~homeworkprod/byceps

ref: 43bf3630475839afde6e691f0ac561dcb01aaba6 byceps/bootstrap/authorization.py -rw-r--r-- 4.4 KiB
43bf3630 — Jochen Kupperschmidt Upgrade pytest on Travis CI to get v3.3 rather than v3.0 provided by default 4 years ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
"""
bootstrap.authorization
~~~~~~~~~~~~~~~~~~~~~~~

:Copyright: 2006-2017 Jochen Kupperschmidt
:License: Modified BSD, see LICENSE for details.
"""

from byceps.blueprints.authorization_admin.authorization import RolePermission
from byceps.blueprints.board.authorization import BoardPermission, \
    BoardPostingPermission, BoardTopicPermission
from byceps.blueprints.orga_team_admin.authorization import OrgaTeamPermission
from byceps.blueprints.party_admin.authorization import PartyPermission
from byceps.blueprints.snippet_admin.authorization import \
    MountpointPermission, SnippetPermission
from byceps.blueprints.terms_admin.authorization import TermsPermission
from byceps.blueprints.user_admin.authorization import UserPermission
from byceps.services.authorization import service as authorization_service


def create_roles_and_permissions():
    create_role_with_permissions(
        'authorization_admin',
        'Rechte und Rollen verwalten',
        [
            (RolePermission.list, 'Rollen auflisten'),
        ])

    create_role_with_permissions(
        'board_user',
        'im Forum schreiben',
        [
            (BoardPostingPermission.create, 'Beiträge im Forum erstellen'),
            (BoardPostingPermission.update, 'Beiträge im Forum bearbeiten'),
            (BoardTopicPermission.create, 'Themen im Forum erstellen'),
            (BoardTopicPermission.update, 'Themen im Forum bearbeiten'),
        ])

    create_role_with_permissions(
        'board_orga',
        'versteckte Themen und Beiträge im Forum lesen',
        [
            (BoardPermission.view_hidden, 'versteckte Themen und Beiträge im Forum anzeigen'),
        ])

    create_role_with_permissions(
        'board_moderator',
        'Forum moderieren',
        [
            (BoardPermission.hide, 'Themen und Beiträge im Forum verstecken'),
            (BoardTopicPermission.lock, 'Themen im Forum schließen'),
            (BoardTopicPermission.pin, 'Themen im Forum anpinnen'),
        ])

    create_role_with_permissions(
        'orga_team_admin',
        'Orgateams verwalten',
        [
            (OrgaTeamPermission.list, 'Orga-Teams auflisten'),
            (OrgaTeamPermission.create, 'Orga-Teams erstellen'),
            (OrgaTeamPermission.delete, 'Orga-Teams entfernen'),
            (OrgaTeamPermission.administrate_memberships, 'Orga-Team-Mitgliedschaften verwalten'),
        ])

    create_role_with_permissions(
        'party_admin',
        'Partys verwalten',
        [
            (PartyPermission.list, 'Partys auflisten'),
            (PartyPermission.create, 'Partys anlegen'),
        ])

    create_role_with_permissions(
        'snippet_admin',
        'Snippets verwalten',
        [
            (MountpointPermission.create, 'Snippet-Mountpoints erstellen'),
            (MountpointPermission.delete, 'Snippet-Mountpoints löschen'),
        ])

    create_role_with_permissions(
        'snippet_editor',
        'Snippets bearbeiten',
        [
            (SnippetPermission.list, 'Snippets auflisten'),
            (SnippetPermission.create, 'Snippets erstellen'),
            (SnippetPermission.update, 'Snippets bearbeiten'),
            (SnippetPermission.view_history, 'Versionsverlauf von Snippets anzeigen'),
        ])

    create_role_with_permissions(
        'terms_editor',
        'AGB verwalten',
        [
            (TermsPermission.list, 'AGB-Versionen auflisten'),
            (TermsPermission.create, 'neue AGB-Versionen erstellen'),
        ])

    create_role_with_permissions(
        'user_admin',
        'Benutzer verwalten',
        [
            (UserPermission.list, 'Benutzer auflisten'),
            (UserPermission.view, 'Benutzer ansehen'),
        ])


# -------------------------------------------------------------------- #
# helpers


def create_role_with_permissions(role_id, role_title, permissions_and_titles):
    role = authorization_service.create_role(role_id, role_title)

    for permission_enum_member, permission_title in permissions_and_titles:
        permission_id = permission_enum_member.__key__

        permission = authorization_service.create_permission(permission_id,
                                                             permission_title)
        authorization_service.assign_permission_to_role(permission.id, role.id)


def add_roles_to_user(roles, user):
    for role in roles:
        authorization_service.assign_role_to_user(role, user)