[Grok-dev] Re: Protecting views to allow anonymous access only

Philipp von Weitershausen philipp at weitershausen.de
Thu Jul 31 05:50:02 EDT 2008


Andreas Kaiser wrote:
> I'm in the progress of developing my first Grok application, so please
> be patient with me and my maybe stupid questions.
> 
> Right now I'm stuck with this…
> 
> I need to protect a view, so that it can be accessed *only* by
> anonymous users.

That's going to be hard to impossible to do with Zope's default security 
policy.

> I know:
> 
> ~  - how to protect a view with e.g.
> ~    grok.require('my.CustomPermission')
> 
> ~  - how to create a custom role
> 
> ~  - how to gather permissions in this role
> 
> I don't know:
> 
> ~  - how to grant my role to the anonymous user

Best done in site.zcml, which is generated out of your buildout.cfg.

   <grant
      role="..."
      principal="zope.anybody"
      />

You can also make local grants so that this grant is only active below a 
certain object 'obj':

   manager = IPrincipalRoleManager(obj)
   manager.assignRoleToPrincipal(role_id, principal_id)



More information about the Grok-dev mailing list