To validate a permission in a particular context, such as the current content object, for the current user, we can do:
from AccessControl import getSecurityManager
from Products.CMFCore.permissions import ModifyPortalContent
sm = getSecurityManager()
if sm.checkPermission(ModifyPortalContent, context):
# do something
Permissions are identified by strings, so we could use "Modify portal content" instead of importing and using ModifyPortalContent, but using the constant is less error-prone. To grant a particular permission to a list of roles, we can do:
Of course, it would be better to use a constant (provided there is one defined), but as the example shows, strings work too. Set acquire=0 to turn off acquisition of role assignments. To find out if the current user is logged in (that is, whether the user is "anonymous" or not), we can use the portal_membership tool:
from Products.CMFCore.utils import getToolByName
mtool = getToolByName(context, 'portal_membership')
if mtool.isAnonymousUser():
# do something
Similarly, we can obtain the current member from this tool:
member = mtool.getAuthenticatedMember()
if member is not None:
userId = member.getId()