[Grok-dev] Requiring more than one permission to access a view. Is that doable?
Jeffrey D Peterson
bgpete at gmail.com
Mon Feb 14 00:49:55 EST 2011
Roles are what you want:
http://grok.zope.org/documentation/tutorial/permissions/defining-roles/view?searchterm=roles
On 2/13/2011 12:51 PM, Hector Blanco wrote:
> Hello everyone!
>
> I'd like to know if I can require more than one permission for the
> logged principal to access a view.
>
> I've been setting a permission system as explained here:
> http://grok.zope.org/documentation/tutorial/permissions/checking-permissions
>
> I can properly test if the logged principal can access (or not) a view
> as detailed in that tutorial:
>
> class RestrictedAccessView(grok.View):
> grok.context(Server)
> grok.require('server.CanSeeRestrictedAccessView')
> grok.name("RestrictedAccessView")
>
>
> Then to test it, I have created another view (doesn't need to be
> another view... could be anywhere, but by putting it in a view, I can
> easily test it on my browser :-) )
>
> class Test(grok.View):
> grok.context(Server)
> grok.require('server.ViewWholeSite')
>
>
> def canAccessView(self, obj, view_name):
> # obj - is the object you want view
> # view_name - is the grok.View/AddForm/EditForm you want to access
> view = zope.component.getMultiAdapter((obj, self.request), name=view_name)
> # check if you can access the __call__ method which is equal
> # to being allowed to access this view.
> return zope.security.canAccess(view, '__call__')
>
> def render(self):
> retval = str()
> retval += "Can logged user access 'RestrictedAccessView'?: " +
> str(self.canAccessView(self.context, "RestrictedAccessView"))
> return retval
>
> It works... If the logger user/principal doesn't have the permission
> "server.CanSeeRestrictedAccessView", I see on my browser:
>
> Can logged user access 'RestrictedAccessView'?: False
>
> But what about requiring more than one permission to see the view?
> Something like:
>
> class RestrictedAccessView(grok.View):
> grok.context(Server)
> grok.require('server.ViewTheWholeSite')
> grok.require('server.CanSeeRestrictedAccessView')
> grok.name("RestrictedAccessView")
>
> If I try that, I get:
> GrokError: grok.require was called multiple times in<class
> 'server.app.RestrictedAccessView'>. It may only be set once for a
> class.
>
> Overestimating my wisdom, I recalled that sometimes passing a tuple
> works, so I tried:
>
> class RestrictedAccessView(grok.View):
> grok.context(Server)
> grok.require(('server.ViewTheWholeSite', 'server.CanSeeRestrictedAccessView'))
>
> And... nopes!!:
> GrokImportError: You can only pass unicode, ASCII, or a subclass
> of grok.Permission to the 'require' directive.
>
> It's not a big deal, though... I can always play with the permissions
> so I will only require one... It's mainly out of curiosity.
>
> Thank you in advance!
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> https://mail.zope.org/mailman/listinfo/grok-dev
>
More information about the Grok-dev
mailing list