from AccessControl.SecurityInfo import ClassSecurityInfo class MyObject: security = ClassSecurityInfo() # define permissions and roles for the object security.declareObjectPublic() # allow public access to the object security.declareProtected('View', 'myMethod') # protect the method with a 'View' permission def myMethod(self): # do something
from AccessControl.SecurityInfo import ClassSecurityInfo from AccessControl.Permissions import view class MyObject: security = ClassSecurityInfo() security.declareProtected(view, 'myMethod') def myMethod(self): # do something # grant a role to a user from AccessControl import getSecurityManager user = getSecurityManager().getUser() if user.has_role('Manager'): MyObject.security.manage_role('Manager', ['myMethod'])In this example, we define a security configuration for the `MyObject` class, protecting the `myMethod` method with a 'View' permission. We then grant the 'Manager' role to the current user, giving them permission to call the method.