[Grok-dev] protecting grok.Model objects with zcml

Christian Klinger cklinger at novareto.de
Thu Sep 20 13:58:22 UTC 2012


Hi Aroldo,

i don't know the details, but maybe this old thread helps you:

http://thread.gmane.org/gmane.comp.web.zope.grok.devel/7381

Cheers
Christian

Aroldo Souza-Leite schrieb:
> Hi list,
>
> is it possible to use 'classical' zcml directives to protect persistent
> instances of
> a class that inherits from grok.Model?
>
> Sorry, I lost the thread of of a former discussion about only grok.View
> being protected through grok.require directives. I would be thankful for
> a pointer to an update.
>
> What I'm trying to do:
>
>
> class Stone(grok.Model):
> '''
> Instances of subclasses should be protected.
> '''
>
> class HardStone(Stone):
> '''
> A hard stone.
> '''
> grok.implements(IHardStone)
>
> def __init__(self,name="hardstone-" + str(time.time()), hardness = 1,
> density = 0):
> super(HardStone,self).__init__()
> self.hardness = hardness
> self.density = density
>
>
> class UpdateHardness(grok.Permission):
> grok.name('livebase.stones.update_hardness')
>
>
> The directives in configure.zcml:
>
> <class class="livebase.stones.HardStone">
> <require permission="livebase.stones.update_hardness"
> set_attributes="hardness"
> />
> </class>
>
>
> No user has roles with these permissions. But in the present state any
> "public" view
> can change the value of 'hardness'. I get the impression that if the
> view is not protected,
> the persistent object that this view shows (and updates) cannot be
> protected either. Is something missing to
> activate the zope security proxy for persistent objects?
> What surprises me is that the Grok frameworks seems to know and
> recognize all the elements involved in this configuration.
> Am I making a basic mistake here?
>
> I would be grateful for any hints.
>
> Regards,
>
> Aroldo.



More information about the Grok-dev mailing list