Personal tools
You are here: Home Documentation Tutorials Permissions Tutorial Checking Permissions

Checking Permissions

How to check permission in python code
Zope 3 and Grok come with authorization capabilities out of the box. While a vanilla Zope 3 application protects all content by default and performs authorization checks on the content objects themselves, Grok allows access to everything unless you explicitly restrict it. The authorization checks here are done based on the Views used to access (display/manipulate) the content.
Page 4 of 5.

When generating user interface elements you might want to check that the current logged in principal actually can access a view to which a link refers. You need to do two things: 1 get the view, 2 check permissions on that view. This is how you do it:

from zope.component import getMultiAdapter
from zope.security import canAccess

def canAccessView(obj, view_name):
    # obj - is the object you want view
    # view_name - is the grok.View/AddForm/EditForm you want to access
    view = getMultiAdapter((obj, self.request), name=view_name)
    # check if you can access the __call__ method which is equal
    # to being allowed to access this view.
    return canAccess(view, '__call__')

If you want to check if the current logged in principal has a specific permission on a specific object or view you can do so by means of the checkPermission method. It is available through zope.security and in a view through self.request.interaction. Note that Grok doesn't allow a simplified way of setting object level permissions. The grok.requires statement is only applicable to views.

from zope.security import checkPermission
def justChecking(context):
    # context - the object or view you are checking permissions on
    user_allowed = checkPermission(PERMISSION_NAME, context)

class MyView(grok.View):
    def update(self):
        i = self.request.interaction
        # checking permission on currently viewed object (self.context)
        user_allowed = i.checkPermission(PERMISSION_NAME, self.context)
 

Checking permissions in python

Posted by Lukas Zdych at Jan 25, 2009 02:46 PM
from zope.security import checkPermission
user_allowed = checkPermission(PERMISSION_NAME, context)

Use this code in python code and grok views rather then checking permission in the page template itself.

Checking permissions in python

Posted by Robert Marianski at Jun 28, 2009 11:40 AM
Thanks Lukas. I've used your comment for the documentation.