Access control in Grok is extremely easy.
When defining a view or viewlet, one may protect it by specifying the grok.requires()
directive. grok.requires()
may take as an argument either text, or a grok.Permission
class.
All permission strings by convention start with a prefix; the basic zope permissions have a 'zope.
' prefix, while our wiki uses the 'gfn.
' prefix. For example, the Administering permission has a text equivalent of 'gfn.administering
'.
When protecting viewlets, those viewlets which are not allowed for the current principal are simply not rendered. For protected views on the other hand, the security mechanism will render the login page instead of the view, and after accepting credentials will redirect to the original page.
For views or viewlets which should be accessable to anybody, one should use the permission 'zope.Public
':
For views which should be resticted, specify the needed permission:
...which is equivalent to:
To manually check a permission for the current user, one may use a request.interaction.checkPermission
. For examples: