[Grok-dev] local roles and REST

whit morriss d.w.morriss at gmail.com
Thu May 15 17:17:08 EDT 2008


I was attempting to do some basic securing of REST methods ala::
...
     @grok.require('almanac.add')
     def POST(self):
...

almanac.add is a generic permission that gets granted to the 
almanac.owner role on the container.  The local role of owner is granted 
to the active principal at the time of the containers creation (using 
subscribers).

My tests were blowing up until I (pdbed through the checker) and added 
an adapter to zope.app.securitypolicy.interfaces.IPrincipalRoleMap from 
my REST "view"::

@grok.adapter(AlmanacAPPBase)
@grok.implementer(IPrincipalRoleMap)
def context_role_manager(controller):
     "Delegate to context"
     return IPrincipalRoleMap(controller.context)

...

Am I missing something elsewhere or are local roles not being applied by 
default to REST views (grok 0.11.1)?

-w



More information about the Grok-dev mailing list