permissions – Permissions and Roles Components Module

class waeup.kofa.permissions.ACManager(id, title, description='')[source]

Bases: grok.components.Role

This is the role for Access Code Managers. An AC Manager can view and manage the Accesscodes Section, see ManageACBatches permission above.

__doc__ = 'This is the role for Access Code Managers.\n An AC Manager can view and manage the Accesscodes Section, see\n ManageACBatches permission above.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.AcademicsManager(id, title, description='')[source]

Bases: grok.components.Role

An Academics Manager can view and edit all data in the scademic section, i.e. access all manage pages at faculty, department, course, certificate and certificate course level.

__doc__ = 'An Academics Manager can view and edit all data in the\n scademic section, i.e. access all manage pages\n at faculty, department, course, certificate and certificate course level.\n '
__module__ = 'waeup.kofa.permissions'
title = u'Academics Manager'
class waeup.kofa.permissions.AcademicsOfficer(id, title, description='')[source]

Bases: grok.components.Role

An Academics Officer can view but not edit data in the academic section.

This is the default role which is automatically assigned to all officers of the portal. A user with this role can access all display pages at faculty, department, course, certificate and certificate course level.

__doc__ = 'An Academics Officer can view but not edit data in the\n academic section.\n\n This is the default role which is automatically assigned to all\n officers of the portal. A user with this role can access all display pages\n at faculty, department, course, certificate and certificate course level.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.Anonymous(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The Anonymous permission is applied to views/pages which are dedicated to anonymous users only. Logged-in users can’t access these views.

__doc__ = "The Anonymous permission is applied to\n views/pages which are dedicated to anonymous users only.\n Logged-in users can't access these views.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ApplicationsManager(id, title, description='')[source]

Bases: grok.components.Role

The local ApplicationsManager role can be assigned at applicants container and at department level. At department level an Applications Manager can manage all applicants which desire to study a programme offered by the department (1st Choice Course of Study).

At container level (local) Applications Managers gain permissions which allow to manage the container and all applicants inside the container. At container level the permission set of this local role corresonds with the permission set of the same-named global role.

__doc__ = 'The local ApplicationsManager role can be assigned at applicants\n container and at department level. At department level an Applications\n Manager can manage all applicants which desire to study a programme\n offered by the department (1st Choice Course of Study).\n\n At container level (local) Applications Managers gain permissions which\n allow to manage the container and all applicants inside the container. At\n container level the permission set of this local role corresonds with the\n permission set of the same-named global role.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.Authenticated(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The Authenticated permission is applied to pages which can only be used by logged-in users and not by anonymous users.

__doc__ = 'The Authenticated permission is applied to pages\n which can only be used by logged-in users and not by anonymous users.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.BursaryOfficer(id, title, description='')[source]

Bases: grok.components.Role

Bursary Officers can export bursary and payments data. They can’t access the Data Center but see student data export buttons in the Academic Section. Meanwhile they can also view the application section and export application data.

__doc__ = "Bursary Officers can export bursary and payments data. They can't \n access the Data Center but see student data export buttons in the\n Academic Section. Meanwhile they can also view the application section\n and export application data.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CCOfficer(id, title, description='')[source]

Bases: grok.components.Role

The role of the Computer Center Officer is basically a copy of the the PortalManager role. Some ‘dangerous’ permissions are excluded by commenting them out (see source code). If officers need to gain more access rights than defined in this role, do not hastily switch to the PortalManager role but add further manager roles instead. Additional roles could be: UsersManager, ACManager, ImportManager, WorkflowManager or StudentImpersonator.

CCOfficer is a base class which means that this role is subject to customization. It is not used in the waeup.kofa base package.

__doc__ = "The role of the Computer Center Officer is basically a copy\n of the the PortalManager role. Some 'dangerous' permissions are excluded\n by commenting them out (see source code). If officers need to gain more\n access rights than defined in this role, do not hastily switch to the\n PortalManager role but add further manager roles instead. Additional\n roles could be: UsersManager, ACManager, ImportManager, WorkflowManager\n or StudentImpersonator.\n\n CCOfficer is a base class which means that this role is subject to\n customization. It is not used in the ``waeup.kofa`` base package.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ClearAllStudents(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ClearAllStudents permission allows to clear all students in a department at one sweep.

__doc__ = 'The ClearAllStudents permission allows to clear all students\n in a department at one sweep.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ClearanceOfficer(id, title, description='')[source]

Bases: grok.components.Role

The local ClearanceOfficer role can be assigned at faculty or department level. The role allows to list or export all student data within the faculty/department the local role is assigned.

Clearance Officers can furthermore clear all students or reject clearance of all students in their faculty/department. They get the StudentsClearanceOfficer role for this subset of students.

__doc__ = 'The local ClearanceOfficer role can be assigned at faculty or\n department level. The role allows to list or export all student\n data within the faculty/department the local role is assigned.\n\n Clearance Officers can furthermore clear all students or reject clearance\n of all students in their faculty/department. They get the\n StudentsClearanceOfficer role for this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser100(id, title, description='')[source]

Bases: grok.components.Role

The local CourseAdviser100 role can be assigned at faculty, department or certificate level. The role allows to view all data and to list or export all student data within the faculty, department or certificate the local role is assigned.

Local Course Advisers can validate or reject course lists of students in ther faculty/department/certificate at level 100. They get the StudentsCourseAdviser role for this subset of students.

__doc__ = 'The local CourseAdviser100 role can be assigned at faculty,\n department or certificate level. The role allows to view all data and\n to list or export all student data within the faculty, department\n or certificate the local role is assigned.\n\n Local Course Advisers can validate or reject course lists of students\n in ther faculty/department/certificate at level 100.\n They get the StudentsCourseAdviser role for this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser200(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 200.

__doc__ = 'Same as CourseAdviser100 but for level 200.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser300(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 300.

__doc__ = 'Same as CourseAdviser100 but for level 300.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser400(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 400.

__doc__ = 'Same as CourseAdviser100 but for level 400.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser500(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 500.

__doc__ = 'Same as CourseAdviser100 but for level 500.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser600(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 600.

__doc__ = 'Same as CourseAdviser100 but for level 600.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser700(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 700.

__doc__ = 'Same as CourseAdviser100 but for level 700.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.CourseAdviser800(id, title, description='')[source]

Bases: grok.components.Role

Same as CourseAdviser100 but for level 800.

__doc__ = 'Same as CourseAdviser100 but for level 800.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.DataCenterManager(id, title, description='')[source]

Bases: grok.components.Role

This single-permission role is dedicated to those users who are charged with batch processing of portal data. A Data Center Manager can access all pages in the Data Center, see ManageDataCenter permission above.

__doc__ = 'This single-permission role is dedicated to those users\n who are charged with batch processing of portal data.\n A Data Center Manager can access all pages in the Data Center,\n see ManageDataCenter permission above.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.DepartmentManager(id, title, description='')[source]

Bases: grok.components.Role

The local DepartmentManager role can be assigned at faculty or department level. The role allows to edit all data within this container. It does not automatically allow to remove sub-containers.

Department Managers (Dean of Faculty or Head of Department respectively) can also list student data but not access student pages.

__doc__ = 'The local DepartmentManager role can be assigned at faculty or\n department level. The role allows to edit all data within this container.\n It does not automatically allow to remove sub-containers.\n\n Department Managers (Dean of Faculty or Head of Department respectively)\n can also list student data but not access student pages.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.DepartmentOfficer(id, title, description='')[source]

Bases: grok.components.Role

The local DepartmentOfficer role can be assigned at faculty or department level. The role allows to list all student data within the faculty/department the local role is assigned. And it allows to export payment data overviews.

__doc__ = 'The local DepartmentOfficer role can be assigned at faculty or\n department level. The role allows to list all student data within the\n faculty/department the local role is assigned. And it allows to export\n payment data overviews.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.EditScores(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The EditScores permission allows to edit scores in course tickets.

__doc__ = 'The EditScores permission allows to edit scores in course tickets.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.EditUser(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The EditUser permission is required for editing single user accounts.

__doc__ = 'The EditUser permission is required for editing\n single user accounts.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ExportBursaryData(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

Bursary Officers don’t have the general exportData permission and are only allowed to export bursary data. The ExportBursaryData permission is only used to filter the respective exporter in the ExportJobContainerJobConfig view.

__doc__ = "Bursary Officers don't have the general exportData\n permission and are only allowed to export bursary data.\n The ExportBursaryData permission is only used to filter the\n respective exporter in the ExportJobContainerJobConfig view.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ExportData(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ExportData permission allows to export any kind of portal data.

__doc__ = 'The ExportData permission allows to export any kind of portal data.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ExportManager(id, title, description='')[source]

Bases: grok.components.Role

An Export Manager is a Data Center Manager who is also allowed to export all kind of portal data. The ExportManager role includes the DataCenterManager role but not vice versa.

__doc__ = 'An Export Manager is a Data Center Manager who is also allowed\n to export all kind of portal data. The ExportManager role includes the\n DataCenterManager role but not vice versa.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ExportPaymentsOverview(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

Department Officers don’t have the general exportData permission and are only allowed to export payments overviews. The ExportPaymentsOverview permission is only used to filter the respective exporters in the ExportJobContainerJobConfig view.

__doc__ = "Department Officers don't have the general exportData\n permission and are only allowed to export payments overviews.\n The ExportPaymentsOverview permission is only used to filter the\n respective exporters in the ExportJobContainerJobConfig view.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.FingerprintReaderDeviceRole(id, title, description='')[source]

Bases: grok.components.Role

Fingerprint Reader Devices.

Fingerprint readers are remote devices that can store and retrieve fingerprint data.

__doc__ = 'Fingerprint Reader Devices.\n\n Fingerprint readers are remote devices that can store and retrieve\n fingerprint data.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.GetBiometricDataPermission(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

This permission allows to read biometric data.

__doc__ = 'This permission allows to read biometric data.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ImportData(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ImportData permission allows to batch process (import) any kind of portal data except for user data. The User Data processor requires also the ManageUsers permission.

__doc__ = 'The ImportData permission allows to batch process (import) any kind of\n portal data except for user data. The User Data processor\n requires also the ManageUsers permission.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ImportManager(id, title, description='')[source]

Bases: grok.components.Role

An Import Manager is a Data Center Manager who is also allowed to batch process (import) data. All batch processors (importers) are available except for the User Processor. This processor requires the Users Manager role too. The ImportManager role includes the DataCenterManager role but not vice versa.

__doc__ = 'An Import Manager is a Data Center Manager who is also allowed\n to batch process (import) data. All batch processors (importers) are\n available except for the User Processor. This processor requires the\n Users Manager role too. The ImportManager role includes the\n DataCenterManager role but not vice versa.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.Lecturer(id, title, description='')[source]

Bases: grok.components.Role

The local Lecturer role can be assigned at course level. The role allows to export some student data within the course the local role is assigned. Lecturers can’t access student data directly but they can edit the scores in course tickets.

__doc__ = "The local Lecturer role can be assigned at course level.\n The role allows to export some student\n data within the course the local role is assigned. Lecturers can't access\n student data directly but they can edit the scores in course tickets.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.LocalReportsOfficer(id, title, description='')[source]

Bases: grok.components.Role

The local ReportsOfficer role can be assigned at department level. The role allows to view all data and to list or export all student data within the department the local role is assigned.

The LocalReportsOfficer requires the assignment of the global ReportsOfficer role to access the reports section. If set, it reduces the number of available report generators and selectable certificates. Local Reports Officers can create only reports for their department.

__doc__ = 'The local ReportsOfficer role can be assigned at department level.\n The role allows to view all data and to list or export\n all student data within the department the local role is assigned.\n\n The LocalReportsOfficer requires the assignment of the global\n ReportsOfficer role to access the reports section. If set, it reduces\n the number of available report generators and selectable certificates.\n Local Reports Officers can create only reports for their department.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.LocalRolesAssignable(context)[source]

Bases: grokcore.component.components.Adapter

Default implementation for ILocalRolesAssignable.

This adapter returns a list for dictionaries for objects for which we want to know the roles assignable to them locally.

The returned dicts contain a name and a title entry which give a role (name) and a description, for which kind of users the permission is meant to be used (title).

Having this adapter registered we make sure, that for each normal object we get a valid ILocalRolesAssignable adapter.

Objects that want to offer certain local roles, can do so by setting a (preferably class-) attribute to a list of role ids.

You can also define different adapters for different contexts to have different role lookup mechanisms become available. But in normal cases it should be sufficient to use this basic adapter.

__call__()[source]

Get a list of dictionaries containing names (the roles to assign) and titles (some description of the type of user to assign each role to).

__doc__ = 'Default implementation for `ILocalRolesAssignable`.\n\n This adapter returns a list for dictionaries for objects for which\n we want to know the roles assignable to them locally.\n\n The returned dicts contain a ``name`` and a ``title`` entry which\n give a role (``name``) and a description, for which kind of users\n the permission is meant to be used (``title``).\n\n Having this adapter registered we make sure, that for each normal\n object we get a valid `ILocalRolesAssignable` adapter.\n\n Objects that want to offer certain local roles, can do so by\n setting a (preferably class-) attribute to a list of role ids.\n\n You can also define different adapters for different contexts to\n have different role lookup mechanisms become available. But in\n normal cases it should be sufficient to use this basic adapter.\n '
__init__(context)[source]
__module__ = 'waeup.kofa.permissions'
_roles = []
class waeup.kofa.permissions.LocalStudentsManager(id, title, description='')[source]

Bases: grok.components.Role

The local LocalStudentsManager role can be assigned at faculty or department level. The role allows to view all data and to view or export all student data within the faculty/department the local role is assigned.

Local Students Managers can furthermore manage data of students in their faculty/department. They get the StudentsManager role for this subset of students.

__doc__ = 'The local LocalStudentsManager role can be assigned at faculty or\n department level. The role allows to view all data and to view or export\n all student data within the faculty/department the local role is assigned.\n\n Local Students Managers can furthermore manage data of students\n in their faculty/department. They get the StudentsManager role for\n this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.LocalTranscriptOfficer(id, title, description='')[source]

Bases: grok.components.Role

The LocalTranscriptOfficer role can be assigned at faculty level. The role allows to view, to validate and to release student transcripts at faculty level. Local Transcript Officers get the TranscriptOfficer role for this subset of students.

__doc__ = 'The LocalTranscriptOfficer role can be assigned at faculty\n level. The role allows to view, to validate and to\n release student transcripts at faculty level.\n Local Transcript Officers get the TranscriptOfficer role\n for this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.LocalTranscriptSignee(id, title, description='')[source]

Bases: grok.components.Role

The LocalTranscriptSignee role can be assigned at faculty level. The role allows to view and to sign student transcripts at faculty level. Local Transcript Signees get the TranscriptSignee role for this subset of students.

__doc__ = 'The LocalTranscriptSignee role can be assigned at faculty\n level. The role allows to view and to sign student transcripts\n at faculty level. Local Transcript Signees get the TranscriptSignee role\n for this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.LocalWorkflowManager(id, title, description='')[source]

Bases: grok.components.Role

The local LocalWorkflowManager role can be assigned at faculty level. The role allows to view all data and to list or export all student data within the faculty the local role is assigned.

Local Workflow Managers can trigger transition of students in their faculty/department. They get the WorkflowManager role for this subset of students.

__doc__ = 'The local LocalWorkflowManager role can be assigned at faculty level.\n The role allows to view all data and to list or export\n all student data within the faculty the local role is assigned.\n\n Local Workflow Managers can trigger transition of students in their\n faculty/department. They get the WorkflowManager role for\n this subset of students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManageACBatches(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManageACBatches permission allows to view and manage accesscodes.

__doc__ = 'The ManageACBatches permission allows to view and\n manage accesscodes.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManageAcademics(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManageAcademics permission is applied to all edit/manage pages in the Academic Section. Users who have this permission can change/edit context objects.

__doc__ = 'The ManageAcademics permission is applied to all edit/manage\n pages in the Academic Section. Users who have this permission\n can change/edit context objects.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManageDataCenter(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManageDataCenter permission allows to access all pages in the Data Center and to upload files. It does not automatically allow to process uploaded data files.

__doc__ = 'The ManageDataCenter permission allows to access all pages\n in the Data Center and to upload files. It does not automatically\n allow to process uploaded data files.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManagePortal(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManagePortal permission is used for very few pages (e.g. the DatacenterSettings page). Only PortalManagers have this permission. It is furthermore used to control delete methods of container pages in the Academic Section. The ManageAcademics permission, described above, does enable users to edit content but not to remove sub-containers, like faculties, departments or certificates. Users must have the ManagePortal permission too to remove entire containers.

__doc__ = 'The ManagePortal permission is used for very few pages\n (e.g. the DatacenterSettings page). Only PortalManagers have this\n permission. It is furthermore used to control delete methods of container\n pages in the Academic Section. The ManageAcademics permission,\n described above, does enable users to edit content but not to\n remove sub-containers, like faculties, departments or certificates.\n Users must have the ManagePortal permission too to remove\n entire containers.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManagePortalConfiguration(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManagePortalConfiguration permission allows to edit global and sessional portal configuration data.

__doc__ = 'The ManagePortalConfiguration permission allows to\n edit global and sessional portal configuration data.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ManageUsers(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ManageUsers permission is a real superuser permission and therefore very ‘dangerous’. It allows to add, remove or edit user accounts. Editing a user account includes the option to assign or remove roles. That means that a user with this permission can lock out other users by either removing their account or by removing permissions.

__doc__ = "The ManageUsers permission is a real superuser permission\n and therefore very 'dangerous'. It allows to add, remove or edit\n user accounts. Editing a user account includes the option to assign\n or remove roles. That means that a user with this permission can lock out\n other users by either removing their account or by removing\n permissions.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.Owner(id, title, description='')[source]

Bases: grok.components.Role

Each user ‘owns’ her/his user object and gains permission to edit some of the user attributes.

__doc__ = "Each user 'owns' her/his user object and gains permission to edit\n some of the user attributes.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.PGClearanceOfficer(id, title, description='')[source]

Bases: grok.components.Role

PG Clearance Officers are regular Clearance Officers with restricted dynamic permission assignment. They can only access postgraduate students.

__doc__ = 'PG Clearance Officers are regular Clearance Officers with restricted\n dynamic permission assignment. They can only access postgraduate\n students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.PortalManager(id, title, description='')[source]

Bases: grok.components.Role

The PortalManager role is the maximum set of Kofa permissions which are needed to manage the entire portal. This set must not be customized. It is recommended to assign this role only to a few certified Kofa administrators. A less dangerous manager role is the CCOfficer role described below. For the most tasks the CCOfficer role is sufficient.

__doc__ = 'The PortalManager role is the maximum set of Kofa permissions\n which are needed to manage the entire portal. This set must not\n be customized. It is recommended to assign this role only\n to a few certified Kofa administrators.\n A less dangerous manager role is the CCOfficer role described below.\n For the most tasks the CCOfficer role is sufficient.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.Public(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The Public or everyone-can-do-this-permission is being applied to views/pages that are used by everyone.

__doc__ = 'The Public or everyone-can-do-this-permission is being applied\n to views/pages that are used by everyone.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.PutBiometricDataPermission(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

This permission allows to upload/change biometric data.

__doc__ = 'This permission allows to upload/change biometric data.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ShowStudents(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

Users with this permission do not neccessarily see the ‘Students’ tab but they can search for students at department, certificate or course level. If they additionally have the ExportData permission they can export the data as csv files.

Bursary or Department Officers don’t have the ExportData permission (see Roles section) and are only allowed to export bursary or payments overview data respectively.

__doc__ = "Users with this permission do not neccessarily see the 'Students' tab\n but they can search for students at department, certificate or course\n level. If they additionally have the ExportData permission they can\n export the data as csv files.\n\n Bursary or Department Officers don't have the ExportData\n permission (see Roles section) and are only allowed to export bursary\n or payments overview data respectively.\n "
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.TriggerTransition(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The TriggerTransition permission allows to trigger workflow transitions of student and document objects.

__doc__ = 'The TriggerTransition permission allows to trigger workflow transitions\n of student and document objects.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.UGClearanceOfficer(id, title, description='')[source]

Bases: grok.components.Role

UG Clearance Officers are regular Clearance Officers with restricted dynamic permission assignment. They can only access undergraduate students.

__doc__ = 'UG Clearance Officers are regular Clearance Officers with restricted\n dynamic permission assignment. They can only access undergraduate\n students.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.UsersManager(id, title, description='')[source]

Bases: grok.components.Role

A Users Manager can add, remove or edit user accounts, see ManageUsers permission for further information. Be very careful with this role.

__doc__ = 'A Users Manager can add, remove or edit\n user accounts, see ManageUsers permission for further information.\n Be very careful with this role.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.ViewAcademics(id, title='', description='')[source]

Bases: grokcore.security.components.Permission

The ViewAcademics permission is applied to all views of the Academic Section. Users with this permission can view but not edit content in the Academic Section.

__doc__ = 'The ViewAcademics permission is applied to all\n views of the Academic Section. Users with this permission can view but\n not edit content in the Academic Section.\n '
__module__ = 'waeup.kofa.permissions'
class waeup.kofa.permissions.WorkflowManager(id, title, description='')[source]

Bases: grok.components.Role

The Workflow Manager can trigger workflow transitions of student and document objects, see TriggerTransition permission for further information.

__doc__ = 'The Workflow Manager can trigger workflow transitions\n of student and document objects, see TriggerTransition permission\n for further information.\n '
__module__ = 'waeup.kofa.permissions'
waeup.kofa.permissions.get_all_roles()[source]

Return a list of tuples <ROLE-NAME>, <ROLE>.

waeup.kofa.permissions.get_users_with_local_roles(context)[source]

Get a list of dicts representing the local roles set for context.

Each dict returns user_name, user_title, local_role, local_role_title, and setting for each entry in the local roles map of the context object.

waeup.kofa.permissions.get_users_with_role(role, context)[source]

Get a list of dicts representing the usres who have been granted a role for context.

waeup.kofa.permissions.get_waeup_role_names()[source]

Get the ids of all Kofa roles.

See get_waeup_roles() for what a ‘KofaRole’ is.

This function returns a sorted list of Kofa role names.

waeup.kofa.permissions.get_waeup_roles(also_local=False)[source]

Get all Kofa roles.

Kofa roles are ordinary roles whose id by convention starts with a waeup. prefix.

If also_local is True (False by default), also local roles are returned. Local Kofa roles are such whose id starts with waeup.local. prefix (this is also a convention).

Returns a generator of the found roles.