from AccessControl import ClassSecurityInfo class MyClass: security = ClassSecurityInfo() # require 'view' permission to call my_method security.declareProtected('view', 'my_method') def my_method(self): # code for the method
from AccessControl import ClassSecurityInfo class MyProtectedClass: security = ClassSecurityInfo() # require 'manage_users' permission to access the 'users' attribute security.declareProtected('manage_users', 'users') def __init__(self): self.users = [] def add_user(self, user): self.users.append(user) def remove_user(self, user): self.users.remove(user)In this example, the MyProtectedClass class has a security attribute that is used to restrict access to the users attribute. The declareProtected method is used to require the 'manage_users' permission in order to access the users attribute. The AccessControl package is part of the Zope application server and is available as a separate package on PyPI.