Developer's Guide

  • Docs Home
  • Community Home
5. Zenoss Permissions
Prev Chapter 9. Extending the Model Next

5. Zenoss Permissions

In this example we'll be adding a new permission named "Example Permission", assigning it to a method, then checking for that permission.

5.1. Adding New Permissions

  1. Add the new permission to $ZENHOME/Products/ZenModel/ZenossSecurity.py

    ZenossSecurity.py is a file where all the string constants for Zenoss permissions are held. By adding this line to ZenossSecurity.py we've made a new constant that will be used to assign to a method.

    ZEN_EXAMPLE_PERMISSION='Example Permission'

  2. Now that we have a "name" for the permission available, we should add the permission to Zope. In $ZENHOME/Products/ZenModel/ZentinalPortal.py there is a class named PortalGenerator. There is a method named setupPermissions() defined in PortalGenerator.

    Here you'll see a group of calls to manage_permissions. Add a new line to this method that adds your new permission.

         mp(ZEN_EXAMPLE_PERMISSION, [ZEN_MANAGER_ROLE, MANAGER_ROLE], 1)

    The first parameter is the permission. In this example the permission being managed is ZEN_EXAMPLE_PERMISSION. The second parameter is the list of default roles assigned to the permission. In this example ZEN_MANAGER_ROLE and MANAGER_ROLE are set as defaults. The third argument is the acquired flag. When the flag is set to true, the permissions will be acquired in addition to the ones specified.

  3. To make your permission official you'll need to use this permission. Apply your newly added permission to a method. See the next section on assigning permissions to a method. Your permission must be declared and used by a method to make it a valid permission.

5.2. Assigning Permissions to a Method

  1. Import your new permission:

         from Products.ZenModel.ZenossSecurity import *

  2. Import ClassSecurityInfo. In most cases we have set ClassSecurityInfo to security

         from AccessControl import ClassSecurityInfo
     security = ClassSecurityInfo()

  3. Above the method definition add this line of code

     security.declareProtected(ZEN_EXAMPLE_PERMISSION, 'exampleMethod')
 def exampleMethod(self):
  ...

    The first parameter to declareProtected() is the permission to be set on the method. In this case the permission is ZEN_EXAMPLE_PERMISSION. The second parameter is the name of the method. In this case the name of the method is exampleMethod().

5.3. Checking Links

  1. To check permission on a object, call checkRemotePerm().

         self.checkRemotePerm(ZEN_EXAMPLE_PERMISSION, foo)

    The first parameter is the permission to check. In this case the permission is ZEN_EXAMPLE_PERMISSION. The second parameter is the object being checked. In this case the name of the object is foo. This call will check if foo has the ZEN_EXAMPLE_PERMISSION.

Prev Up Next
4. Zenoss XML Schema Home Chapter 10. Zenoss Daemons