[Grok-dev] Requiring more than one permission to access a view. Is that doable?

Hector Blanco white.lists at gmail.com
Tue Feb 15 10:24:17 EST 2011


Thanks!

I should've thought about it myself... :-(

2011/2/14 Jeffrey D Peterson <bgpete at gmail.com>:
> Roles are what you want:
> http://grok.zope.org/documentation/tutorial/permissions/defining-roles/view?searchterm=roles
>
> On 2/13/2011 12:51 PM, Hector Blanco wrote:
>>
>> Hello everyone!
>>
>> I'd like to know if I can require more than one permission for the
>> logged principal to access a view.
>>
>> I've been setting a permission system as explained here:
>>
>> http://grok.zope.org/documentation/tutorial/permissions/checking-permissions
>>
>> I can properly test if the logged principal can access (or not) a view
>> as detailed in that tutorial:
>>
>> class RestrictedAccessView(grok.View):
>>        grok.context(Server)
>>        grok.require('server.CanSeeRestrictedAccessView')
>>        grok.name("RestrictedAccessView")
>>
>>
>> Then to test it, I have created another view (doesn't need to be
>> another view... could be anywhere, but by putting it in a view, I can
>> easily test it on my browser :-)   )
>>
>> class Test(grok.View):
>>        grok.context(Server)
>>        grok.require('server.ViewWholeSite')
>>
>>
>>        def canAccessView(self, obj, view_name):
>>                # obj - is the object you want view
>>                # view_name - is the grok.View/AddForm/EditForm you want to
>> access
>>                view = zope.component.getMultiAdapter((obj, self.request),
>> name=view_name)
>>                # check if you can access the __call__ method which is
>> equal
>>                # to being allowed to access this view.
>>                return zope.security.canAccess(view, '__call__')
>>
>>        def render(self):
>>                retval = str()
>>                retval += "Can logged user access 'RestrictedAccessView'?:
>> " +
>> str(self.canAccessView(self.context, "RestrictedAccessView"))
>>                return retval
>>
>> It works... If the logger user/principal doesn't have the permission
>> "server.CanSeeRestrictedAccessView", I see on my browser:
>>
>> Can logged user access 'RestrictedAccessView'?: False
>>
>> But what about requiring more than one permission to see the view?
>> Something like:
>>
>> class RestrictedAccessView(grok.View):
>>        grok.context(Server)
>>        grok.require('server.ViewTheWholeSite')
>>        grok.require('server.CanSeeRestrictedAccessView')
>>        grok.name("RestrictedAccessView")
>>
>> If I try that, I get:
>>  GrokError: grok.require was called multiple times in<class
>> 'server.app.RestrictedAccessView'>. It may only be set once for a
>> class.
>>
>> Overestimating my wisdom, I recalled that sometimes passing a tuple
>> works, so I tried:
>>
>> class RestrictedAccessView(grok.View):
>>        grok.context(Server)
>>        grok.require(('server.ViewTheWholeSite',
>> 'server.CanSeeRestrictedAccessView'))
>>
>> And... nopes!!:
>>      GrokImportError: You can only pass unicode, ASCII, or a subclass
>> of grok.Permission to the 'require' directive.
>>
>> It's not a big deal, though... I can always play with the permissions
>> so I will only require one... It's mainly out of curiosity.
>>
>> Thank you in advance!
>> _______________________________________________
>> Grok-dev mailing list
>> Grok-dev at zope.org
>> https://mail.zope.org/mailman/listinfo/grok-dev
>>
>
>


More information about the Grok-dev mailing list