def collaboratorSpecification() -> CollaboratorSpecification:
b = CollaboratorSpecification()
b.collaborator_types = [
NC_('collaborator type', 'Collaborator'),
NC_('collaborator type', 'Administrator')
]
return b
def rightRequestsInspection() -> RightAction:
return gui.actionRight(
NC_('security', 'Requests inspection'),
NC_(
'security', '''
Allows for the viewing of all possible requests that can be made on the REST server, also the plugins and components
that are part of the application are also visible.'''))
def rightTranslationManage():
return aclRight(
NC_('security', 'Translation manage'),
NC_(
'security', '''
Allows for the modification of translatable messages that the application uses.'''
))
def rightTranslationModify():
return aclRight(
NC_('security', 'Translation modify'),
NC_(
'security', '''
Allows for the modification of translation files by the upload of updated PO files.'''
))
def actionType() -> TypeAcl:
b = TypeAcl(
NC_('security', 'GUI based access control layer'),
NC_(
'security',
'Right type for the graphical user interface based access control layer right setups'
))
acl.acl().add(b)
return b
def blogRoleEditorId():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
roles = roleService.getAll(limit=1, q=QRole(name='Editor'))
try: editor = next(iter(roles))
except StopIteration:
editor = Role()
editor.Name = NC_('security role', 'Editor')
editor.Description = NC_('security role', 'Role that allows editor stuff')
return roleService.insert(editor)
return editor.Id
def blogRoleCollaboratorId():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
roles = roleService.getAll(limit=1, q=QRole(name='Collaborator'))
try: collaborator = next(iter(roles))
except StopIteration:
collaborator = Role()
collaborator.Name = NC_('security role', 'Collaborator')
collaborator.Description = NC_('security role', 'Role that allows submit to desk and edit his own posts')
return roleService.insert(collaborator)
return collaborator.Id
def blogRoleAdministratorId():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
roles = roleService.getAll(limit=1, q=QRole(name='Administrator'))
try: admin = next(iter(roles))
except StopIteration:
admin = Role()
admin.Name = NC_('security role', 'Administrator')
admin.Description = NC_('security role', 'Role that allows all rights')
return roleService.insert(admin)
return admin.Id
def menuAction():
return Action('media-archive',
Parent=defaults.menuAction(),
Label=NC_('Menu', 'Media Archive'),
Href='/media-archive',
ScriptPath=getPublishedGui(
'media-archive/scripts/js/menu-media-archive.js'))
def populateRootRole():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
roles = roleService.getAll(limit=1, q=QRole(name=NAME_ROOT))
if not roles:
rootRole = Role()
rootRole.Name = NAME_ROOT
rootRole.Description = NC_('security role', 'Default role that provides access to all available roles and rights')
roleService.insert(rootRole)
def rightTranslationAccess():
return aclRight(
NC_('security', 'Translation access'),
NC_('security', '''
Allows read only access to the translation files.'''))
def captcha() -> RightService:
return RightService(
'CAPTCHA', NC_('security', 'Right that targets CAPTCHA validations'))
def rightMediaArchiveUpload() -> RightAction:
return gui.actionRight(
NC_('security', 'IAM upload'),
NC_('security', '''
Allows upload access to IAM.'''))
def rightUserView() -> RightAction:
return gui.actionRight(NC_('security', 'Users view'), NC_('security', '''
Allows read only access to users.'''))
def rightManageOwnPost() -> RightAction:
return gui.actionRight(
NC_('security', 'Manage own post'),
NC_(
'security', '''
Allows the creation and management of own posts in livedesk.'''))
@package: security RBAC
@copyright: 2012 Sourcefabric o.p.s.
@license: http://www.gnu.org/licenses/gpl-3.0.txt
@author: Gabriel Nistor
Contains the setups for populating default data.
'''
from ally.container import support, app, ioc
from ally.internationalization import NC_
from security.rbac.api.rbac import IRoleService, Role, QRole
# --------------------------------------------------------------------
NAME_ROOT = NC_('security role', 'ROOT') # The name for the root role
# --------------------------------------------------------------------
@ioc.entity
def rootRoleId():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
return roleService.getByName(NAME_ROOT).Id
@app.populate(priority=app.PRIORITY_FIRST)
def populateRootRole():
roleService = support.entityFor(IRoleService)
assert isinstance(roleService, IRoleService)
roles = roleService.getAll(limit=1, q=QRole(name=NAME_ROOT))
def menuAction():
return Action(
'sandbox',
Parent=defaults.menuAction(),
Label=NC_('Menu', 'Sandbox'),
Script=publishedURI('superdesk/sandbox/scripts/js/menu-sandbox.js'))
def rightUserUpdate() -> RightAction:
return gui.actionRight(NC_('security', 'Users update'), NC_('security', '''
Allows the update of users.'''))
def rightMediaArchiveAudioView() -> RightAction:
return gui.actionRight(NC_('security', 'IAM Audio view'), NC_('security', '''
Allows read only access to IAM Audio items.'''))
def rightLivedeskUpdate() -> RightAction:
return gui.actionRight(
NC_('security', 'Livedesk edit'),
NC_('security', '''
Allows edit access to users for livedesk.'''))
def rightLivedeskView() -> RightAction:
return gui.actionRight(
NC_('security', 'Livedesk view'),
NC_('security', '''
Allows read only access to users for livedesk.'''))
def menuAction() -> Action:
return Action('request',
NC_('menu', 'Request'),
Parent=defaults.menuAction(),
NavBar='/api-requests',
Script=publishedURI('superdesk/request/scripts/js/menu.js'))
def rightBlogEdit() -> RightAction:
return gui.actionRight(
NC_('security', 'Blog edit'),
NC_('security', '''
Allows for editing the blog.'''))
def menuAction() -> Action:
return Action('user', Parent=defaults.menuAction(), Label=NC_('menu', 'Users'), NavBar='/users',
Script=publishedURI('superdesk/user/scripts/js/menu.js'))
def menuAction() -> Action:
return Action('livedesk',
Parent=defaults.menuAction(),
Label=NC_('menu', 'Live Blogs'))
def menuAction() -> Action:
return Action('article',
Parent=defaults.menuAction(),
Label=NC_('menu', 'Article'),
NavBar='/article',
Script=publishedURI('superdesk/article/scripts/js/menu.js'))
def rightArticleView() -> RightAction:
return gui.actionRight(
NC_('security', 'Article view'),
NC_('security', '''
Allows read only access to Article.'''))
def menuAction() -> Action:
return Action('media-archive',
Parent=defaults.menuAction(),
Label=NC_('menu', 'Media Archive'),
NavBar='/media-archive',
Script=publishedURI('media-archive/scripts/js/menu.js'))