org.security
============

.. py:module:: org.security


Functions
---------

.. autoapisummary::

   org.security.get_roles_setting
   org.security.has_export_permission_not_logged_in
   org.security.has_export_permissions_logged_in
   org.security.has_permission_ticket
   org.security.has_permission_ticket_collection
   org.security.has_permission_payments
   org.security.has_permission_directory_submission_action


Module Contents
---------------

.. py:function:: get_roles_setting() -> dict[str, set[type[onegov.core.security.roles.Intent]]]

   Returns the default roles available to onegov.org applications.

   Applications building on onegov.org may add more roles and permissions,
   or replace the existing ones entirely, though it's not something that
   one should do carelessly.

   The default roles are:

   **admin**
       Has access to everything

   **editor**
       Has access to most things

   **supporter**
       Has access to the ticket (and payment) system

   **member**
       Has access their own data

   **anonymous**
       Has access to public things



.. py:function:: has_export_permission_not_logged_in(app: onegov.org.app.OrgApp, identity: None, model: onegov.org.models.Export, permission: object) -> bool

.. py:function:: has_export_permissions_logged_in(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.org.models.Export, permission: object) -> bool

.. py:function:: has_permission_ticket(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.ticket.Ticket, permission: object) -> bool

.. py:function:: has_permission_ticket_collection(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.ticket.TicketCollection | onegov.ticket.collection.ArchivedTicketCollection, permission: object) -> bool

.. py:function:: has_permission_payments(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.pay.Payment | onegov.pay.PaymentCollection, permission: object) -> bool

.. py:function:: has_permission_directory_submission_action(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.org.views.directory.DirectorySubmissionAction, permission: object) -> bool