Defining Roles

Permissions can be grouped together in Roles,

which makes granting all the permissions for a

particular type of user much easier. Defining roles

is similar to defining permissions.

As an example, let’s group all permissions in two roles: one for normal site members, and one for administrators:

class MemberRole(grok.Role):
    grok.name('mysite.Member')
    grok.title('Contacts Member') # optional
    grok.permissions(
        'mysite.ViewContacts',
        'mysite.AddContacts')

class AdministratorRole(grok.Role):
    grok.name('mysite.Administrator')
    grok.title('Contacts Administrator') # optional
    grok.permissions(
        'mysite.ViewContacts',
        'mysite.AddContacts',
        'mysite.EditContacts')

Now, if the context here is the site/application, users with the administrator role can edit all ContactInfos, regardless of who the creator is.

# note: securitypolicy package moved in Grok 0.12+ from zope.app. to zope.
from zope.securitypolicy.interfaces import IPrincipalRoleManager

role_man = IPrincipalRoleManager(context)
role_man.assignRoleToPrincipal('mysite.Administrator', principalID)