Here's a brief example of how to use peak security. (A more detailed explanation with multiple examples can be found on the SecurityRules page.)
Let's save this code as security_test.py
1 from peak.api import *
2
3 class Owner(security.Permission):
4 pass
5
6 class User(object):
7 pass
8
9 class Building(object):
10
11 binding.metadata(
12 burnBuilding = Owner # permission needed for the method
13 )
14
15 def burnBuilding(self):
16 print "Burn baby burn"
17
18
19 class BuildingRules(security.Context):
20
21 [security.hasPermission.when("perm==Owner and isinstance(subject,Building)")]
22 def checkCanBurn(self, user, perm, subject):
23 return user is subject.owner or security.Denial(
24 "You are not allowed to burn that building"
25 )]]>]]>
Let's save this code segment as security_test_runner.py
1 from peak.api import *
2 from security_test import *
3
4 myHouse = Building()
5 Joe = User()
6 myHouse.owner = Joe
7 theContext = BuildingRules()
8
9 permissionNeeded = theContext.permissionFor(myHouse,"burnBuilding")
10 allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse)
11
12 print "Joe is an owner he should be allowed to burn his own house:"
13 if allowed:
14 myHouse.burnBuilding()
15 else:
16 print allowed.message
17
18 print "Now we 'remove' ownership from Joe and try to burn it again"
19
20 myHouse.owner = None
21 allowed = theContext.hasPermission(Joe, permissionNeeded, myHouse )
22 if allowed:
23 myHouse.burnBuilding()
24 else:
25 print allowed.message]]>]]>
]]>
... to be continued
A detailed explanation of the concepts can be found here (but they describe an older implementation of peak.security; please see SecurityRules for up-to-date documentation):
![[WWW]](/wiki/img/moin-www.gif){kind=small}
http://www.eby-sarna.com/pipermail/peak/2003-December/000970.html