Looking at http://developer.plone.org on how to check for a permission the first two results are:
The first one advocates for zope.security.checkPermission
while the second prefers a AccessControl.getSecurityManager().checkPermission
.
Looking at the setup.py of AccessControl
I see that it depends on zope.security
, so the later is more low-level so to say, but at the same time zope.security seems to get more attention nowadays while AccessControl seems to be more stable (regarding getting changes on it).
So, I'm wondering which is the safe and up-to-date way to check for permissions.
I personally always use the checkPermission from AccessControl, but I believe under the hood both zope.security and AccessControl will be calling the same code. I've looked for this code before and I think it's actually in the C portion of the roles/permissions logic.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With