refact: rename constants.

ruff.toml

@@ -54,7 +54,7 @@ lint.extend-ignore = [
     "N804", # First argument of a class method should be named `cls`
     "N805", # First argument of a method should be named `self`
     "N806", # Variable in function should be lowercase
-    "N814", # Camelcase ... imported as constant
+#    "N814", # Camelcase ... imported as constant
     "N816", # Variable in global scope should not be mixedCase
     #
     "PD011", # Use `.to_numpy()` instead of `.values`

src/abilian/app.py

@@ -27,7 +27,7 @@
 from abilian.core.plugin_manager import PluginManager
 from abilian.core.service_manager import ServiceManager
 from abilian.services import auth_service
-from abilian.services.security import Anonymous
+from abilian.services.security import ANONYMOUS
 from abilian.setup import setup_app
 from abilian.web.access_blueprint import allow_access_for_roles
 from abilian.web.errors import ErrorManagerMixin
@@ -226,5 +226,5 @@ def add_static_url(
             roles=roles,
         )
         self.add_access_controller(
-            endpoint, allow_access_for_roles(Anonymous), endpoint=True
+            endpoint, allow_access_for_roles(ANONYMOUS), endpoint=True
         )

src/abilian/core/entities.py

@@ -413,20 +413,20 @@ def _indexable_roles_and_users(self) -> str:
         permission on this object."""
         from abilian.services import get_security_service
         from abilian.services.indexing import indexable_role
-        from abilian.services.security import READ, Admin, Anonymous, Creator, Owner
+        from abilian.services.security import ADMIN, ANONYMOUS, CREATOR, OWNER, READ
 
         result: list[str] = []
         security = get_security_service()
 
         # roles - required to match when user has a global role
         assignments = security.get_permissions_assignments(permission=READ, obj=self)
         allowed_roles = assignments.get(READ, set())
-        allowed_roles.add(Admin)
+        allowed_roles.add(ADMIN)
 
         for role in allowed_roles:
             result.append(indexable_role(role))
 
-        for role, attr in ((Creator, "creator"), (Owner, "owner")):
+        for role, attr in ((CREATOR, "creator"), (OWNER, "owner")):
             if role in allowed_roles:
                 user = getattr(self, attr)
                 if user:
@@ -445,7 +445,7 @@ def _indexable_roles_and_users(self) -> str:
 
         # Anonymous is a role listed in role assignments
         # - legacy when there wasn't permission-role assignments
-        principals.discard(Anonymous)
+        principals.discard(ANONYMOUS)
 
         # if Anonymous in principals:
         #     # it's a role listed in role assignments - legacy when there wasn't

src/abilian/core/models/comment.py

@@ -9,7 +9,7 @@
 from sqlalchemy.orm import backref, relationship
 
 from abilian.core.entities import Entity, EntityQuery
-from abilian.services.security import CREATE, DELETE, WRITE, Anonymous, Owner
+from abilian.services.security import ANONYMOUS, CREATE, DELETE, OWNER, WRITE
 
 #: name of backref on target :class:`Entity` object
 ATTRIBUTE = "__comments__"
@@ -68,7 +68,7 @@ class Comment(Entity):
     """A Comment related to an :class:`Entity`."""
 
     __tablename__ = "comment"
-    __default_permissions__ = {WRITE: {Owner}, DELETE: {Owner}, CREATE: {Anonymous}}
+    __default_permissions__ = {WRITE: {OWNER}, DELETE: {OWNER}, CREATE: {ANONYMOUS}}
 
     entity_id = Column(Integer, ForeignKey(Entity.id), nullable=False)
 

src/abilian/sbe/apps/calendar/actions.py

@@ -7,7 +7,7 @@
 
 from abilian.i18n import _l
 from abilian.services import get_service
-from abilian.services.security import Admin
+from abilian.services.security import ADMIN
 from abilian.web.action import Action, FAIcon, actions
 
 
@@ -30,7 +30,7 @@ def url(self, context=None):
 
 def is_admin(context):
     security = get_service("security")
-    return security.has_role(current_user, Admin, object=context.get("object"))
+    return security.has_role(current_user, ADMIN, object=context.get("object"))
 
 
 _actions = [

src/abilian/sbe/apps/communities/models.py

@@ -36,15 +36,15 @@
 from abilian.sbe.apps.documents.repository import content_repository
 from abilian.services.indexing import indexable_role
 from abilian.services.security import (
+    ADMIN,
+    MANAGER,
     READ,
+    READER,
     WRITE,
-    Admin,
-    Manager as MANAGER,
+    WRITER,
     Permission,
-    Reader as READER,
     Role,
     RoleType,
-    Writer as WRITER,
     security,
 )
 
@@ -321,7 +321,7 @@ def has_permission(self, user: LocalProxy, permission: Permission) -> bool:
             assert isinstance(permission, str)
             permission = Permission(permission)
 
-        if user.has_role(Admin):
+        if user.has_role(ADMIN):
             return True
 
         role = self.get_role(user)

src/abilian/sbe/apps/documents/models.py

@@ -38,7 +38,7 @@
 from abilian.core.util import md5
 from abilian.services.conversion import converter
 from abilian.services.indexing import indexable_role
-from abilian.services.security import Admin, Anonymous, InheritSecurity, security
+from abilian.services.security import ADMIN, ANONYMOUS, InheritSecurity, security
 
 from . import tasks
 from .lock import Lock
@@ -247,7 +247,7 @@ def _indexable_roles_and_users(self) -> str:
                 continue
             obj_allowed = {o[0] for o in security.get_role_assignements(obj)}
 
-            if Anonymous in obj_allowed:
+            if ANONYMOUS in obj_allowed:
                 continue
 
             parent_allowed = allowed
@@ -274,7 +274,7 @@ def _indexable_roles_and_users(self) -> str:
             allowed |= remaining_groups_members - extended_allowed
 
         # admin role is always granted access
-        allowed.add(Admin)
+        allowed.add(ADMIN)
         return " ".join(indexable_role(p) for p in allowed)
 
 

src/abilian/sbe/apps/documents/signals.py

@@ -6,7 +6,7 @@
 
 from abilian.sbe.apps.communities.models import VALID_ROLES, Community, Membership
 from abilian.sbe.apps.communities.signals import membership_removed, membership_set
-from abilian.services.security import Manager, Reader, Writer, security
+from abilian.services.security import MANAGER, READER, WRITER, security
 
 from .search import reindex_tree
 
@@ -20,9 +20,9 @@ def new_community_member(
 
     role = membership.role
     user = membership.user
-    local_role = Writer if community.type == "participative" else Reader
-    if role == Manager:
-        local_role = Manager
+    local_role = WRITER if community.type == "participative" else READER
+    if role == MANAGER:
+        local_role = MANAGER
 
     current_roles = set(security.get_roles(user, community.folder, no_group_roles=True))
     current_roles &= VALID_ROLES  # ensure we don't remove roles not managed

src/abilian/sbe/apps/documents/views/util.py

@@ -13,7 +13,7 @@
 from abilian.core.signals import activity
 from abilian.core.util import unwrap
 from abilian.sbe.apps.documents.repository import content_repository
-from abilian.services.security import MANAGE, WRITE, Admin, security
+from abilian.services.security import ADMIN, MANAGE, WRITE, security
 from abilian.web import url_for
 
 if TYPE_CHECKING:
@@ -174,7 +174,7 @@ def check_read_access(obj: BaseContent) -> None:
         raise NotFound
     if not security.running:
         return
-    if security.has_role(current_user, Admin):
+    if security.has_role(current_user, ADMIN):
         return
     if content_repository.has_access(current_user, obj):
         return
@@ -193,7 +193,7 @@ def check_write_access(obj: BaseContent) -> None:
         raise NotFound
     if not security.running:
         return
-    if security.has_role(current_user, Admin):
+    if security.has_role(current_user, ADMIN):
         return
 
     if content_repository.has_access(
@@ -216,7 +216,7 @@ def check_manage_access(obj) -> None:
         raise NotFound
     if not security.running:
         return
-    if security.has_role(current_user, Admin):
+    if security.has_role(current_user, ADMIN):
         return
     if content_repository.has_access(
         current_user, obj

src/abilian/sbe/apps/forum/actions.py

@@ -9,7 +9,7 @@
 
 from abilian.i18n import _l
 from abilian.services import get_service
-from abilian.services.security import Admin, SecurityService
+from abilian.services.security import ADMIN, SecurityService
 from abilian.web.action import Action, FAIcon, ModalActionMixin, actions
 
 if TYPE_CHECKING:
@@ -45,7 +45,7 @@ def pre_condition(self, context):
 
 def is_admin(context):
     security = cast(SecurityService, get_service("security"))
-    return security.has_role(current_user, Admin, object=context.get("object"))
+    return security.has_role(current_user, ADMIN, object=context.get("object"))
 
 
 def is_in_thread(context) -> bool:

src/abilian/sbe/apps/wall/util.py

@@ -17,7 +17,7 @@
 from abilian.sbe.apps.documents.models import Document, Folder
 from abilian.services import get_service
 from abilian.services.activity import ActivityEntry
-from abilian.services.security import READ, Admin, SecurityService
+from abilian.services.security import ADMIN, READ, SecurityService
 
 if TYPE_CHECKING:
     from abilian.core.models.subjects import User
@@ -30,7 +30,7 @@ def get_recent_entries(
     community: CommunityPresenter | None = None,
 ) -> list[Any]:
     # Check just in case
-    if not current_user.has_role(Admin):
+    if not current_user.has_role(ADMIN):
         if community and not community.has_member(current_user):
             raise Forbidden
 
@@ -50,7 +50,7 @@ def get_recent_entries(
     #
     # we use communities ids instead of object because as of sqlalchemy 0.8 the
     # 'in_' operator cannot be used with relationships, only foreign keys values
-    if not community and not current_user.has_role(Admin):
+    if not community and not current_user.has_role(ADMIN):
         community_ids = Membership.query.filter(
             Membership.user_id == current_user.id
         ).values(Membership.community_id)

src/abilian/sbe/apps/wiki/actions.py

@@ -11,7 +11,7 @@
 from abilian.sbe.apps.communities.actions import CommunityEndpoint
 from abilian.sbe.apps.communities.security import is_manager
 from abilian.services import get_service
-from abilian.services.security import Admin, SecurityService
+from abilian.services.security import ADMIN, SecurityService
 from abilian.web.action import Action, FAIcon, ModalActionMixin, actions
 
 if TYPE_CHECKING:
@@ -37,7 +37,7 @@ def url(self, context=None):
 
 def is_admin(context):
     security = cast(SecurityService, get_service("security"))
-    return security.has_role(current_user, Admin, object=context.get("object"))
+    return security.has_role(current_user, ADMIN, object=context.get("object"))
 
 
 class WikiPageModalAction(ModalActionMixin, WikiPageAction):

src/abilian/services/auth/views.py

@@ -42,7 +42,7 @@
 from abilian.core.signals import auth_failed
 from abilian.core.util import md5, unwrap
 from abilian.i18n import _, render_template_i18n
-from abilian.services.security import Anonymous
+from abilian.services.security import ANONYMOUS
 from abilian.web.access_blueprint import AccessControlBlueprint
 
 from .models import LoginSession
@@ -57,7 +57,7 @@
     "login",
     __name__,
     url_prefix="/user",
-    allowed_roles=Anonymous,
+    allowed_roles=ANONYMOUS,
     template_folder="templates",
 )
 route = login.route

src/abilian/services/indexing/schema.py

@@ -29,7 +29,7 @@
 
 from abilian.core.models.subjects import Group, Principal, User
 from abilian.core.util import unwrap
-from abilian.services.security.models import Anonymous, Role
+from abilian.services.security.models import ANONYMOUS, Role
 
 accent_folder = (
     RegexTokenizer(r"\w+")
@@ -95,11 +95,11 @@ def indexable_role(role_or_principal: Role | Principal) -> str:
 
     if isinstance(role_or_principal, AnonymousUserMixin):
         # transform anonymous user to anonymous role
-        role_or_principal = Anonymous
+        role_or_principal = ANONYMOUS
 
     if isinstance(role_or_principal, User) and role_or_principal.is_anonymous:
         # transform anonymous user to anonymous role
-        role_or_principal = Anonymous
+        role_or_principal = ANONYMOUS
 
     if isinstance(role_or_principal, Role):
         return f"role:{role_or_principal.name}"

src/abilian/services/indexing/service.py

@@ -39,7 +39,7 @@
 from abilian.core.models.subjects import Group, User
 from abilian.core.util import fqcn as base_fqcn, friendly_fqcn
 from abilian.services import Service, ServiceState
-from abilian.services.security import Anonymous, Authenticated, Role, security
+from abilian.services.security import ANONYMOUS, AUTHENTICATED, Role, security
 
 from .adapter import SAAdapter
 from .schema import DefaultSearchSchema, indexable_role
@@ -299,8 +299,8 @@ def search(
             user = current_user
             roles = {indexable_role(user)}
             if not user.is_anonymous:
-                roles.add(indexable_role(Anonymous))
-                roles.add(indexable_role(Authenticated))
+                roles.add(indexable_role(ANONYMOUS))
+                roles.add(indexable_role(AUTHENTICATED))
                 roles |= {indexable_role(r) for r in security.get_roles(user)}
 
             filter_q = wq.Or([
@@ -479,7 +479,7 @@ def get_document(
 
         if not document.get("allowed_roles_and_users"):
             # no data for security: assume anybody can access the document
-            document["allowed_roles_and_users"] = indexable_role(Anonymous)
+            document["allowed_roles_and_users"] = indexable_role(ANONYMOUS)
 
         for func in self.app_state.value_provider_funcs:
             res = func(document, obj)

src/abilian/services/security/__init__.py

@@ -4,26 +4,26 @@
 from __future__ import annotations
 
 from .models import (
+    ADMIN,
+    ANONYMOUS,
+    AUTHENTICATED,
     CREATE,
+    CREATOR,
     DELETE,
     MANAGE,
+    MANAGER,
+    OWNER,
     READ,
+    READER,
     WRITE,
-    Admin,
-    Anonymous,
-    Authenticated,
-    Creator,
+    WRITER,
     InheritSecurity,
-    Manager,
-    Owner,
     Permission,
     PermissionAssignment,
-    Reader,
     Role,
     RoleAssignment,
     RoleType,
     SecurityAudit,
-    Writer,
 )
 from .service import SecurityService, security
 
@@ -35,14 +35,14 @@
     "READ",
     "WRITE",
     # Roles
-    "Admin",
-    "Anonymous",
-    "Authenticated",
-    "Creator",
-    "Manager",
-    "Owner",
-    "Reader",
-    "Writer",
+    "ADMIN",
+    "ANONYMOUS",
+    "AUTHENTICATED",
+    "CREATOR",
+    "MANAGER",
+    "OWNER",
+    "READER",
+    "WRITER",
     #
     "InheritSecurity",
     "Permission",