How to check permission in Plone?

Question

How to check permission in Plone?

Looking at http://developer.plone.org on how to check the resolution, the first two results:

The first protects zope.security.checkPermission, and the second prefers AccessControl.getSecurityManager().checkPermission.

Looking at setup.py AccessControl, I see that it depends on zope.security, so the later version is lower level, so to speak, but at the same time, zope.security seems to be getting more attention now, while AccessControl seems more stable (regarding the receipt of changes on it).

So, I wonder what a safe and modern way to check permissions.

+4

security zope plone

gforcada Mar 31 '14 at 11:33

source share

2 answers

I personally prefer to use plone.api. See document plone.api.user

This way you do not need to care about the low level api. Even if this changes in the future, plone.api will fix it for you :-)

+3

Mathias Mar 31 '14 at 12:15

source share

adamfc · Accepted Answer · 2014-03-31T11:48:51+0000

I personally always use the checkPermission from the AccessControl, but I believe that under the hood, both zope.security and AccessControl will call the same code. I searched this code before, and I think it is actually in the C part of the role / permission logic.

How to check permission in Plone?

More articles: