[Grok-dev] Default permission for Views?

Jan-Wijbrand Kolman janwijbrand at gmail.com
Wed Nov 5 03:19:29 EST 2008


On Wed, Nov 5, 2008 at 2:04 AM, Kevin Teague <kevin at bud.ca> wrote:
> So should this be made overridable? Or should I just sprinkle
> grok.requires throughout my Views or am I missing something?

For what it's worth, that's what we do in our applications. And I made
a simple custom grokker that scans all of "our" views to see if
there's indeed a grok.require() directive set. And if not, the
application just won't start.

See:

  http://jw.n--tree.net/blog/dev/python/custom-grokkers-for-checking-stuff

(I still have this idea of making a small megrok.strictrequire add-on,
but oh well...)


regards,
jw


ps. I think it was Philipp who explained to me a while ago that
'zope.Public' isn't really a permission itself at all, but an
indication to the security machinerey that there's no need to secure
this view at all. Something like that.

-- 
Jan-Wijbrand Kolman


More information about the Grok-dev mailing list