Gets intranet working in principle

OneGov · Nov 14, 2017 · 1c5725e · 1c5725e
1 parent c499644
commit 1c5725e
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/onegov/intranet/app.py b/onegov/intranet/app.py
@@ -3,3 +3,8 @@
 
 class IntranetApp(OrgApp):
     pass
+
+
+@IntranetApp.setting(section='org', name='enable_yubikey')
+def get_enable_yubikey():
+    return True
diff --git a/onegov/intranet/security.py b/onegov/intranet/security.py
@@ -1,5 +1,8 @@
 from onegov.core.security import Public, Private, Personal, Secret
+from onegov.core.static import StaticFile
+from onegov.core.theme import ThemeFile
 from onegov.intranet.app import IntranetApp
+from onegov.user import Auth
 
 
 @IntranetApp.setting_section(section="roles")
@@ -50,3 +53,38 @@ def get_roles_setting():
         # the public has no access whatsoever
         'anonymous': set()
     }
+
+
+@IntranetApp.permission_rule(
+    model=StaticFile,
+    permission=Public,
+    identity=None)
+def may_view_static_files_not_logged_in(app, identity, model, permission):
+    """ Always allow to view static files.
+
+    Those files are public anyway, since we are open-source.
+
+    """
+    return True
+
+
+@IntranetApp.permission_rule(
+    model=ThemeFile,
+    permission=Public,
+    identity=None)
+def may_view_theme_files_not_logged_in(app, identity, model, permission):
+    """ Always allow to view theme files.
+
+    Those files are public anyway, since we are open-source.
+
+    """
+    return True
+
+
+@IntranetApp.permission_rule(
+    model=Auth,
+    permission=Public,
+    identity=None)
+def may_view_auth_not_logged_in(app, identity, model, permission):
+    """ Anonymous needs to be able to log in. """
+    return True