[Grok-dev] protecting grok.Model objects with zcml

Aroldo Souza-Leite asouzaleite at gmx.de
Thu Sep 20 13:31:50 UTC 2012


Hi list,

is it possible to use 'classical' zcml directives to protect persistent 
instances of
a class that inherits from grok.Model?

Sorry, I lost the thread of of a former  discussion about only grok.View 
being protected through grok.require directives. I would be thankful for 
a pointer to an update.

What I'm trying to do:


class Stone(grok.Model):
    '''
    Instances of subclasses should be protected.
    '''

class HardStone(Stone):
     '''
     A hard stone.
     '''
     grok.implements(IHardStone)

     def __init__(self,name="hardstone-" + str(time.time()), hardness = 
1, density = 0):
         super(HardStone,self).__init__()
         self.hardness = hardness
         self.density = density


class UpdateHardness(grok.Permission):
     grok.name('livebase.stones.update_hardness')


The directives in configure.zcml:

<class class="livebase.stones.HardStone">
<require permission="livebase.stones.update_hardness"
                   set_attributes="hardness"
          />
</class>


No user has roles with these permissions. But in the present state any 
"public" view
can change the value of 'hardness'. I get the impression  that if the 
view is not protected,
the persistent object that this view shows (and updates) cannot be 
protected either. Is something missing to
activate the zope security proxy for persistent objects?
What surprises me is that the Grok frameworks seems to know and 
recognize all the elements involved in this configuration.
Am I making a basic mistake here?

I would be grateful  for any hints.

Regards,

Aroldo.






More information about the Grok-dev mailing list