[Checkins] SVN: grok/trunk/doc/reference/components.rst add initial docs for Permissions, Roles and Forms

Kevin Teague kevin at bud.ca
Thu Jun 26 20:43:46 EDT 2008 

Log message for revision 87817:
  add initial docs for Permissions, Roles and Forms

Changed:
  U   grok/trunk/doc/reference/components.rst

-=-
Modified: grok/trunk/doc/reference/components.rst
===================================================================
--- grok/trunk/doc/reference/components.rst	2008-06-27 00:35:48 UTC (rev 87816)
+++ grok/trunk/doc/reference/components.rst	2008-06-27 00:43:46 UTC (rev 87817)
@@ -559,9 +559,9 @@
         Returns an object and a sequence of names.
 	  
         The publisher calls this method at the end of each traversal path.
-	  	If the sequence of names is not empty, then a traversal step is made
-	  	for each name. After the publisher gets to the end of the sequence,
-	  	it will call browserDefault on the last traversed object.
+        If the sequence of names is not empty, then a traversal step is made
+        for each name. After the publisher gets to the end of the sequence,
+        it will call browserDefault on the last traversed object.
 	  
         The default behaviour in Grok is to return self.context for the object
         and 'index' for the default view name.
@@ -613,26 +613,192 @@
 Forms
 ~~~~~
 
+Forms inherit from the `grok.View` class. They are a specialized type of
+View that renders an HTML Form.
+
 :class:`grok.Form`
 ==================
 
-.. Do not forget about the form_fields class attribute!
+.. class:: grok.Form
 
+    Base class for forms.
+
+    .. attribute:: prefix
+    
+        Page-element prefix. All named or identified page elements in a
+        subpage should have names and identifiers that begin with a subpage
+        prefix followed by a dot.
+
+    .. method:: setPrefix(prefix):
+
+        Update the subpage prefix
+
+    .. attribute:: label
+    
+        A label to display at the top of a form.
+        
+    .. attribute:: status
+    
+        An update status message. This is normally generated by success or
+        failure handlers.
+    
+    .. attribute:: errors
+
+        Sequence of errors encountered during validation.
+
+    .. attribute:: form_result
+    
+        Return from action result method.
+
+    .. attribute:: form_reset
+    
+        Boolean indicating whether the form needs to be reset.
+
+    .. attribute:: form_fields
+    
+        The form's form field definitions.
+
+        This attribute is used by many of the default methods.
+
+    .. attribute:: widgets
+    
+        The form's widgets.
+
+        - set by setUpWidgets
+
+        - used by validate
+
+
+    .. method:: setUpWidgets(ignore_request=False):
+    
+        Set up the form's widgets.
+
+        The default implementation uses the form definitions in the
+        form_fields attribute and setUpInputWidgets.
+
+        The function should set the widgets attribute.
+
+    .. method:: validate(action, data):
+    
+        The default form validator
+
+        If an action is submitted and the action doesn't have it's own
+        validator then this function will be called.
+
+    .. attribute:: template
+    
+        Template used to display the form
+
+    .. method:: resetForm():
+    
+        Reset any cached data because underlying content may have changed.
+
+    .. method:: error_views():
+    
+        Return views of any errors.
+
+        The errors are returned as an iterable.
+
+    .. method:: applyData(obj, **data):
+    
+        Save form data to an object.
+
+        This returns a dictionary with interfaces as keys and lists of
+        field names as values to indicate which fields in which
+        schemas had to be changed in order to save the data.  In case
+        the method works in update mode (e.g. on EditForms) and
+        doesn't have to update an object, the dictionary is empty.
+
 :class:`grok.AddForm`
 =====================
 
+Add forms are used for creating new objects. The widgets for this form
+are not bound to any existing content or model object.
+
+.. class:: grok.AddForm
+
+    Base class for add forms.
+
 :class:`grok.EditForm`
 ======================
 
+Edit forms are used for editing existing objects. The widgets for this form
+are bound to the object set in the `context` attribute.
+
+.. class:: grok.EditForm
+
+    Base class for edit forms.
+
 :class:`grok.DisplayForm`
 =========================
 
+Display forms are used to display an existing object. The widgets for this
+form are bound to the object set in the `context` attribute.
+
+.. class:: grok.DisplayForm
+
+    Base class for display forms.
+
 Security
 ~~~~~~~~
 
 :class:`Permission`
 ===================
 
+Permissions are used to protect Views so that they can only be called by
+an authenticated principal. If a View in Grok does not have a `grok.require`
+directive declaring a permission needed to use the View, then the view will
+be public.
+
+.. class:: grok.Permission
+
+    Base class for permissions. You must specify a unique name for every
+    permission using the `grok.name` directive. The convention for ensuring
+    uniqueness is to prefix your permission name with the name of your
+    Grok package followed by a dot, e.g. 'mypackage.MyPermissionName'.
+
+    .. attribute:: id
+    
+        Id as which this permission will be known and used. This is set
+        to the value specified in the `grok.name` directive.
+
+    .. attribute:: title
+
+        Human readable identifier for this permission.
+
+    .. attribute:: description
+
+        Description of the permission.
+
+    **Directives:**
+
+    :func:`grok.name(name)`
+    
+        Required. Identifies the unique name (also used as the id) of the
+        permission.
+
+    :func:`grok.title(title)`
+
+        Optional. Stored as the title attribute for this permission.
+    
+    :func:`grok.description(description)`
+
+        Optional. Stored as the description attribute for this permission.
+
+**Example 1: Define a new Permission and use it to protect a View**
+
+.. code-block:: python
+
+    import grok
+    import zope.interface
+    
+    class Read(grok.Permission):
+        grok.name('mypackage.Read')
+
+    class Index(grok.View):
+        grok.context(zope.interface.Interface)
+        grok.require('mypackage.Read')
+
 :func:`grok.define_permission` -- define a permission
 =====================================================
 
@@ -664,3 +830,107 @@
 
 :class:`Role`
 =============
+
+Roles provide a way to group together a collection of permissions. Principals
+(aka Users) can be granted a Role which will allow them to access all Views
+protected by the Permissions that the Role contains.
+
+.. class:: grok.Role
+
+    Base class for roles.
+
+    .. attribute:: id
+    
+        Id as which this role will be known and used. This is set
+        to the value specified in the `grok.name` directive.
+
+    .. attribute:: title
+
+        Human readable identifier for this permission.
+
+    .. attribute:: description
+
+        Description of the permission.
+
+    **Directives:**
+
+    :func:`grok.name(name)`
+
+        Required. Identifies the unique name (also used as the id) of the
+        role.
+
+    :func:`grok.permissions(permissions)`
+
+        Required. Declare the permissions granted to this role.
+
+    :func:`grok.title(title)`
+
+        Optional. Stored as the title attribute for this role.
+
+    :func:`grok.description(description)`
+
+        Optional. Stored as the description attribute for this role.
+
+**Example 1: Define a new 'paint.Artist' Role and assign it to the 'paint.grok' principal**
+
+.. code-block:: python
+
+    import grok
+    import zope.interface
+
+    class ViewPermission(grok.Permission):
+        grok.name('paint.ViewPainting')
+
+    class EditPermission(grok.Permission):
+        grok.name('paint.EditPainting')
+
+    class ErasePermission(grok.Permission):
+        grok.name('paint.ErasePainting')
+
+    class ApprovePermission(grok.Permission):
+        grok.name('paint.ApprovePainting')
+
+    class Artist(grok.Role):
+        """
+        An Artist can view, create and edit paintings. However, they can
+        not approve their painting for display in the Art Gallery Cave.
+        """
+        grok.name('paint.Artist')
+        grok.title('Artist')
+        grok.description('An artist owns the paintings that they create.')
+        grok.permissions(
+            'paint.ViewPainting', 'paint.EditPainting', 'paint.ErasePainting')
+
+    class CavePainting(grok.View):
+        grok.context(zope.interface.Interface)
+        grok.require(ViewPermission)
+
+        def render(self):
+            return 'What a beautiful painting.'
+
+    class EditCavePainting(grok.View):
+        grok.context(zope.interface.Interface)
+        grok.require(EditPermission)
+
+        def render(self):
+            return 'Let\'s make it even prettier.'
+
+    class EraseCavePainting(grok.View):
+        grok.context(zope.interface.Interface)
+        grok.require(ErasePermission)
+
+        def render(self):
+            return 'Oops, mistake, let\'s erase it.'
+
+    class ApproveCavePainting(grok.View):
+        grok.context(zope.interface.Interface)
+        grok.require(ApprovePermission)
+
+        def render(self):
+            return 'Painting owners cannot approve their paintings.'
+
+    # The app variable will typically be your Application instance,
+    # but could also be a container within your application.
+    from zope.securitypolicy.interfaces import IPrincipalRoleManager
+    IPrincipalRoleManager(app).assignRoleToPrincipal(
+       'paint.Artixt', 'paint.grok')

More information about the Checkins mailing list