[Grok-dev] Requiring more than one permission to access a view. Is that doable?

Hector Blanco white.lists at gmail.com
Sun Feb 13 13:51:33 EST 2011 

Hello everyone!

I'd like to know if I can require more than one permission for the
logged principal to access a view.

I've been setting a permission system as explained here:
http://grok.zope.org/documentation/tutorial/permissions/checking-permissions

I can properly test if the logged principal can access (or not) a view
as detailed in that tutorial:

class RestrictedAccessView(grok.View):
	grok.context(Server)
	grok.require('server.CanSeeRestrictedAccessView')
	grok.name("RestrictedAccessView")


Then to test it, I have created another view (doesn't need to be
another view... could be anywhere, but by putting it in a view, I can
easily test it on my browser :-)   )

class Test(grok.View):
	grok.context(Server)
	grok.require('server.ViewWholeSite')


	def canAccessView(self, obj, view_name):
		# obj - is the object you want view
		# view_name - is the grok.View/AddForm/EditForm you want to access
		view = zope.component.getMultiAdapter((obj, self.request), name=view_name)
		# check if you can access the __call__ method which is equal
		# to being allowed to access this view.
		return zope.security.canAccess(view, '__call__')

	def render(self):
		retval = str()
		retval += "Can logged user access 'RestrictedAccessView'?: " +
str(self.canAccessView(self.context, "RestrictedAccessView"))
		return retval

It works... If the logger user/principal doesn't have the permission
"server.CanSeeRestrictedAccessView", I see on my browser:

Can logged user access 'RestrictedAccessView'?: False

But what about requiring more than one permission to see the view?
Something like:

class RestrictedAccessView(grok.View):
	grok.context(Server)
	grok.require('server.ViewTheWholeSite')
	grok.require('server.CanSeeRestrictedAccessView')
	grok.name("RestrictedAccessView")

If I try that, I get:
 GrokError: grok.require was called multiple times in <class
'server.app.RestrictedAccessView'>. It may only be set once for a
class.

Overestimating my wisdom, I recalled that sometimes passing a tuple
works, so I tried:

class RestrictedAccessView(grok.View):
	grok.context(Server)
	grok.require(('server.ViewTheWholeSite', 'server.CanSeeRestrictedAccessView'))

And... nopes!!:
     GrokImportError: You can only pass unicode, ASCII, or a subclass
of grok.Permission to the 'require' directive.

It's not a big deal, though... I can always play with the permissions
so I will only require one... It's mainly out of curiosity.

Thank you in advance!

More information about the Grok-dev mailing list