1
0
forked from ScoDoc/ScoDoc
ScoDoc/app/scodoc/sco_permissions.py

103 lines
4.3 KiB
Python
Raw Normal View History

2021-05-29 18:22:51 +02:00
# -*- mode: python -*-
# -*- coding: utf-8 -*-
2021-08-21 15:17:14 +02:00
"""Definition of ScoDoc permissions
2021-05-29 18:22:51 +02:00
used by auth
"""
2021-06-15 13:59:56 +02:00
2021-05-29 18:22:51 +02:00
# Définition des permissions: ne pas changer les numéros ou l'ordre des lignes !
_SCO_PERMISSIONS = (
# permission bit, symbol, description
# ScoSuperAdmin est utilisé pour:
# - ZScoDoc: add/delete departments
# - tous rôles lors creation utilisateurs
(1 << 1, "ScoSuperAdmin", "Super Administrateur"),
(1 << 2, "ScoView", "Voir"),
(1 << 3, "ScoEnsView", "Voir les parties pour les enseignants"),
(1 << 4, "ScoObservateur", "Observer (accès lecture restreint aux bulletins)"),
(1 << 5, "ScoUsersAdmin", "Gérer les utilisateurs"),
(1 << 6, "ScoUsersView", "Voir les utilisateurs"),
(1 << 7, "ScoChangePreferences", "Modifier les préférences"),
(1 << 8, "ScoChangeFormation", "Changer les formations"),
(1 << 9, "ScoEditFormationTags", "Tagguer les formations"),
(1 << 10, "ScoEditAllNotes", "Modifier toutes les notes"),
(1 << 11, "ScoEditAllEvals", "Modifier toutes les evaluations"),
(1 << 12, "ScoImplement", "Mettre en place une formation (créer un semestre)"),
(1 << 13, "ScoAbsChange", "Saisir des absences"),
(1 << 14, "ScoAbsAddBillet", "Saisir des billets d'absences"),
# changer adresse/photo ou pour envoyer bulletins par mail ou pour debouche
(1 << 15, "ScoEtudChangeAdr", "Changer les addresses d'étudiants"),
(1 << 16, "ScoEtudChangeGroups", "Modifier les groupes"),
# aussi pour demissions, diplomes:
(1 << 17, "ScoEtudInscrit", "Inscrire des étudiants"),
# aussi pour archives:
(1 << 18, "ScoEtudAddAnnotations", "Éditer les annotations"),
(1 << 19, "ScoEntrepriseView", "Voir la section 'entreprises'"),
(1 << 20, "ScoEntrepriseChange", "Modifier les entreprises"),
(1 << 21, "ScoEditPVJury", "Éditer les PV de jury"),
# ajouter maquettes Apogee (=> chef dept et secr):
(1 << 22, "ScoEditApo", "Ajouter des maquettes Apogées"),
# Application relations entreprises
(1 << 23, "RelationsEntreprisesView", "Voir l'application relations entreprises"),
(1 << 24, "RelationsEntreprisesChange", "Modifier les entreprises"),
(
1 << 25,
"RelationsEntreprisesExport",
"Exporter les données de l'application relations entreprises",
),
(1 << 25, "RelationsEntreprisesSend", "Envoyer des offres"),
(1 << 26, "RelationsEntreprisesValidate", "Valide les entreprises"),
2022-04-27 09:58:14 +02:00
(1 << 27, "RelationsEntreprisesCorrespondants", "Voir les correspondants"),
2022-04-27 09:46:51 +02:00
# 27 à 39 ... réservé pour "entreprises"
# Api scodoc9
2022-05-19 10:51:43 +02:00
(1 << 40, "APIView", "API: Lecture"),
2022-07-20 09:50:02 +02:00
(1 << 41, "APIEditGroups", "API: Modifier les groupes"),
2022-05-19 10:51:43 +02:00
(1 << 42, "APIEditAllNotes", "API: Modifier toutes les notes"),
(1 << 43, "APIAbsChange", "API: Saisir des absences"),
2021-05-29 18:22:51 +02:00
)
2022-07-24 07:14:31 +02:00
class Permission:
2021-05-29 18:22:51 +02:00
"Permissions for ScoDoc"
NBITS = 1 # maximum bits used (for formatting)
ALL_PERMISSIONS = [-1]
description = {} # { symbol : blah blah }
2021-09-13 17:10:38 +02:00
permission_by_name = {} # { symbol : int }
2022-07-24 07:14:31 +02:00
permission_by_value = {} # { int : symbol }
2021-05-29 18:22:51 +02:00
@staticmethod
def init_permissions():
for (perm, symbol, description) in _SCO_PERMISSIONS:
setattr(Permission, symbol, perm)
Permission.description[symbol] = description
2021-09-13 17:10:38 +02:00
Permission.permission_by_name[symbol] = perm
2022-07-24 07:14:31 +02:00
Permission.permission_by_value[perm] = symbol
2022-05-04 20:40:20 +02:00
max_perm = max(p[0] for p in _SCO_PERMISSIONS)
Permission.NBITS = max_perm.bit_length()
2021-05-29 18:22:51 +02:00
2021-09-13 17:10:38 +02:00
@staticmethod
def get_by_name(permission_name: str) -> int:
2021-09-13 23:06:42 +02:00
"""Return permission mode (integer bit field), or None if it doesn't exist."""
return Permission.permission_by_name.get(permission_name)
2021-09-13 17:10:38 +02:00
2022-07-24 07:14:31 +02:00
@staticmethod
def get_name(permission: int) -> str:
"""Return permission name, or None if it doesn't exist."""
return Permission.permission_by_value.get(permission)
@staticmethod
def permissions_names(permissions: int) -> list[str]:
"""From a bit field, return list of permission names"""
names = []
mask = 1 << (permissions.bit_length() - 1)
while mask > 0:
if mask & permissions:
name = Permission.get_name(mask)
if name is not None:
names.append(name)
mask = mask >> 1
return names
2021-05-29 18:22:51 +02:00
Permission.init_permissions()