Defining RolesΒΆ
Permissions can be grouped together in Roles,
which makes granting all the permissions for a
particular type of user much easier. Defining roles
is similar to defining permissions.
As an example, let’s group all permissions in two roles: one for normal site members, and one for administrators:
class MemberRole(grok.Role):
grok.name('mysite.Member')
grok.title('Contacts Member') # optional
grok.permissions(
'mysite.ViewContacts',
'mysite.AddContacts')
class AdministratorRole(grok.Role):
grok.name('mysite.Administrator')
grok.title('Contacts Administrator') # optional
grok.permissions(
'mysite.ViewContacts',
'mysite.AddContacts',
'mysite.EditContacts')
Now, if the context here is the site/application, users with the administrator role can edit all ContactInfos, regardless of who the creator is.
# note: securitypolicy package moved in Grok 0.12+ from zope.app. to zope.
from zope.securitypolicy.interfaces import IPrincipalRoleManager
role_man = IPrincipalRoleManager(context)
role_man.assignRoleToPrincipal('mysite.Administrator', principalID)