"""
bootstrap.authorization
~~~~~~~~~~~~~~~~~~~~~~~
:Copyright: 2006-2017 Jochen Kupperschmidt
:License: Modified BSD, see LICENSE for details.
"""
from byceps.blueprints.authorization_admin.authorization import RolePermission
from byceps.blueprints.board.authorization import BoardPermission, \
BoardPostingPermission, BoardTopicPermission
from byceps.blueprints.orga_team_admin.authorization import OrgaTeamPermission
from byceps.blueprints.party_admin.authorization import PartyPermission
from byceps.blueprints.snippet_admin.authorization import \
MountpointPermission, SnippetPermission
from byceps.blueprints.terms_admin.authorization import TermsPermission
from byceps.blueprints.user_admin.authorization import UserPermission
from byceps.services.authorization import service as authorization_service
def create_roles_and_permissions():
create_role_with_permissions(
'authorization_admin',
'Rechte und Rollen verwalten',
[
(RolePermission.list, 'Rollen auflisten'),
])
create_role_with_permissions(
'board_user',
'im Forum schreiben',
[
(BoardPostingPermission.create, 'Beiträge im Forum erstellen'),
(BoardPostingPermission.update, 'Beiträge im Forum bearbeiten'),
(BoardTopicPermission.create, 'Themen im Forum erstellen'),
(BoardTopicPermission.update, 'Themen im Forum bearbeiten'),
])
create_role_with_permissions(
'board_orga',
'versteckte Themen und Beiträge im Forum lesen',
[
(BoardPermission.view_hidden, 'versteckte Themen und Beiträge im Forum anzeigen'),
])
create_role_with_permissions(
'board_moderator',
'Forum moderieren',
[
(BoardPermission.hide, 'Themen und Beiträge im Forum verstecken'),
(BoardTopicPermission.lock, 'Themen im Forum schließen'),
(BoardTopicPermission.pin, 'Themen im Forum anpinnen'),
])
create_role_with_permissions(
'orga_team_admin',
'Orgateams verwalten',
[
(OrgaTeamPermission.list, 'Orga-Teams auflisten'),
(OrgaTeamPermission.create, 'Orga-Teams erstellen'),
(OrgaTeamPermission.delete, 'Orga-Teams entfernen'),
(OrgaTeamPermission.administrate_memberships, 'Orga-Team-Mitgliedschaften verwalten'),
])
create_role_with_permissions(
'party_admin',
'Partys verwalten',
[
(PartyPermission.list, 'Partys auflisten'),
(PartyPermission.create, 'Partys anlegen'),
])
create_role_with_permissions(
'snippet_admin',
'Snippets verwalten',
[
(MountpointPermission.create, 'Snippet-Mountpoints erstellen'),
(MountpointPermission.delete, 'Snippet-Mountpoints löschen'),
])
create_role_with_permissions(
'snippet_editor',
'Snippets bearbeiten',
[
(SnippetPermission.list, 'Snippets auflisten'),
(SnippetPermission.create, 'Snippets erstellen'),
(SnippetPermission.update, 'Snippets bearbeiten'),
(SnippetPermission.view_history, 'Versionsverlauf von Snippets anzeigen'),
])
create_role_with_permissions(
'terms_editor',
'AGB verwalten',
[
(TermsPermission.list, 'AGB-Versionen auflisten'),
(TermsPermission.create, 'neue AGB-Versionen erstellen'),
])
create_role_with_permissions(
'user_admin',
'Benutzer verwalten',
[
(UserPermission.list, 'Benutzer auflisten'),
(UserPermission.view, 'Benutzer ansehen'),
])
# -------------------------------------------------------------------- #
# helpers
def create_role_with_permissions(role_id, role_title, permissions_and_titles):
role = authorization_service.create_role(role_id, role_title)
for permission_enum_member, permission_title in permissions_and_titles:
permission_id = permission_enum_member.__key__
permission = authorization_service.create_permission(permission_id,
permission_title)
authorization_service.assign_permission_to_role(permission.id, role.id)
def add_roles_to_user(roles, user):
for role in roles:
authorization_service.assign_role_to_user(role, user)