"""The module that defines the ``GlobalPermMap`` model.
SPDX-License-Identifier: AGPL-3.0-only OR BSD-3-Clause-Clear
"""
from __future__ import annotations
import typing as t
from dataclasses import dataclass, field
import cg_request_args as rqa
from ..utils import to_dict
[docs]
@dataclass
class GlobalPermMap:
"""The mapping between global permission and value for a user."""
#: Users with this permission can create courses in all tenants regardless
#: of whether they are a member of the tenant or not.
can_create_courses_in_all_tenants: bool
#: Users with this permission can create, edit and delete pricing coupons
#: for courses.
can_edit_coupons: bool
#: Users with this permission can change the pricing for courses and
#: tenants.
can_edit_pricing: bool
#: Users with this permission can impersonate users, i.e. they can login as
#: other users.
can_impersonate_users: bool
#: Users with this global permission can list hidden tenants. All users can
#: still retrieve hidden tenants if they know the id. This permission only
#: has effect on the global level, not tenant level.
can_list_hidden_tenants: bool
#: Users with this permission can see and delete all the items in the
#: community library, even those not published to their tenant.
can_manage_all_community_library_items: bool
#: Users with this permission can view, stop, and restart background jobs.
can_manage_background_jobs: bool
#: Users with this permission can create, edit, and list all Git
#: connections that exist on the platform.
can_manage_git_connections_in_all_tenants: bool
#: Users with this permission can change the global permissions for other
#: users on the site.
can_manage_global_roles: bool
#: Users with this permission can edit and list existing, and create new
#: LTI providers.
can_manage_lti_providers: bool
#: Users with this permission can create, edit, and delete Pearson
#: templates, questions, and books.
can_manage_pearson_templates: bool
#: Users with this permission can accept and decline quarantined user
#: registrations.
can_manage_quarantined_registrations: bool
#: Users with this permission can manage the settings of this CodeGrade
#: instance
can_manage_site_settings: bool
#: Users with this permission can connect new SSO Identity Providers.
can_manage_sso_providers: bool
#: Users with this permission can create new tenants on the system.
can_manage_tenants: bool
#: Users with this permission can search for users in all tenants
#: regardless of whether they are a member of the tenant or not.
can_search_users_in_all_tenants: bool
#: Users with this permission are allowed to view all transactions from all
#: users.
can_see_all_transactions: bool
#: Users with this permission can see the pricing coupons generated for the
#: courses they are part of.
can_see_coupons: bool
#: Users with this permission can view the statistics of any tenant on the
#: system. The own-tenant counterpart is the tenant permission
#: `can_see_tenant_statistics`.
can_see_statistics_in_all_tenants: bool
#: Users with this permission do not have to pay for paid courses in any
#: tenant.
can_skip_payment_in_all_tenants: bool
#: Users with this permission are granted every course-level permission in
#: every course across every tenant, even when they do not have a role
#: within the tenant or course. This does not confer arbitrary system
#: access; it only elevates course-level access.
is_global_admin: bool
raw_data: t.Optional[t.Dict[str, t.Any]] = field(init=False, repr=False)
data_parser: t.ClassVar[t.Any] = rqa.Lazy(
lambda: rqa.FixedMapping(
rqa.RequiredArgument(
"can_create_courses_in_all_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission can create courses in all tenants regardless of whether they are a member of the tenant or not.",
),
rqa.RequiredArgument(
"can_edit_coupons",
rqa.SimpleValue.bool,
doc="Users with this permission can create, edit and delete pricing coupons for courses.",
),
rqa.RequiredArgument(
"can_edit_pricing",
rqa.SimpleValue.bool,
doc="Users with this permission can change the pricing for courses and tenants.",
),
rqa.RequiredArgument(
"can_impersonate_users",
rqa.SimpleValue.bool,
doc="Users with this permission can impersonate users, i.e. they can login as other users.",
),
rqa.RequiredArgument(
"can_list_hidden_tenants",
rqa.SimpleValue.bool,
doc="Users with this global permission can list hidden tenants. All users can still retrieve hidden tenants if they know the id. This permission only has effect on the global level, not tenant level.",
),
rqa.RequiredArgument(
"can_manage_all_community_library_items",
rqa.SimpleValue.bool,
doc="Users with this permission can see and delete all the items in the community library, even those not published to their tenant.",
),
rqa.RequiredArgument(
"can_manage_background_jobs",
rqa.SimpleValue.bool,
doc="Users with this permission can view, stop, and restart background jobs.",
),
rqa.RequiredArgument(
"can_manage_git_connections_in_all_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission can create, edit, and list all Git connections that exist on the platform.",
),
rqa.RequiredArgument(
"can_manage_global_roles",
rqa.SimpleValue.bool,
doc="Users with this permission can change the global permissions for other users on the site.",
),
rqa.RequiredArgument(
"can_manage_lti_providers",
rqa.SimpleValue.bool,
doc="Users with this permission can edit and list existing, and create new LTI providers.",
),
rqa.RequiredArgument(
"can_manage_pearson_templates",
rqa.SimpleValue.bool,
doc="Users with this permission can create, edit, and delete Pearson templates, questions, and books.",
),
rqa.RequiredArgument(
"can_manage_quarantined_registrations",
rqa.SimpleValue.bool,
doc="Users with this permission can accept and decline quarantined user registrations.",
),
rqa.RequiredArgument(
"can_manage_site_settings",
rqa.SimpleValue.bool,
doc="Users with this permission can manage the settings of this CodeGrade instance",
),
rqa.RequiredArgument(
"can_manage_sso_providers",
rqa.SimpleValue.bool,
doc="Users with this permission can connect new SSO Identity Providers.",
),
rqa.RequiredArgument(
"can_manage_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission can create new tenants on the system.",
),
rqa.RequiredArgument(
"can_search_users_in_all_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission can search for users in all tenants regardless of whether they are a member of the tenant or not.",
),
rqa.RequiredArgument(
"can_see_all_transactions",
rqa.SimpleValue.bool,
doc="Users with this permission are allowed to view all transactions from all users.",
),
rqa.RequiredArgument(
"can_see_coupons",
rqa.SimpleValue.bool,
doc="Users with this permission can see the pricing coupons generated for the courses they are part of.",
),
rqa.RequiredArgument(
"can_see_statistics_in_all_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission can view the statistics of any tenant on the system. The own-tenant counterpart is the tenant permission `can_see_tenant_statistics`.",
),
rqa.RequiredArgument(
"can_skip_payment_in_all_tenants",
rqa.SimpleValue.bool,
doc="Users with this permission do not have to pay for paid courses in any tenant.",
),
rqa.RequiredArgument(
"is_global_admin",
rqa.SimpleValue.bool,
doc="Users with this permission are granted every course-level permission in every course across every tenant, even when they do not have a role within the tenant or course. This does not confer arbitrary system access; it only elevates course-level access.",
),
).use_readable_describe(True)
)
def to_dict(self) -> t.Dict[str, t.Any]:
res: t.Dict[str, t.Any] = {
"can_create_courses_in_all_tenants": to_dict(
self.can_create_courses_in_all_tenants
),
"can_edit_coupons": to_dict(self.can_edit_coupons),
"can_edit_pricing": to_dict(self.can_edit_pricing),
"can_impersonate_users": to_dict(self.can_impersonate_users),
"can_list_hidden_tenants": to_dict(self.can_list_hidden_tenants),
"can_manage_all_community_library_items": to_dict(
self.can_manage_all_community_library_items
),
"can_manage_background_jobs": to_dict(
self.can_manage_background_jobs
),
"can_manage_git_connections_in_all_tenants": to_dict(
self.can_manage_git_connections_in_all_tenants
),
"can_manage_global_roles": to_dict(self.can_manage_global_roles),
"can_manage_lti_providers": to_dict(self.can_manage_lti_providers),
"can_manage_pearson_templates": to_dict(
self.can_manage_pearson_templates
),
"can_manage_quarantined_registrations": to_dict(
self.can_manage_quarantined_registrations
),
"can_manage_site_settings": to_dict(self.can_manage_site_settings),
"can_manage_sso_providers": to_dict(self.can_manage_sso_providers),
"can_manage_tenants": to_dict(self.can_manage_tenants),
"can_search_users_in_all_tenants": to_dict(
self.can_search_users_in_all_tenants
),
"can_see_all_transactions": to_dict(self.can_see_all_transactions),
"can_see_coupons": to_dict(self.can_see_coupons),
"can_see_statistics_in_all_tenants": to_dict(
self.can_see_statistics_in_all_tenants
),
"can_skip_payment_in_all_tenants": to_dict(
self.can_skip_payment_in_all_tenants
),
"is_global_admin": to_dict(self.is_global_admin),
}
return res
@classmethod
def from_dict(
cls: t.Type[GlobalPermMap], d: t.Dict[str, t.Any]
) -> GlobalPermMap:
parsed = cls.data_parser.try_parse(d)
res = cls(
can_create_courses_in_all_tenants=parsed.can_create_courses_in_all_tenants,
can_edit_coupons=parsed.can_edit_coupons,
can_edit_pricing=parsed.can_edit_pricing,
can_impersonate_users=parsed.can_impersonate_users,
can_list_hidden_tenants=parsed.can_list_hidden_tenants,
can_manage_all_community_library_items=parsed.can_manage_all_community_library_items,
can_manage_background_jobs=parsed.can_manage_background_jobs,
can_manage_git_connections_in_all_tenants=parsed.can_manage_git_connections_in_all_tenants,
can_manage_global_roles=parsed.can_manage_global_roles,
can_manage_lti_providers=parsed.can_manage_lti_providers,
can_manage_pearson_templates=parsed.can_manage_pearson_templates,
can_manage_quarantined_registrations=parsed.can_manage_quarantined_registrations,
can_manage_site_settings=parsed.can_manage_site_settings,
can_manage_sso_providers=parsed.can_manage_sso_providers,
can_manage_tenants=parsed.can_manage_tenants,
can_search_users_in_all_tenants=parsed.can_search_users_in_all_tenants,
can_see_all_transactions=parsed.can_see_all_transactions,
can_see_coupons=parsed.can_see_coupons,
can_see_statistics_in_all_tenants=parsed.can_see_statistics_in_all_tenants,
can_skip_payment_in_all_tenants=parsed.can_skip_payment_in_all_tenants,
is_global_admin=parsed.is_global_admin,
)
res.raw_data = d
return res