## $Id: permissions.py 17610 2023-10-12 09:06:25Z henrik $
##
## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
##
"""
Permissions for the students section.
"""
import grok
# Students section permissions
[docs]class HandleStudent(grok.Permission):
"""
The HandleStudent permission is reserved for students.
Students 'handle' their data. Officers 'manage' the data.
"""
grok.name('waeup.handleStudent')
[docs]class ViewStudent(grok.Permission):
"""
The ViewStudent permission allows to view all student data.
"""
grok.name('waeup.viewStudent')
[docs]class ViewMyStudentDataTab(grok.Permission):
grok.name('waeup.viewMyStudentDataTab')
[docs]class ViewStudentsContainer(grok.Permission):
"""The ViewStudentsContainer permission allows to view the students root
container page.
"""
grok.name('waeup.viewStudentsContainer')
[docs]class PayStudent(grok.Permission):
"""The PayStudent permission allows to add an online payment ticket and to
manage tickets.
"""
grok.name('waeup.payStudent')
[docs]class HandleAccommodation(grok.Permission):
"""The HandleAccommodation permission allows to manage bed tickets.
"""
grok.name('waeup.handleAccommodation')
[docs]class UploadStudentFile(grok.Permission):
"""The UploadStudentFile permissions allows to upload the passport picture.
The respective page additionally checks the state of the student.
"""
grok.name('waeup.uploadStudentFile')
[docs]class ManageStudent(grok.Permission):
"""The ManageStudent permission allows to edit the data.
This permission is meant for students officers.
"""
grok.name('waeup.manageStudent')
[docs]class ClearStudent(grok.Permission):
"""The ClearStudent permission is needed to clear students
or to reject clearance. This permission is meant for clearance officers.
"""
grok.name('waeup.clearStudent')
[docs]class ValidateStudent(grok.Permission):
"""The ValidateStudent permission is needed to validate or reject
course lists. This permission is not needed if users
already have the TriggerTransition permission.
"""
grok.name('waeup.validateStudent')
[docs]class EditStudyLevel(grok.Permission):
"""The EditStudyLevel permission is needed for editing course lists.
Students and course advisers do have this permission.
"""
grok.name('waeup.editStudyLevel')
[docs]class LoginAsStudent(grok.Permission):
"""The LoginAsStudent permission is needed to set temporary student
passwords and login as (impersonate) students.
"""
grok.name('waeup.loginAsStudent')
[docs]class ViewTranscript(grok.Permission):
"""The ViewTranscript permission is needed to view transcript pages.
"""
grok.name('waeup.viewTranscript')
[docs]class DownloadTranscript(grok.Permission):
"""The DownloadTranscript permission is needed to download transcript slips.
"""
grok.name('waeup.downloadTranscript')
[docs]class ProcessTranscript(grok.Permission):
grok.name('waeup.processTranscript')
"""The ProcessTranscript permission is needed to validate and relase transcripts.
"""
[docs]class SignTranscript(grok.Permission):
grok.name('waeup.signTranscript')
"""The SignTranscript permission is needed to sign transcripts.
"""
# Local role
[docs]class StudentRecordOwner(grok.Role):
"""A student 'owns' her/his student object and subobjects and
gains permissions to handle all data, upload a passport picture,
add payment tickets, create and edit course lists and handle accommodation.
"""
grok.name('waeup.local.StudentRecordOwner')
grok.title(u'Student Record Owner')
grok.permissions('waeup.handleStudent',
'waeup.uploadStudentFile',
'waeup.viewStudent',
'waeup.payStudent',
'waeup.handleAccommodation',
'waeup.editStudyLevel')
[docs]class Parents(grok.Role):
"""Parents temporarily get access to view the records of their children.
"""
grok.name('waeup.local.Parents')
grok.title(u'Parents')
grok.permissions('waeup.viewStudent')
# Site Roles
[docs]class StudentRole(grok.Role):
"""This role is dedicated to students only.
It defines the permissions a student gains portal-wide.
"""
grok.name('waeup.Student')
grok.title(u'Student (do not assign)')
grok.permissions('waeup.viewAcademics',
'waeup.viewMyStudentDataTab',
'waeup.Authenticated')
[docs]class StudentsOfficer(grok.Role):
"""The Students Officer is allowed to view all student data.
"""
grok.name('waeup.StudentsOfficer')
grok.title(u'Students Officer (view only)')
grok.permissions('waeup.viewStudent',
'waeup.viewStudentsContainer')
[docs]class StudentsManager(grok.Role):
"""The Students Manager is allowed to edit all student data, to
create payment tickets, to handle bed tickets and to upload passport
pictures.
"""
grok.name('waeup.StudentsManager')
grok.title(u'Students Manager')
grok.permissions('waeup.viewStudent',
'waeup.manageStudent',
'waeup.viewStudentsContainer',
'waeup.payStudent',
'waeup.uploadStudentFile',
'waeup.handleAccommodation')
[docs]class TranscriptOfficer(grok.Role):
"""The Transcript Officer is allowed to view, to validate and to
release student transcripts. The officer is not allowed to
manage student data but to edit the transcript remark on a separate
manage page.
"""
grok.name('waeup.TranscriptOfficer')
grok.title(u'Transcript Officer')
grok.permissions('waeup.viewAcademics',
'waeup.viewTranscript',
'waeup.downloadTranscript',
'waeup.processTranscript',
'waeup.viewStudent',
'waeup.viewStudentsContainer',
)
[docs]class TranscriptSignee(grok.Role):
"""The Transcript Signee is allowed to view and to sign student
transcripts.
"""
grok.name('waeup.TranscriptSignee')
grok.title(u'Transcript Signee')
grok.permissions('waeup.viewAcademics',
'waeup.viewTranscript',
'waeup.signTranscript',
'waeup.viewStudent',
)
[docs]class StudentsClearanceOfficer(grok.Role):
"""The global StudentsClearanceOfficer role enables users to view all
student data, to clear students and to reject clearance portal-wide.
Usually, this role is not assigned manually.
We are using the correspondent local role instead which assigns the
StudentsClearanceOfficer role dynamically.
"""
grok.name('waeup.StudentsClearanceOfficer')
grok.title(u'Clearance Officer (all students)')
grok.permissions('waeup.clearStudent',
'waeup.viewStudent')
[docs]class StudentsCourseAdviser(grok.Role):
"""The global StudentsCourseAdviser role enables users to view all
student data, to edit, validate or reject course lists portal-wide.
Usually, this role is not assigned manually.
We are using the correspondent local role instead which assigns the
StudentsCourseAdviser role dynamically.
"""
grok.name('waeup.StudentsCourseAdviser')
grok.title(u'Course Adviser (all students)')
grok.permissions('waeup.validateStudent',
'waeup.viewStudent',
'waeup.editStudyLevel')
[docs]class StudentImpersonator(grok.Role):
"""The Student Impersonator gains the LoginAsStudent permission,
nothing else, see description above.
"""
grok.name('waeup.StudentImpersonator')
grok.title(u'Student Impersonator')
grok.permissions('waeup.loginAsStudent')