Defining Permissions and Restricting Access
===========================================

| As all Views in Grok default to public access, 
| anyone can use the ViewContact view. If you want 
| to restrict access to a view, you have to explicitly 
| protect it with a permission.

Define your Grok Permissions by subclassing from the grok.Permission base class. You must use the grok.name directive to give your permission a unique name. It can be any string, but it is strongly recommended to prefix them with the application name.

.. code-block:: python

     class ViewContacts(grok.Permission):
         grok.name('mysite.ViewContacts')
         grok.title('View Contacts') # optional

     class AddContacts(grok.Permission):
         grok.name('mysite.AddContacts')

     class EditContacts(grok.Permission):
         grok.name('mysite.EditContacts')

     class ViewContactComplete(grok.View)
         """Display Contact Info, including email.

         Only users which have the permission 'mysite.ViewContacts'
         can use this view.
         """"
         grok.require('mysite.ViewContacts')  # this is the security declaration

         def render(self):
             contact = self.context
             return 'Contact: %s%s%s' % (contact.first_name,
                                         contact.last_name,
                                         contact.email)

*Note* The ``grok.Permission`` component base class was introduced *after* the
release 0.10. In earlier versions of Grok a permission was defined using a
module level directive, like so:

.. code-block:: python

     grok.define_permission('mysite.ViewContacts')

If you are using ``grokproject`` this change currently does not affect your
installation. In this case use ``grok.define_permission`` as described above.