Ignore:
Timestamp:
10 Sep 2012, 11:05:07 (12 years ago)
Author:
uli
Message:

Merge changes from trunk, r8786-HEAD

Location:
main/waeup.kofa/branches/uli-async-update
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.kofa/branches/uli-async-update

  • main/waeup.kofa/branches/uli-async-update/src/waeup/kofa/students/dynamicroles.py

    r7811 r9169  
    5151        """Get roles for principal with id `principal_id`.
    5252
    53         Different to the default implementation, this method also
    54         takes into account local roles set on any department connected
    55         to the context student.
    56 
    57         If the given principal has at least one of the
    58         `external_rolenames` roles granted for the external object, it
    59         additionally gets `additional_rolename` role for the context
    60         student.
    61 
    62         For the additional roles the `extra_attrib` and all its parent
    63         objects are looked up, because 'role inheritance' does not
    64         work on that basic level of permission handling.
    65 
    66         Some advantages of this approach:
    67 
    68         - we don't have to store extra local roles for clearance
    69           officers in ZODB for each student
    70 
    71         - when local roles on a department change, we don't have to
    72           update thousands of students; the local role is assigned
    73           dynamically.
    74 
    75         Disadvantage:
    76 
    77         - More expensive role lookups when a clearance officer wants
    78           to see an student form.
    79 
    80         This implementation is designed to be usable also for other
    81         contexts than students. You can inherit from it and set
    82         different role names to lookup/set easily via the static class
    83         attributes.
     53        See waeup.kofa.applicants.dynamicroles.ApplicantPrincipalRoleManager
     54        for further information.
    8455        """
    8556        apr_manager = AnnotationPrincipalRoleManager(self._context)
     
    11889                        result.append(
    11990                            ('waeup.StudentsOfficer', setting))
     91                elif 'UGClearanceOfficer' in role_id:
     92                    if not self._context.is_postgrad:
     93                        result.append(
     94                            ('waeup.StudentsClearanceOfficer', setting))
     95                    else:
     96                        # Otherwise grant at least view permissions.
     97                        result.append(
     98                            ('waeup.StudentsOfficer', setting))
     99                elif 'PGClearanceOfficer' in role_id:
     100                    if self._context.is_postgrad:
     101                        result.append(
     102                            ('waeup.StudentsClearanceOfficer', setting))
     103                    else:
     104                        # Otherwise grant at least view permissions.
     105                        result.append(
     106                            ('waeup.StudentsOfficer', setting))
    120107                elif role_id in self.rolename_mapping.keys():
    121108                    # Grant additional role
Note: See TracChangeset for help on using the changeset viewer.