'waeup.manageDataCenter','waeup.managePortalSettings',
    89                      'waeup.managePortalConfiguration',
    90                      'waeup.manageApplications', 'waeup.handleApplication',
     93                     'waeup.managePortalConfiguration', 'waeup.viewApplication',
     94                     'waeup.manageApplication', 'waeup.handleApplication',
    9195                     'waeup.viewStudent', 'waeup.manageStudent', 'clearStudent',
    92                      'waeup.uploadStudentFile',
     96                     'waeup.uploadStudentFile', 'waeup.viewStudents',
    9397                     'waeup.viewHostels', 'waeup.manageHostels')
    9498
  • main/waeup.sirp/trunk/src/waeup/sirp/students/browser.py

    r7181 r7184  
    3333from waeup.sirp.browser.resources import datepicker, datatable, tabs
    3434from waeup.sirp.browser.viewlets import (
    35     ManageActionButton, PrimaryNavTab, AddActionButton)
     35    ManageActionButton, AddActionButton)
    3636from waeup.sirp.interfaces import (
    3737    IWAeUPObject, IUserAccount, IExtFileStore, IPasswordValidator)
     
    8080    return
    8181
    82 class StudentsTab(PrimaryNavTab):
    83     """Students tab in primary navigation.
    84     """
    85 
    86     grok.context(IWAeUPObject)
    87     grok.order(4)
    88     grok.require('waeup.viewStudent')
    89     grok.template('primarynavtab')
    90 
    91     pnav = 4
    92     tab_title = u'Students'
    93 
    94     @property
    95     def link_target(self):
    96         return self.view.application_url('students')
    97 
    9882class StudentsBreadcrumb(Breadcrumb):
    9983    """A breadcrumb for the students container.
     
    170154    grok.context(IStudentsContainer)
    171155    grok.name('index')
    172     grok.require('waeup.viewStudent')
     156    grok.require('waeup.viewStudents')
    173157    grok.template('containerpage')
    174158    label = 'Student Section'
  • main/waeup.sirp/trunk/src/waeup/sirp/students/permissions.py

    r7181 r7184  
    2727    grok.name('waeup.viewStudent')
    2828
     29class ViewStudents(grok.Permission):
     30    grok.name('waeup.viewStudents')
     31
    2932class PayStudent(grok.Permission):
    3033    grok.name('waeup.payStudent')
     
    4851    grok.permissions('waeup.handleStudent', 'waeup.uploadStudentFile',
    4952                     'waeup.viewStudent', 'waeup.payStudent',
    50                      'waeup.handleAccommodation')
     53                     'waeup.handleAccommodation', 'waeup.Authenticated')
    5154
    5255# Site Roles
    5356class StudentRole(grok.Role):
    5457    grok.name('waeup.Student')
    55     grok.permissions('waeup.Public', 'waeup.View')
     58    grok.permissions('waeup.viewAcademics')
    5659
    5760class StudentsOfficer(grok.Role):
    5861    grok.name('waeup.StudentsOfficer')
    5962    grok.title(u'Students Officer (view only)')
    60     grok.permissions('waeup.viewStudent',)
     63    grok.permissions('waeup.viewStudent','waeup.viewStudents')
    6164
    6265class StudentsManager(grok.Role):
     
    6568    grok.permissions('waeup.viewStudent', 'waeup.manageStudent',
    6669                     'waeup.payStudent', 'waeup.uploadStudentFile',
    67                      'waeup.handleAccommodation')
     70                     'waeup.handleAccommodation', 'waeup.viewStudents')
    6871
    6972class StudentsClearanceOfficer(grok.Role):
  • main/waeup.sirp/trunk/src/waeup/sirp/students/viewlets.py

    r7181 r7184  
    77from waeup.sirp.utils.helpers import string_from_bytes, file_size
    88from waeup.sirp.browser import DEFAULT_IMAGE_PATH
     9from waeup.sirp.browser.viewlets import PrimaryNavTab
    910from waeup.sirp.students.browser import (
    1011    StudentClearanceDisplayFormPage, StudentClearanceManageFormPage,
     
    139140    text = u'History'
    140141
     142class StudentsTab(PrimaryNavTab):
     143    """Students tab in primary navigation.
     144    """
     145
     146    grok.context(IWAeUPObject)
     147    grok.order(4)
     148    grok.require('waeup.viewStudents')
     149    grok.template('primarynavtab')
     150
     151    pnav = 4
     152    tab_title = u'Students'
     153
     154    @property
     155    def link_target(self):
     156        return self.view.application_url('students')
     157
    141158class PrimaryStudentNavManager(grok.ViewletManager):
    142159    """Viewlet manager for the primary navigation tab.
     
    151168    grok.template('primarynavtab')
    152169    grok.order(1)
    153     grok.require('waeup.View')
     170    grok.require('waeup.Authenticated')
    154171    pnav = 0
    155172    tab_title = u'Some Text'
     
    166183        return ''
    167184
    168 class HomeTab(PrimaryStudentNavTab):
    169     """Home-tab in primary navigation.
    170     """
    171     grok.order(1)
    172     grok.require('waeup.Public')
    173     pnav = 0
    174     tab_title = u'Home'
    175 
    176 class ProspectusTab(PrimaryStudentNavTab):
    177     """Faculties-tab in primary navigation.
    178     """
    179     grok.order(2)
    180     grok.require('waeup.View')
    181     pnav = 1
    182     tab_title = u'Prospectus'
    183 
    184     @property
    185     def link_target(self):
    186         return self.view.application_url('faculties')
     185#class HomeTab(PrimaryStudentNavTab):
     186#    """Home-tab in primary navigation.
     187#    """
     188#    grok.order(1)
     189#    grok.require('waeup.Authenticated')
     190#    pnav = 0
     191#    tab_title = u'Home'
     192
     193#class ProspectusTab(PrimaryStudentNavTab):
     194#    """Faculties-tab in primary navigation.
     195#    """
     196#    grok.order(2)
     197#    grok.require('waeup.viewAcademics')
     198#    pnav = 1
     199#    tab_title = u'Prospectus'
     200
     201#    @property
     202#    def link_target(self):
     203#        return self.view.application_url('faculties')
    187204
    188205class MyDataTab(PrimaryStudentNavTab):
     
    190207    """
    191208    grok.order(3)
    192     grok.require('waeup.Public')
     209    grok.require('waeup.Authenticated')
    193210    pnav = 4
    194211    tab_title = u'My Data'
Note: See TracChangeset for help on using the changeset viewer.