Last modified: May 02, 2025 By Alexander Williams

Manage Plone Permissions with Python

Plone offers robust security features. Python helps customize them. This guide explains how to manage permissions effectively.

Table Of Contents

Understanding Plone Security Basics
Checking Permissions in Python
Modifying Permissions Programmatically
Working with Local Roles
Creating Custom Workflows
Securing Views and Forms
Best Practices
Conclusion

Understanding Plone Security Basics

Plone uses a granular permission system. It controls access to content and features. Permissions are tied to roles and workflows.

Key components include:

Roles (Admin, Member, Anonymous)
Permissions (View, Add, Edit, Delete)
Workflows (Publication states)

Checking Permissions in Python

Use checkPermission() to verify access. It's available on any content object.


from AccessControl import getSecurityManager

def can_view(context):
    sm = getSecurityManager()
    return sm.checkPermission('View', context)

This returns True if current user can view the content. Learn more about Plone core concepts.

Modifying Permissions Programmatically

Change permissions using the manage_permission() method. This example adds a custom permission:


from Products.CMFCore.permissions import setDefaultRoles

PERMISSION = "my.addon: Custom Permission"
setDefaultRoles(PERMISSION, ('Manager',))

Important: Always set default roles for new permissions.

Working with Local Roles

Local roles override global settings. Use them for specific content items.


def assign_local_role(context, user_id, roles):
    context.manage_setLocalRoles(user_id, roles)
    context.reindexObjectSecurity()

This assigns roles to a user for one content item. For more on content, see custom content models.

Creating Custom Workflows

Workflows define state-based permissions. Here's a basic workflow setup:


from Products.CMFPlone.WorkflowTool import WorkflowTool

def setup_custom_workflow(portal):
    wtool = WorkflowTool()
    wtool.manage_addWorkflow('my_workflow', 'My Workflow')

Add states and transitions as needed. Each state can have different permissions.

Securing Views and Forms

Protect browser views with the @secure decorator:


from AccessControl import secure

@secure
class MySecuredView(BrowserView):
    """This view requires special permissions"""

For forms, check out custom forms in Plone.

Best Practices

Follow these security guidelines:

Always test permission changes
Document custom permissions
Use workflows for complex scenarios
Audit security settings regularly

Conclusion

Python provides powerful tools for Plone security. You can check, modify, and extend permissions. Always follow security best practices.

Start with simple checks. Then move to custom workflows. Finally implement advanced security features as needed.