How one should check for a permission in Plone?

Question

Looking at http://developer.plone.org on how to check for a permission the first two results are:

• http://developer.plone.org/reference_manuals/external/plone.app.dexterity/advanced/permissions.html
• http://docs.plone.org/4/en/develop/plone/security/permissions.html

The first one advocates for zope.security.checkPermission while the second prefers a AccessControl.getSecurityManager().checkPermission.

Looking at the setup.py of AccessControl I see that it depends on zope.security, so the later is more low-level so to say, but at the same time zope.security seems to get more attention nowadays while AccessControl seems to be more stable (regarding getting changes on it).

So, I'm wondering which is the safe and up-to-date way to check for permissions.

Answer 1

I personally always use the checkPermission from AccessControl, but I believe under the hood both zope.security and AccessControl will be calling the same code. I've looked for this code before and I think it's actually in the C portion of the roles/permissions logic.