Use named permissions
authorThierry Florac <thierry.florac@onf.fr>
Thu, 08 Oct 2015 12:15:52 +0200
changeset 19 6cb6acc05cc3
parent 18 23ac4c21b235
child 20 f022906f90ab
Use named permissions
src/pyams_thesaurus/__init__.py
src/pyams_thesaurus/interfaces/__init__.py
src/pyams_thesaurus/zmi/extract.py
src/pyams_thesaurus/zmi/manager.py
src/pyams_thesaurus/zmi/term.py
src/pyams_thesaurus/zmi/thesaurus.py
--- a/src/pyams_thesaurus/__init__.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/__init__.py	Thu Oct 08 12:15:52 2015 +0200
@@ -16,6 +16,8 @@
 from pyramid.i18n import TranslationStringFactory
 _ = TranslationStringFactory('pyams_thesaurus')
 
+from pyams_thesaurus.interfaces import ADMIN_THESAURUS_PERMISSION, MANAGE_THESAURUS_CONTENT_PERMISSION, \
+    MANAGE_THESAURUS_EXTRACT_PERMISSION
 from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION
 
 
@@ -26,26 +28,27 @@
     include_package(config)
 
     # register custom permissions
-    config.register_permission({'id': 'thesaurus.admin',
+    config.register_permission({'id': ADMIN_THESAURUS_PERMISSION,
                                 'title': _("Manage thesaurus properties")})
-    config.register_permission({'id': 'thesaurus.manage',
+    config.register_permission({'id': MANAGE_THESAURUS_CONTENT_PERMISSION,
                                 'title': _("Manage thesaurus content")})
-    config.register_permission({'id': 'thesaurus.extract.manage',
+    config.register_permission({'id': MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                 'title': _("Manage thesaurus extract")})
 
     # register custom roles
     config.register_role({'id': 'thesaurus.Admin',
                           'title': _("Thesaurus administrator (role)"),
-                          'permissions': {'thesaurus.admin', 'thesaurus.manage', 'thesaurus.extract.manage',
+                          'permissions': {ADMIN_THESAURUS_PERMISSION, MANAGE_THESAURUS_CONTENT_PERMISSION,
+                                          MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
                           'managers': {'system:admin', 'role:system.Manager'}})
     config.register_role({'id': 'thesaurus.Manager',
                           'title': _("Thesaurus content manager (role)"),
-                          'permissions': {'thesaurus.manage', 'thesaurus.extract.manage',
+                          'permissions': {MANAGE_THESAURUS_CONTENT_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
                           'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}})
     config.register_role({'id': 'thesaurus.ExtractManager',
                           'title': _("Thesaurus extract manager (role)"),
-                          'permissions': {'thesaurus.extract.manage',
+                          'permissions': {MANAGE_THESAURUS_EXTRACT_PERMISSION,
                                           VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION},
                           'managers': {'system:admin', 'role:system.Manager', 'role:thesaurus.Admin'}})
--- a/src/pyams_thesaurus/interfaces/__init__.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/interfaces/__init__.py	Thu Oct 08 12:15:52 2015 +0200
@@ -18,3 +18,8 @@
 # import interfaces
 
 # import packages
+
+
+ADMIN_THESAURUS_PERMISSION = 'thesaurus.admin'
+MANAGE_THESAURUS_CONTENT_PERMISSION = 'thesaurus.manage'
+MANAGE_THESAURUS_EXTRACT_PERMISSION = 'thesaurus.extract.manage'
--- a/src/pyams_thesaurus/zmi/extract.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/zmi/extract.py	Thu Oct 08 12:15:52 2015 +0200
@@ -20,8 +20,10 @@
 from pyams_form.interfaces.form import IWidgetsPrefixViewletsManager
 from pyams_skin.interfaces.viewlet import IWidgetTitleViewletManager
 from pyams_skin.layer import IPyAMSLayer
+from pyams_thesaurus.interfaces import ADMIN_THESAURUS_PERMISSION, MANAGE_THESAURUS_EXTRACT_PERMISSION
 from pyams_thesaurus.interfaces.thesaurus import IThesaurus, IThesaurusExtracts, IThesaurusExtractInfo, \
     IThesaurusExtract
+from pyams_utils.interfaces import VIEW_PERMISSION
 from pyams_utils.interfaces.data import IObjectData
 from pyams_utils.interfaces.tree import INode, ITree
 from pyams_zmi.layer import IAdminLayer
@@ -57,11 +59,11 @@
 
     @property
     def data_attributes(self):
-        attrs = super(ThesaurusExtractsTable, self).data_attributes
-        table = attrs.setdefault('table', {})
+        attributes = super(ThesaurusExtractsTable, self).data_attributes
+        table = attributes.setdefault('table', {})
         table.setdefault('data-ams-location', absolute_url(self.context, self.request, '++extracts++'))
         table.setdefault('data-ams-delete-target', 'delete-extract.json')
-        return attrs
+        return attributes
 
     cssClasses = {'table': 'table table-bordered table-striped table-hover table-tight datatable extracts'}
 
@@ -115,11 +117,11 @@
     """Thesaurus extracts trash column"""
 
     icon_hint = _("Delete extract")
-    permission = 'thesaurus.admin'
+    permission = ADMIN_THESAURUS_PERMISSION
 
 
 @viewlet_config(name='thesaurus.extract.adding', context=IThesaurus, view=ThesaurusExtractsTable,
-                layer=IAdminLayer, manager=IWidgetTitleViewletManager, permission='thesaurus.admin')
+                layer=IAdminLayer, manager=IWidgetTitleViewletManager, permission=ADMIN_THESAURUS_PERMISSION)
 class ThesaurusExtractAddAction(ToolbarAction):
     """Thesaurus extract add action"""
 
@@ -128,7 +130,7 @@
     modal_target = True
 
 
-@pagelet_config(name='add-extract.html', context=IThesaurus, layer=IPyAMSLayer, permission='thesaurus.admin')
+@pagelet_config(name='add-extract.html', context=IThesaurus, layer=IPyAMSLayer, permission=ADMIN_THESAURUS_PERMISSION)
 class ThesaurusExtractAddForm(AdminDialogAddForm):
     """Thesaurus extract add form"""
 
@@ -163,13 +165,13 @@
 
 
 @view_config(name='add-extract.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='thesaurus.admin', renderer='json', xhr=True)
+             permission=ADMIN_THESAURUS_PERMISSION, renderer='json', xhr=True)
 class ThesaurusExtractAJAXAddForm(AJAXAddForm, ThesaurusExtractAddForm):
     """Thesaurus extract add form, AJAX view"""
 
 
 @pagelet_config(name='properties.html', context=IThesaurusExtract, layer=IPyAMSLayer,
-                permission='thesaurus.extract.manage')
+                permission=MANAGE_THESAURUS_EXTRACT_PERMISSION)
 class ThesaurusExtractEditForm(AdminDialogEditForm):
     """Thesaurus extract edit form"""
 
@@ -184,7 +186,7 @@
     fields = field.Fields(IThesaurusExtractInfo)
 
     ajax_handler = 'properties.json'
-    edit_permission = 'thesaurus.extract.manage'
+    edit_permission = MANAGE_THESAURUS_EXTRACT_PERMISSION
 
     def updateWidgets(self, prefix=None):
         super(ThesaurusExtractEditForm, self).updateWidgets(prefix)
@@ -196,7 +198,7 @@
 
 
 @view_config(name='properties.json', context=IThesaurusExtract, request_type=IPyAMSLayer,
-             permission='thesaurus.extract.manage', renderer='json', xhr=True)
+             permission=MANAGE_THESAURUS_EXTRACT_PERMISSION, renderer='json', xhr=True)
 class ThesaurusExtractAJAXEditForm(AJAXEditForm, ThesaurusExtractEditForm):
     """Thesaurus extract edit form, AJAX view"""
 
@@ -259,7 +261,7 @@
 
 
 @view_config(name='get-nodes.json', context=IThesaurusExtract, request_type=IPyAMSLayer,
-             permission='view', renderer='json', xhr=True)
+             permission=VIEW_PERMISSION, renderer='json', xhr=True)
 class ThesaurusTermNodes(BaseTreeNodesView):
     """Get thesaurus nodes"""
 
@@ -277,7 +279,7 @@
 
 
 @view_config(name='delete-extract.json', context=IThesaurusExtracts, request_type=IPyAMSLayer,
-             permission='thesaurus.admin', renderer='json', xhr=True)
+             permission=ADMIN_THESAURUS_PERMISSION, renderer='json', xhr=True)
 def delete_extract(request):
     """Delete extract from thesaurus"""
     translate = request.localizer.translate
--- a/src/pyams_thesaurus/zmi/manager.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/zmi/manager.py	Thu Oct 08 12:15:52 2015 +0200
@@ -9,26 +9,6 @@
 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
 # FOR A PARTICULAR PURPOSE.
 #
-from z3c.table.interfaces import IColumn, IValues
-from zope.component.interfaces import ISite
-from pyams_pagelet.pagelet import pagelet_config
-from pyams_skin.container import ContainerView
-from pyams_skin.interfaces import IInnerPage, IPageHeader
-from pyams_skin.interfaces.viewlet import IWidgetTitleViewletManager
-from pyams_skin.layer import IPyAMSLayer
-from pyams_skin.page import DefaultPageHeaderAdapter
-from pyams_skin.table import BaseTable, TrashColumn
-from pyams_skin.viewlet.menu import MenuItem
-from pyams_skin.viewlet.toolbar import ToolbarAction
-from pyams_thesaurus.interfaces.thesaurus import IThesaurus
-from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter
-from pyams_utils.registry import get_utilities_for
-from pyams_utils.url import absolute_url
-from pyams_viewlet.manager import viewletmanager_config
-from pyams_viewlet.viewlet import viewlet_config
-from pyams_zmi.interfaces.menu import IControlPanelMenu
-from pyams_zmi.layer import IAdminLayer
-from pyams_zmi.view import AdminView
 
 __docformat__ = 'restructuredtext'
 
@@ -36,15 +16,36 @@
 # import standard library
 
 # import interfaces
+from pyams_skin.interfaces import IInnerPage, IPageHeader
+from pyams_skin.interfaces.viewlet import IWidgetTitleViewletManager
+from pyams_skin.layer import IPyAMSLayer
+from pyams_thesaurus.interfaces.thesaurus import IThesaurus
+from pyams_utils.interfaces import VIEW_SYSTEM_PERMISSION, MANAGE_SYSTEM_PERMISSION
+from pyams_zmi.interfaces.menu import IControlPanelMenu
+from pyams_zmi.layer import IAdminLayer
+from zope.component.interfaces import ISite
+from z3c.table.interfaces import IColumn, IValues
 
 # import packages
+from pyams_pagelet.pagelet import pagelet_config
+from pyams_skin.container import ContainerView
+from pyams_skin.page import DefaultPageHeaderAdapter
+from pyams_skin.table import BaseTable, TrashColumn
+from pyams_skin.viewlet.menu import MenuItem
+from pyams_skin.viewlet.toolbar import ToolbarAction
+from pyams_utils.adapter import adapter_config, ContextRequestViewAdapter
+from pyams_utils.registry import get_utilities_for
+from pyams_utils.url import absolute_url
+from pyams_viewlet.manager import viewletmanager_config
+from pyams_viewlet.viewlet import viewlet_config
+from pyams_zmi.view import AdminView
 from zope.interface import implementer, Interface
 
 from pyams_thesaurus import _
 
 
 @viewlet_config(name='thesaurus.menu', context=ISite, layer=IAdminLayer, manager=IControlPanelMenu,
-                permission='system.view', weight=15)
+                permission=VIEW_SYSTEM_PERMISSION, weight=15)
 @viewletmanager_config(name='thesaurus.menu', context=ISite, layer=IAdminLayer)
 class ThesaurusMenuItem(MenuItem):
     """Thesaurus menu item"""
@@ -76,7 +77,7 @@
     """Thesaurus trash column"""
 
     icon_hint = _("Delete thesaurus")
-    permission = 'system.manage'
+    permission = MANAGE_SYSTEM_PERMISSION
 
 
 @adapter_config(context=(ISite, IAdminLayer, ControlPanelThesaurusTable), provides=IValues)
@@ -89,7 +90,7 @@
             yield thesaurus
 
 
-@pagelet_config(name='thesaurus.html', context=ISite, layer=IPyAMSLayer, permission='system.view')
+@pagelet_config(name='thesaurus.html', context=ISite, layer=IPyAMSLayer, permission=VIEW_SYSTEM_PERMISSION)
 @implementer(IInnerPage)
 class ControlPanelThesaurusView(AdminView, ContainerView):
     """Control panel thesaurus view"""
@@ -107,7 +108,7 @@
 
 
 @viewlet_config(name='add-thesaurus.action', context=ISite, view=ControlPanelThesaurusTable, layer=IAdminLayer,
-                manager=IWidgetTitleViewletManager, permission='system.manage')
+                manager=IWidgetTitleViewletManager, permission=MANAGE_SYSTEM_PERMISSION)
 class ThesaurusAddAction(ToolbarAction):
     """Thesaurus add action"""
 
--- a/src/pyams_thesaurus/zmi/term.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/zmi/term.py	Thu Oct 08 12:15:52 2015 +0200
@@ -18,8 +18,10 @@
 # import interfaces
 from pyams_skin.interfaces.viewlet import IWidgetTitleViewletManager
 from pyams_skin.layer import IPyAMSLayer
+from pyams_thesaurus.interfaces import MANAGE_THESAURUS_CONTENT_PERMISSION
 from pyams_thesaurus.interfaces.term import IThesaurusTerm
 from pyams_thesaurus.interfaces.thesaurus import IThesaurus
+from pyams_utils.interfaces import VIEW_PERMISSION
 from pyams_zmi.layer import IAdminLayer
 from z3c.form.interfaces import IDataExtractedEvent, DISPLAY_MODE
 
@@ -42,7 +44,7 @@
 
 
 @viewlet_config(name='thesaurus.term.adding', context=IThesaurus, view=ThesaurusTermsView,
-                layer=IAdminLayer, manager=IWidgetTitleViewletManager, permission='thesaurus.manage')
+                layer=IAdminLayer, manager=IWidgetTitleViewletManager, permission=MANAGE_THESAURUS_CONTENT_PERMISSION)
 class ThesaurusTermAddAction(ToolbarAction):
     """Thesaurus term add action"""
 
@@ -51,7 +53,7 @@
     modal_target = True
 
 
-@pagelet_config(name='add-term.html', context=IThesaurus, layer=IPyAMSLayer, permission='thesaurus.manage')
+@pagelet_config(name='add-term.html', context=IThesaurus, layer=IPyAMSLayer, permission=MANAGE_THESAURUS_CONTENT_PERMISSION)
 class ThesaurusTermAddForm(AdminDialogAddForm):
     """Thesaurus term add form"""
 
@@ -106,7 +108,7 @@
 
 
 @view_config(name='add-term.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='thesaurus.manage', renderer='json', xhr=True)
+             permission=MANAGE_THESAURUS_CONTENT_PERMISSION, renderer='json', xhr=True)
 class ThesaurusTermAJAXAddForm(AJAXAddForm, ThesaurusTermAddForm):
     """Thesaurus term add form, AJAX view"""
 
@@ -120,7 +122,7 @@
                     'options': {'term': label}}
 
 
-@pagelet_config(name='properties.html', context=IThesaurusTerm, layer=IPyAMSLayer, permission='view')
+@pagelet_config(name='properties.html', context=IThesaurusTerm, layer=IPyAMSLayer, permission=VIEW_PERMISSION)
 class ThesaurusTermEditForm(AdminDialogEditForm):
     """Thesaurus term edit form"""
 
@@ -136,7 +138,7 @@
                                                  'status', 'level', 'created', 'modified')
 
     ajax_handler = 'properties.json'
-    edit_permission = 'thesaurus.manage'
+    edit_permission = MANAGE_THESAURUS_CONTENT_PERMISSION
 
     generic_changed = False
     usage_changed = False
@@ -232,7 +234,7 @@
 
 
 @pagelet_config(name='properties.json', context=IThesaurusTerm, request_type=IPyAMSLayer,
-                permission='thesaurus.manage', renderer='json', xhr=True)
+                permission=MANAGE_THESAURUS_CONTENT_PERMISSION, renderer='json', xhr=True)
 class ThesaurusTermAJAXEditForm(AJAXEditForm, ThesaurusTermEditForm):
     """Thesaurus term edit form, AJAX view"""
 
--- a/src/pyams_thesaurus/zmi/thesaurus.py	Thu Oct 08 11:41:02 2015 +0200
+++ b/src/pyams_thesaurus/zmi/thesaurus.py	Thu Oct 08 12:15:52 2015 +0200
@@ -23,10 +23,12 @@
 from pyams_skin.interfaces import IPageHeader, IInnerPage
 from pyams_skin.interfaces.container import ITableElementName, ITableElementEditor
 from pyams_skin.interfaces.viewlet import IToolbarAddingMenu
+from pyams_thesaurus.interfaces import MANAGE_THESAURUS_CONTENT_PERMISSION
 from pyams_thesaurus.interfaces.loader import IThesaurusLoader, IThesaurusUpdaterConfiguration, \
     IThesaurusExporterConfiguration, IThesaurusExporter
 from pyams_thesaurus.interfaces.thesaurus import IThesaurusInfo, IThesaurus, IThesaurusExtracts
 from pyams_thesaurus.zmi.interfaces import IThesaurusTermsMenu, IThesaurusView
+from pyams_utils.interfaces import VIEW_PERMISSION, VIEW_SYSTEM_PERMISSION, MANAGE_SYSTEM_PERMISSION
 from pyams_utils.interfaces.tree import INode, ITree
 from pyams_zmi.interfaces import IAdminView
 from pyams_zmi.interfaces.menu import ISiteManagementMenu, IPropertiesMenu
@@ -79,7 +81,7 @@
 
 
 @viewlet_config(name='add-thesaurus.menu', context=ISite, layer=IAdminLayer,
-                view=UtilitiesTable, manager=IToolbarAddingMenu, permission='system.manage')
+                view=UtilitiesTable, manager=IToolbarAddingMenu, permission=MANAGE_SYSTEM_PERMISSION)
 class ThesaurusAddMenu(ToolbarMenuItem):
     """Thesaurus add menu"""
 
@@ -89,7 +91,7 @@
     modal_target = True
 
 
-@pagelet_config(name='add-thesaurus.html', context=ISite, layer=IPyAMSLayer, permission='system.manage')
+@pagelet_config(name='add-thesaurus.html', context=ISite, layer=IPyAMSLayer, permission=MANAGE_SYSTEM_PERMISSION)
 class ThesaurusAddForm(AdminDialogAddForm):
     """Thesaurus add form"""
 
@@ -130,7 +132,7 @@
 
 
 @view_config(name='add-thesaurus.json', context=ISite, request_type=IPyAMSLayer,
-             permission='system.manage', renderer='json', xhr=True)
+             permission=MANAGE_SYSTEM_PERMISSION, renderer='json', xhr=True)
 class ThesaurusAJAXAddForm(AJAXAddForm, ThesaurusAddForm):
     """Thesaurus add form, AJAX view"""
 
@@ -172,7 +174,7 @@
 
 
 @viewlet_config(name='properties.menu', layer=IAdminLayer, context=IThesaurus, manager=ISiteManagementMenu,
-                permission='system.view', weight=1)
+                permission=VIEW_SYSTEM_PERMISSION, weight=1)
 @viewletmanager_config(name='properties.menu', layer=IAdminLayer, context=IThesaurus, provides=IPropertiesMenu)
 @implementer(IPropertiesMenu)
 class ThesaurusPropertiesMenuItem(MenuItem):
@@ -183,7 +185,7 @@
     url = '#properties.html'
 
 
-@pagelet_config(name='properties.html', context=IThesaurus, layer=IPyAMSLayer, permission='system.view')
+@pagelet_config(name='properties.html', context=IThesaurus, layer=IPyAMSLayer, permission=VIEW_SYSTEM_PERMISSION)
 @implementer(IWidgetForm, IInnerPage, IThesaurusView)
 class ThesaurusPropertiesEditForm(AdminEditForm):
     """Thesaurus properties edit form"""
@@ -199,7 +201,7 @@
     fields = field.Fields(IThesaurusInfo).select('name', 'title', 'subject', 'description', 'language', 'creator',
                                                  'publisher', 'created')
     ajax_handler = 'properties.json'
-    edit_permission = 'system.manage'
+    edit_permission = MANAGE_SYSTEM_PERMISSION
 
     def updateWidgets(self, prefix=None):
         super(ThesaurusPropertiesEditForm, self).updateWidgets(prefix)
@@ -208,7 +210,7 @@
 
 
 @view_config(name='properties.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='system.manage', renderer='json', xhr=True)
+             permission=MANAGE_SYSTEM_PERMISSION, renderer='json', xhr=True)
 class ThesaurusPropertiesAJAXEditForm(AJAXEditForm, ThesaurusPropertiesEditForm):
     """Thesaurus properties edit form, AJAX view"""
 
@@ -218,7 +220,7 @@
 #
 
 @viewlet_config(name='terms.menu', context=IThesaurus, layer=IAdminLayer, manager=ISiteManagementMenu,
-                permission='system.view', weight=10)
+                permission=VIEW_SYSTEM_PERMISSION, weight=10)
 @viewletmanager_config(name='terms.menu', layer=IAdminLayer, context=IThesaurus, provides=IThesaurusTermsMenu)
 @implementer(IThesaurusTermsMenu)
 class ThesaurusTermsMenuItem(MenuItem):
@@ -229,7 +231,7 @@
     url = '#terms.html'
 
 
-@pagelet_config(name='terms.html', context=IThesaurus, layer=IPyAMSLayer, permission='system.view')
+@pagelet_config(name='terms.html', context=IThesaurus, layer=IPyAMSLayer, permission=VIEW_SYSTEM_PERMISSION)
 @template_config(template='templates/terms-tree.pt', layer=IPyAMSLayer)
 @implementer(IAdminView, IThesaurusView)
 class ThesaurusTermsView(InnerPage):
@@ -284,7 +286,7 @@
 
 
 @view_config(name='get-nodes.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='view', renderer='json', xhr=True)
+             permission=VIEW_PERMISSION, renderer='json', xhr=True)
 class ThesaurusTermNodes(BaseTreeNodesView):
     """Get thesaurus nodes"""
 
@@ -302,7 +304,7 @@
 
 
 @view_config(name='get-parent-nodes.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='view', renderer='json', xhr=True)
+             permission=VIEW_PERMISSION, renderer='json', xhr=True)
 class ThesaurusTermParentNodes(BaseTreeNodesView):
     """Get thesaurus parent nodes"""
 
@@ -327,7 +329,7 @@
 
 
 @view_config(name='switch-extract.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='thesaurus.manage', renderer='json', xhr=True)
+             permission=MANAGE_THESAURUS_CONTENT_PERMISSION, renderer='json', xhr=True)
 def switch_term_extract(request):
     """Term extract switcher"""
     label = request.params.get('term')
@@ -356,7 +358,7 @@
 #
 
 @viewlet_config(name='import.menu', context=IThesaurus, layer=IAdminLayer, manager=IThesaurusTermsMenu,
-                permission='system.manage', weight=10)
+                permission=MANAGE_SYSTEM_PERMISSION, weight=10)
 class ThesaurusImportMenuItem(MenuItem):
     """Thesaurus import menu"""
 
@@ -374,7 +376,7 @@
     add = button.Button(name='add', title=_("Import terms"))
 
 
-@pagelet_config(name='import.html', context=IThesaurus, layer=IPyAMSLayer, permission='system.manage')
+@pagelet_config(name='import.html', context=IThesaurus, layer=IPyAMSLayer, permission=MANAGE_SYSTEM_PERMISSION)
 class ThesaurusImportForm(AdminDialogAddForm):
     """Thesaurus import form"""
 
@@ -415,7 +417,7 @@
 
 
 @view_config(name='import.json', context=IThesaurus, request_type=IPyAMSLayer,
-             permission='system.manage', renderer='json', xhr=True)
+             permission=MANAGE_SYSTEM_PERMISSION, renderer='json', xhr=True)
 class ThesaurusImportAJAXForm(AJAXAddForm, ThesaurusImportForm):
     """Thesaurus import form, AJAX view"""
 
@@ -425,7 +427,7 @@
 #
 
 @viewlet_config(name='export.menu', context=IThesaurus, layer=IAdminLayer, manager=IThesaurusTermsMenu,
-                permission='system.view', weight=15)
+                permission=VIEW_SYSTEM_PERMISSION, weight=15)
 class ThesaurusExportMenuItem(MenuItem):
     """Thesaurus export menu"""
 
@@ -443,7 +445,7 @@
     add = button.Button(name='add', title=_("Export terms"))
 
 
-@pagelet_config(name='export.html', context=IThesaurus, layer=IPyAMSLayer, permission='system.view')
+@pagelet_config(name='export.html', context=IThesaurus, layer=IPyAMSLayer, permission=VIEW_SYSTEM_PERMISSION)
 class ThesaurusExportForm(AdminDialogAddForm):
     """Thesaurus export form"""
 
@@ -467,7 +469,7 @@
         return exporter.export(self.context, configuration)
 
 
-@view_config(name='export.xml', context=IThesaurus, request_type=IPyAMSLayer, permission='system.manage')
+@view_config(name='export.xml', context=IThesaurus, request_type=IPyAMSLayer, permission=MANAGE_SYSTEM_PERMISSION)
 class ThesaurusExportAJAXForm(AJAXAddForm, ThesaurusExportForm):
     """Thesaurus export form, AJAX view"""