[Grok-dev] Default permission for Views?
Jan-Wijbrand Kolman
janwijbrand at gmail.com
Wed Nov 5 03:19:29 EST 2008
On Wed, Nov 5, 2008 at 2:04 AM, Kevin Teague <kevin at bud.ca> wrote:
> So should this be made overridable? Or should I just sprinkle
> grok.requires throughout my Views or am I missing something?
For what it's worth, that's what we do in our applications. And I made
a simple custom grokker that scans all of "our" views to see if
there's indeed a grok.require() directive set. And if not, the
application just won't start.
See:
http://jw.n--tree.net/blog/dev/python/custom-grokkers-for-checking-stuff
(I still have this idea of making a small megrok.strictrequire add-on,
but oh well...)
regards,
jw
ps. I think it was Philipp who explained to me a while ago that
'zope.Public' isn't really a permission itself at all, but an
indication to the security machinerey that there's no need to secure
this view at all. Something like that.
--
Jan-Wijbrand Kolman
More information about the Grok-dev
mailing list