The browser:page
handler sets the permission on the view class itself. There is no central component that keeps track.
In Zope 2, that is delegated to the AccessControl.security.protectClass()
function, which is the equivalent of adding a ClassSecurityInfo
object to your view class:
from AccessControl.SecurityInfo import ClassSecurityInfo
class report_form_name(BrowserView):
security = ClassSecurityInfo()
security.declareObjectProtected('cmf.SetOwnPassword')
or, if making the view public (zope.Public
) or private (zope.Private
), the security.declareObjectPublic()
or security.declareObjectPrivate()
calls are used instead.
The class security info is translated into a __roles__
and __ac_permissions__
attributes on the class that the publisher inspects when checking permissions. See the Security chapter of the Zope Secrets book for details on how those work.