Add convenience has_permission function.

4 files changed, 39 insertions, 3 deletions

diff --git a/repoze/bfg/sampleapp/templates/blog.pt b/repoze/bfg/sampleapp/templates/blog.pt
index 8eb3945db..b428374fc 100644
--- a/repoze/bfg/sampleapp/templates/blog.pt
+++ b/repoze/bfg/sampleapp/templates/blog.pt
@@ -15,7 +15,7 @@
       <td>${entry.created}</td>
     </tr>
   </table>
-  <p>
+  <p tal:condition="can_add">
     <a href="add_entry.html">Add blog entry</a>
   </p>
 </body>
diff --git a/repoze/bfg/sampleapp/views.py b/repoze/bfg/sampleapp/views.py
index ce591dec2..5b72c8a28 100644
--- a/repoze/bfg/sampleapp/views.py
+++ b/repoze/bfg/sampleapp/views.py
@@ -5,12 +5,17 @@ from webob.exc import HTTPFound
 
 from repoze.bfg.template import render_template
 from repoze.bfg.sampleapp.models import BlogEntry
+from repoze.bfg.security import has_permission
 
 def datestring(dt):
     return dt.strftime('%Y-%m-%d %H:%M:%S')
 
 def blog_default_view(context, request):
     entrydata = []
+
+    can_add = False
+    if has_permission('add', context, request):
+        can_add = True
     for name, entry in context.items():
         entrydata.append(
             {
@@ -23,7 +28,7 @@ def blog_default_view(context, request):
             )
 
     return render_template('templates/blog.pt', name=context.__name__,
-                           entries=entrydata)
+                           entries=entrydata, can_add=can_add)
 
 def blog_entry_default_view(context, request):
     info = {
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index 6f2c858e3..21a0a3f2a 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -1,4 +1,6 @@
 from zope.interface import implements
+from zope.component import queryUtility
+
 from zope.location.location import LocationIterator
 
 from repoze.bfg.interfaces import ISecurityPolicy
@@ -11,6 +13,12 @@ Authenticated = 'system.Authenticated'
 Allow = 'Allow'
 Deny = 'Deny'
 
+def has_permission(permission, context, request):
+    policy = queryUtility(ISecurityPolicy)
+    if policy is None:
+        return True
+    return policy.permits(context, request, permission)
+
 class ACLAuthorizer(object):
 
     def __init__(self, context, logger=None):
diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 8a4c624e9..832cc8a43 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -276,6 +276,27 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup):
         self.assertEqual(authorizer_factory.permission, 'view')
         self.assertEqual(authorizer_factory.context, context)
 
+class TestHasPermission(unittest.TestCase):
+    def _getFUT(self):
+        from repoze.bfg.security import has_permission
+        return has_permission
+
+    def _registerSecurityPolicy(self, secpol):
+        import zope.component
+        gsm = zope.component.getGlobalSiteManager()
+        from repoze.bfg.interfaces import ISecurityPolicy
+        gsm.registerUtility(secpol, ISecurityPolicy)
+
+    def test_registered(self):
+        secpol = DummySecurityPolicy(False)
+        self._registerSecurityPolicy(secpol)
+        has_permission = self._getFUT()
+        self.assertEqual(has_permission('view', None, None), False)
+        
+    def test_not_registered(self):
+        has_permission = self._getFUT()
+        self.assertEqual(has_permission('view', None, None), True)
+
 
 class TestViewPermission(unittest.TestCase):
     def _getTargetClass(self):
@@ -352,7 +373,9 @@ class make_authorizer_factory:
                     raise NoAuthorizationInformation()
                 return result
         return Authorizer()
-        
+
+    
+