Personal tools
You are here: Home Documentation Tutorials Permissions Tutorial

Permissions Tutorial

This Tutorial applies to: Any version.
This Tutorial is intended for: Any audience.

Zope 3 and Grok come with authorization capabilities out of the box. While a vanilla Zope 3 application protects all content by default and performs authorization checks on the content objects themselves, Grok allows access to everything unless you explicitly restrict it. The authorization checks here are done based on the Views used to access (display/manipulate) the content.

All content on one page (useful for printing, presentation mode etc.)

  1. Setup Code Imagine a Grok module for holding Contact Info called contact.py. By default, anyone is able to view the ViewContact view.
  2. Defining Permissions and restricting access As all Views in Grok default to public access, anyone can use the ViewContact view. If you want to restrict access to a view, you have to explicitly protect it with a permission.
  3. Granting Permissions You can grant permissions to principals with a PermissionManager. For example, if all registered users should have permission to view contact details and to create new contacts, you could grant them the permissions when the user account is created.
  4. Checking Permissions How to check permission in python code
  5. Defining Roles Permissions can be grouped together in Roles, which makes granting all the permissions for a particular type of user much easier. Defining roles is similar to defining permissions.
 

mysite.Administrator instead of mysite.Editor

Posted by Hugo Lopes Tavares at Feb 10, 2009 11:26 AM
Am I wrong or the last role should be 'mysite.Editor', following the definition above, instead of 'mysite.Administrador', never defined?

class AdministratorRole(grok.Role):
    grok.name('mysite.Editor')
...
role_man.assignRoleToPrincipal('mysite.Administrator', principalID)

Thanks for your feedback.

Posted by Michael Haubenwallner at Feb 17, 2009 12:30 PM
changed to

class AdministratorRole(grok.Role):
    grok.name('mysite.Administrator')