# HG changeset patch # User Thierry Florac # Date 1530018629 -7200 # Node ID 537ad7f97f005656e27a3030367820cf6e6efdd9 # Parent 3a26761e781258cfa90f2a1b98b885b8fce4c6f3 Use constants for roles names diff -r 3a26761e7812 -r 537ad7f97f00 src/pyams_thesaurus/__init__.py --- a/src/pyams_thesaurus/__init__.py Mon Jun 11 16:11:07 2018 +0200 +++ b/src/pyams_thesaurus/__init__.py Tue Jun 26 15:10:29 2018 +0200 @@ -16,14 +16,16 @@ from pyramid.i18n import TranslationStringFactory _ = TranslationStringFactory('pyams_thesaurus') -from pyams_thesaurus.interfaces import CREATE_THESAURUS_PERMISSION, ADMIN_THESAURUS_PERMISSION, \ - MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION -from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION - def includeme(config): """Pyramid include""" + from pyams_security.interfaces import SYSTEM_ADMIN_ROLE, ADMIN_USER_ID + from pyams_thesaurus.interfaces import CREATE_THESAURUS_PERMISSION, ADMIN_THESAURUS_PERMISSION, \ + MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION, THESAURUS_ADMIN_ROLE, \ + THESAURUS_MANAGER_ROLE, THESAURUS_EXTRACT_MANAGER_ROLE + from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION + from .include import include_package include_package(config) @@ -38,19 +40,24 @@ 'title': _("Manage thesaurus extract")}) # register custom roles - config.register_role({'id': 'thesaurus.Admin', + config.register_role({'id': THESAURUS_ADMIN_ROLE, 'title': _("Thesaurus administrator (role)"), 'permissions': {ADMIN_THESAURUS_PERMISSION, MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION, VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION}, - 'managers': {'system:admin', 'role:system.Manager'}}) - config.register_role({'id': 'thesaurus.Manager', + 'managers': {ADMIN_USER_ID, + 'role:{0}'.format(SYSTEM_ADMIN_ROLE)}}) + config.register_role({'id': THESAURUS_MANAGER_ROLE, 'title': _("Thesaurus content manager (role)"), 'permissions': {MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION, VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION}, - 'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}}) - config.register_role({'id': 'thesaurus.ExtractManager', + 'managers': {ADMIN_USER_ID, + 'role:{0}'.format(SYSTEM_ADMIN_ROLE), + 'role:{0}'.format(THESAURUS_ADMIN_ROLE)}}) + config.register_role({'id': THESAURUS_EXTRACT_MANAGER_ROLE, 'title': _("Thesaurus extract manager (role)"), 'permissions': {MANAGE_THESAURUS_EXTRACT_PERMISSION, VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION}, - 'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}}) + 'managers': {ADMIN_USER_ID, + 'role:{0}'.format(SYSTEM_ADMIN_ROLE), + 'role:{0}'.format(THESAURUS_ADMIN_ROLE)}}) diff -r 3a26761e7812 -r 537ad7f97f00 src/pyams_thesaurus/interfaces/__init__.py --- a/src/pyams_thesaurus/interfaces/__init__.py Mon Jun 11 16:11:07 2018 +0200 +++ b/src/pyams_thesaurus/interfaces/__init__.py Tue Jun 26 15:10:29 2018 +0200 @@ -31,3 +31,15 @@ MANAGE_THESAURUS_EXTRACT_PERMISSION = 'pyams.ManageThesaurusExtract' '''Permission to manage thesaurus extract contents''' + + +THESAURUS_ADMIN_ROLE = 'thesaurus.Admin' +'''Thesaurus admin is allowed to manage all thesaurus properties''' + + +THESAURUS_MANAGER_ROLE = 'thesaurus.Manager' +'''Thesaurus manager is allowed to manage thesaurus terms and extracts''' + + +THESAURUS_EXTRACT_MANAGER_ROLE = 'thesaurus.ExtractManager' +'''Thesaurus extract manager is allowed to manager content of a thesaurus extract'''