1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
1 |
# IVLE - Informatics Virtual Learning Environment
|
2 |
# Copyright (C) 2007-2008 The University of Melbourne
|
|
3 |
#
|
|
4 |
# This program is free software; you can redistribute it and/or modify
|
|
5 |
# it under the terms of the GNU General Public License as published by
|
|
6 |
# the Free Software Foundation; either version 2 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU General Public License
|
|
15 |
# along with this program; if not, write to the Free Software
|
|
16 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
18 |
# Module: Capabilities
|
|
19 |
# Author: Matt Giuca
|
|
20 |
# Date: 15/2/2008
|
|
21 |
||
22 |
# Provides a Role class which is used for the "rolenm" field of login rows
|
|
23 |
# from the database.
|
|
24 |
# This also provides a set of Caps (capabilities) and the ability to check if
|
|
25 |
# any given role has a given capability.
|
|
26 |
||
27 |
class Role(object): |
|
28 |
"""
|
|
29 |
Role enumeration class. Provides values for "rolenm" fields, which are
|
|
30 |
enumerable and comparable. Immutable objects.
|
|
31 |
||
32 |
This allows you to check if a role has a certain capability by doing a
|
|
33 |
>= comparison on the lowest role with that capability.
|
|
34 |
||
35 |
Class Role has a capitalized member for each role, of type Role.
|
|
36 |
eg. Role.STUDENT is a Role object describing the "student" role.
|
|
37 |
"""
|
|
38 |
_roles = ["anyone", "student", "marker", "tutor", "lecturer", "admin"] |
|
39 |
_roles_to_int = {} # Will be written after class def |
|
40 |
def __init__(self, role): |
|
41 |
"""Creates a new Role object.
|
|
42 |
role may be any of the following types:
|
|
43 |
* Role: Copies.
|
|
44 |
* str: Role of that name, as given by the str of a Role
|
|
45 |
(These correspond to the entries in the "rolenm" field of the DB).
|
|
46 |
Raises an Exception if the string is not a role.
|
|
47 |
* int: Role of that numeric index, as given by the fromEnum of a Role.
|
|
48 |
(This is the same as calling toEnum).
|
|
49 |
"""
|
|
50 |
# Internally, stored as an int
|
|
51 |
if isinstance(role, Role): |
|
52 |
self._role = role._role |
|
53 |
elif isinstance(role, str): |
|
54 |
try: |
|
55 |
self._role = Role._roles_to_int[role.lower()] |
|
56 |
except KeyError: |
|
57 |
raise Exception("Not a valid role name: %s" % repr(role)) |
|
58 |
elif isinstance(role, int): |
|
59 |
if role >= 0 and role < len(Role._roles): |
|
60 |
self._role = role |
|
61 |
else: |
|
62 |
raise Exception("Not a valid role ID: %d" % role) |
|
63 |
def __str__(self): |
|
64 |
return Role._roles[self._role] |
|
65 |
def __repr__(self): |
|
66 |
return "Role.%s" % Role._roles[self._role].upper() |
|
67 |
def __cmp__(self, other): |
|
68 |
return cmp(self._role, other._role) |
|
69 |
def __hash__(self): |
|
70 |
return hash(self._role) |
|
71 |
||
72 |
def fromEnum(self): |
|
73 |
"""Returns the int representation of this Role."""
|
|
74 |
return self._role |
|
75 |
@staticmethod
|
|
76 |
def toEnum(num): |
|
77 |
"""Given an int, returns the Role for that role ID."""
|
|
78 |
return Role(num) |
|
79 |
||
80 |
def hasCap(self, capability): |
|
81 |
"""Given a capability (which is a Role object), returns True if this
|
|
82 |
Role has that capability, False otherwise.
|
|
83 |
"""
|
|
84 |
return self >= capability |
|
85 |
||
86 |
# Role constants. These are actually members of the Role class, but they are
|
|
87 |
# defined here because they actually have the type Role.
|
|
88 |
for i in range(0, len(Role._roles)): |
|
89 |
# XXX This is the only way I could find to write an attribute to a
|
|
90 |
# new-style class. It looks very dodgy.
|
|
91 |
type.__setattr__(Role, Role._roles[i].upper(), Role(i)) |
|
92 |
Role._roles_to_int[Role._roles[i]] = i |
|
93 |
||
94 |
### CAPABILITIES LISTING ###
|
|
95 |
||
96 |
# Set of capabilities, which maps global variables onto Roles.
|
|
97 |
# This provides the minimum role level required in order to perform the given
|
|
98 |
# capability.
|
|
99 |
# (So any role above the role specified can perform this cap).
|
|
100 |
||
101 |
# Create users (the users are able to log in and accept)
|
|
102 |
CAP_CREATEUSER = Role.ADMIN |
|
103 |
# Get details about users
|
|
104 |
CAP_GETUSER = Role.LECTURER |
|
105 |
# Change all details of a user
|
|
106 |
CAP_UPDATEUSER = Role.ADMIN |
|
107 |
||
108 |
# Posting to subject blog for subjects you are teaching
|
|
109 |
CAP_BLOGPOST = Role.TUTOR |
|
110 |
||
111 |
# Reading submissions (both tutorial and assignment) of student for whom you
|
|
112 |
# are a marker
|
|
113 |
CAP_READ_MY_STUDENTS_SUBMISSION = Role.TUTOR |
|
114 |
# Reading all students' submissions (in subjects you have this cap for)
|
|
115 |
CAP_READ_SUBMISSION = Role.LECTURER |
|
116 |
||
117 |
# Reading marks for your own students
|
|
118 |
CAP_READ_MY_STUDENTS_MARKS = Role.TUTOR |
|
119 |
# Adding marks info for your own students (can't delete or edit, only add)
|
|
120 |
# (You can overwrite marks but old ones will be logged).
|
|
121 |
CAP_WRITE_MY_STUDENTS_MARKS = Role.TUTOR |
|
122 |
# Reading marks for all students
|
|
123 |
CAP_READ_MARKS = Role.LECTURER |
|
124 |
# Adding marks info for all students
|
|
125 |
CAP_WRITE_MARKS = Role.LECTURER |
|
126 |
||
127 |
# Reading any student's svn (in subjects you have this cap for)
|
|
128 |
CAP_READ_SVN = Role.LECTURER |
|
129 |
# Writing to any student's svn
|
|
130 |
CAP_WRITE_SVN = Role.LECTURER |
|
131 |
||
132 |
# Create and modify projects and project sets
|
|
133 |
CAP_MANAGEPROJECTS = Role.LECTURER |
|
134 |
# Create and modify project groups and assign logins to them
|
|
135 |
CAP_MANAGEGROUPS = Role.TUTOR |
|
136 |
||
137 |
# "SuperUser" role - certain users are granted "sudo" powers on the Unix
|
|
138 |
# system, giving them abilities beyond what is granted here in IVLE.
|