[Grok-dev] access permissions and local roles
Wichert Akkerman
wichert at wiggy.net
Wed Oct 3 10:51:47 EDT 2007
I'm having some problems trying to figure out how to handle security in
my grok app. I am using zalchemy on top of grok.Model classes to manage
all data, which works fine. However, I need to do two things:
* only show objects (ie SQL table rows) if the current principal matches
has access to them or if the principal has an admin role. Access in
this case is determine by the login name corresponding to an attribute
on the object.
* refuse access to hidden objects using the same roles
I think I need to do two things:
- define local roles for my sql objects so that I can use grok.require
on the views for those objects. I think I can do this by writing an
IPrincipalRoleManager adapter.
- manually check permission in the methods that generate the list of
accessible objects. I'm not sure how to do the proper permission
checks there though. grok stripping security proxies may be a factor
here.
am I on the right track here, or way off base?
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Grok-dev
mailing list