Defining Permissions and Restricting AccessΒΆ
As all Views in Grok default to public access,
anyone can use the ViewContact view. If you want
to restrict access to a view, you have to explicitly
protect it with a permission.
Define your Grok Permissions by subclassing from the grok.Permission base class. You must use the grok.name directive to give your permission a unique name. It can be any string, but it is strongly recommended to prefix them with the application name.
class ViewContacts(grok.Permission):
grok.name('mysite.ViewContacts')
grok.title('View Contacts') # optional
class AddContacts(grok.Permission):
grok.name('mysite.AddContacts')
class EditContacts(grok.Permission):
grok.name('mysite.EditContacts')
class ViewContactComplete(grok.View)
"""Display Contact Info, including email.
Only users which have the permission 'mysite.ViewContacts'
can use this view.
""""
grok.require('mysite.ViewContacts') # this is the security declaration
def render(self):
contact = self.context
return 'Contact: %s%s%s' % (contact.first_name,
contact.last_name,
contact.email)
Note The grok.Permission
component base class was introduced after the
release 0.10. In earlier versions of Grok a permission was defined using a
module level directive, like so:
grok.define_permission('mysite.ViewContacts')
If you are using grokproject
this change currently does not affect your
installation. In this case use grok.define_permission
as described above.