org.security

Functions

get_roles_setting(→ dict[str, ...)

Returns the default roles available to onegov.org applications.

has_export_permission_not_logged_in(→ bool)

has_export_permissions_logged_in(→ bool)

has_permission_ticket(→ bool)

has_permission_ticket_collection(→ bool)

has_permission_payments(→ bool)

has_permission_directory_submission_action(→ bool)

Module Contents

org.security.get_roles_setting() dict[str, set[type[onegov.core.security.roles.Intent]]][source]

Returns the default roles available to onegov.org applications.

Applications building on onegov.org may add more roles and permissions, or replace the existing ones entirely, though it’s not something that one should do carelessly.

The default roles are:

admin

Has access to everything

editor

Has access to most things

supporter

Has access to the ticket (and payment) system

member

Has access their own data

anonymous

Has access to public things

org.security.has_export_permission_not_logged_in(app: onegov.org.app.OrgApp, identity: None, model: onegov.org.models.Export, permission: object) bool[source]
org.security.has_export_permissions_logged_in(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.org.models.Export, permission: object) bool[source]
org.security.has_permission_ticket(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.ticket.Ticket, permission: object) bool[source]
org.security.has_permission_ticket_collection(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.ticket.TicketCollection | onegov.ticket.collection.ArchivedTicketCollection, permission: object) bool[source]
org.security.has_permission_payments(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.pay.Payment | onegov.pay.PaymentCollection, permission: object) bool[source]
org.security.has_permission_directory_submission_action(app: onegov.org.app.OrgApp, identity: morepath.authentication.Identity, model: onegov.org.views.directory.DirectorySubmissionAction, permission: object) bool[source]