"""The module that defines the ``TenantPermMap`` model.
SPDX-License-Identifier: AGPL-3.0-only OR BSD-3-Clause-Clear
"""
from __future__ import annotations
import typing as t
from dataclasses import dataclass, field
import cg_request_args as rqa
from ..utils import to_dict
[docs]
@dataclass
class TenantPermMap:
"""The mapping between tenant permission and value for a user."""
#: Users with this permission can add other users to the
can_add_users: bool
#: Users with this permission can create new community library items.
can_create_community_library_items: bool
#: Users with this permission can create new courses.
can_create_courses: bool
#: Users that have this permission within their tenant can delete any
#: community library item belonging to that tenant. Users without this
#: permission can still delete community library items they created
#: themselves. You will always need permission to view an item to be able
#: to delete it. The cross-tenant counterpart is the global permission
#: `can_manage_all_community_library_items`.
can_delete_community_library_items: bool
#: Users with this permission can login directly to CodeGrade using
#: username/password or email/OTP. When disabled, users must login through
#: their institution's LMS.
can_login_outside_lti: bool
#: Users with this permission can login directly to CodeGrade using
#: username/password or email/OTP. When disabled, users must login through
#: their institution's SSO.
can_login_outside_sso: bool
#: Users with this permission can change the tenant permissions for other
#: users on the site.
can_manage_tenant_roles: bool
#: Users with this permission can search for users on the site, this means
#: they can see all other users on the site.
can_search_users: bool
#: Users with this permission can view the statistics of their own tenant.
#: The cross-tenant counterpart is the global permission
#: `can_see_statistics_in_all_tenants`.
can_see_tenant_statistics: bool
#: Users with this permission do not have to pay for paid courses.
can_skip_payment: bool
#: Users with this permission can sign in to CodeGrade with a password and
#: can change their own password. When disabled the user must authenticate
#: through their institution's LMS or SSO, or via a one time password (OTP)
#: login link delivered by email.
can_use_password: bool
#: Users with this permission can create and use their own personal
#: snippets across the website. This permission only governs personal
#: snippets; course snippets are governed by the separate
#: `can_view_course_snippets` and `can_manage_course_snippets` course
#: permissions.
can_use_snippets: bool
#: Users with this permission can see the items in the community library.
can_view_community_library_items: bool
#: Users with this permission have every permission in all courses in this
#: tenant, even when they do not have a role within the course.
is_tenant_admin: bool
raw_data: t.Optional[t.Dict[str, t.Any]] = field(init=False, repr=False)
data_parser: t.ClassVar[t.Any] = rqa.Lazy(
lambda: rqa.FixedMapping(
rqa.RequiredArgument(
"can_add_users",
rqa.SimpleValue.bool,
doc="Users with this permission can add other users to the",
),
rqa.RequiredArgument(
"can_create_community_library_items",
rqa.SimpleValue.bool,
doc="Users with this permission can create new community library items.",
),
rqa.RequiredArgument(
"can_create_courses",
rqa.SimpleValue.bool,
doc="Users with this permission can create new courses.",
),
rqa.RequiredArgument(
"can_delete_community_library_items",
rqa.SimpleValue.bool,
doc="Users that have this permission within their tenant can delete any community library item belonging to that tenant. Users without this permission can still delete community library items they created themselves. You will always need permission to view an item to be able to delete it. The cross-tenant counterpart is the global permission `can_manage_all_community_library_items`.",
),
rqa.RequiredArgument(
"can_login_outside_lti",
rqa.SimpleValue.bool,
doc="Users with this permission can login directly to CodeGrade using username/password or email/OTP. When disabled, users must login through their institution's LMS.",
),
rqa.RequiredArgument(
"can_login_outside_sso",
rqa.SimpleValue.bool,
doc="Users with this permission can login directly to CodeGrade using username/password or email/OTP. When disabled, users must login through their institution's SSO.",
),
rqa.RequiredArgument(
"can_manage_tenant_roles",
rqa.SimpleValue.bool,
doc="Users with this permission can change the tenant permissions for other users on the site.",
),
rqa.RequiredArgument(
"can_search_users",
rqa.SimpleValue.bool,
doc="Users with this permission can search for users on the site, this means they can see all other users on the site.",
),
rqa.RequiredArgument(
"can_see_tenant_statistics",
rqa.SimpleValue.bool,
doc="Users with this permission can view the statistics of their own tenant. The cross-tenant counterpart is the global permission `can_see_statistics_in_all_tenants`.",
),
rqa.RequiredArgument(
"can_skip_payment",
rqa.SimpleValue.bool,
doc="Users with this permission do not have to pay for paid courses.",
),
rqa.RequiredArgument(
"can_use_password",
rqa.SimpleValue.bool,
doc="Users with this permission can sign in to CodeGrade with a password and can change their own password. When disabled the user must authenticate through their institution's LMS or SSO, or via a one time password (OTP) login link delivered by email.",
),
rqa.RequiredArgument(
"can_use_snippets",
rqa.SimpleValue.bool,
doc="Users with this permission can create and use their own personal snippets across the website. This permission only governs personal snippets; course snippets are governed by the separate `can_view_course_snippets` and `can_manage_course_snippets` course permissions.",
),
rqa.RequiredArgument(
"can_view_community_library_items",
rqa.SimpleValue.bool,
doc="Users with this permission can see the items in the community library.",
),
rqa.RequiredArgument(
"is_tenant_admin",
rqa.SimpleValue.bool,
doc="Users with this permission have every permission in all courses in this tenant, even when they do not have a role within the course.",
),
).use_readable_describe(True)
)
def to_dict(self) -> t.Dict[str, t.Any]:
res: t.Dict[str, t.Any] = {
"can_add_users": to_dict(self.can_add_users),
"can_create_community_library_items": to_dict(
self.can_create_community_library_items
),
"can_create_courses": to_dict(self.can_create_courses),
"can_delete_community_library_items": to_dict(
self.can_delete_community_library_items
),
"can_login_outside_lti": to_dict(self.can_login_outside_lti),
"can_login_outside_sso": to_dict(self.can_login_outside_sso),
"can_manage_tenant_roles": to_dict(self.can_manage_tenant_roles),
"can_search_users": to_dict(self.can_search_users),
"can_see_tenant_statistics": to_dict(
self.can_see_tenant_statistics
),
"can_skip_payment": to_dict(self.can_skip_payment),
"can_use_password": to_dict(self.can_use_password),
"can_use_snippets": to_dict(self.can_use_snippets),
"can_view_community_library_items": to_dict(
self.can_view_community_library_items
),
"is_tenant_admin": to_dict(self.is_tenant_admin),
}
return res
@classmethod
def from_dict(
cls: t.Type[TenantPermMap], d: t.Dict[str, t.Any]
) -> TenantPermMap:
parsed = cls.data_parser.try_parse(d)
res = cls(
can_add_users=parsed.can_add_users,
can_create_community_library_items=parsed.can_create_community_library_items,
can_create_courses=parsed.can_create_courses,
can_delete_community_library_items=parsed.can_delete_community_library_items,
can_login_outside_lti=parsed.can_login_outside_lti,
can_login_outside_sso=parsed.can_login_outside_sso,
can_manage_tenant_roles=parsed.can_manage_tenant_roles,
can_search_users=parsed.can_search_users,
can_see_tenant_statistics=parsed.can_see_tenant_statistics,
can_skip_payment=parsed.can_skip_payment,
can_use_password=parsed.can_use_password,
can_use_snippets=parsed.can_use_snippets,
can_view_community_library_items=parsed.can_view_community_library_items,
is_tenant_admin=parsed.is_tenant_admin,
)
res.raw_data = d
return res