Deprecation notices.

6 files changed, 67 insertions, 25 deletions

diff --git a/docs/api/request.rst b/docs/api/request.rst
index e7b2edc9a..8e0f77b87 100644
--- a/docs/api/request.rst
+++ b/docs/api/request.rst
@@ -166,7 +166,11 @@
 
    .. attribute:: authenticated_userid
 
-      .. versionadded:: 1.5
+      .. deprecated:: 2.0
+
+          ``authenticated_userid`` has been replaced by
+          :attr:`authenticated_identity` in the new security system.  See
+          :ref:`upgrading_auth` for more information.
 
       A property which returns the :term:`userid` of the currently
       authenticated user or ``None`` if there is no :term:`authentication
@@ -178,7 +182,11 @@
 
    .. attribute:: unauthenticated_userid
 
-      .. versionadded:: 1.5
+      .. deprecated:: 2.0
+
+          ``unauthenticated_userid`` has been replaced by
+          :attr:`authenticated_identity` in the new security system.  See
+          :ref:`upgrading_auth` for more information.
 
       A property which returns a value which represents the *claimed* (not
       verified) :term:`userid` of the credentials present in the
@@ -193,7 +201,10 @@
 
    .. attribute:: effective_principals
 
-      .. versionadded:: 1.5
+      .. deprecated:: 2.0
+
+          The new security policy has removed the concept of principals.  See
+          :ref:`upgrading_auth` for more information.
 
       A property which returns the list of 'effective' :term:`principal`
       identifiers for this request.  This list typically includes the
diff --git a/src/pyramid/config/__init__.py b/src/pyramid/config/__init__.py
index d8961268a..cf1bfad44 100644
--- a/src/pyramid/config/__init__.py
+++ b/src/pyramid/config/__init__.py
@@ -144,12 +144,11 @@ class Configurator(
 
     If ``authentication_policy`` is passed, it should be an instance
     of an :term:`authentication policy` or a :term:`dotted Python
-    name` to the same.  (Deprecated as of Pyramid 2.0 in favor of
-    ``security_policy``.)
+    name` to the same.
 
     If ``authorization_policy`` is passed, it should be an instance of
     an :term:`authorization policy` or a :term:`dotted Python name` to
-    the same.  (Deprecated as of Pyramid 2.0 in favor of ``security_policy``.)
+    the same.
 
     .. note:: A ``ConfigurationError`` will be raised when an
        authorization policy is supplied without also supplying an
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py
index e8ea0878d..a68581ff1 100644
--- a/src/pyramid/config/security.py
+++ b/src/pyramid/config/security.py
@@ -58,7 +58,13 @@ class SecurityConfiguratorMixin(object):
 
     @action_method
     def set_authentication_policy(self, policy):
-        """ Override the :app:`Pyramid` :term:`authentication policy` in the
+        """
+        .. deprecated:: 2.0
+
+            Authentication policies have been replaced by
+            security policies.  See :ref:`upgrading_auth` for more information.
+
+        Override the :app:`Pyramid` :term:`authentication policy` in the
         current configuration.  The ``policy`` argument must be an instance
         of an authentication policy or a :term:`dotted Python name`
         that points at an instance of an authentication policy.
@@ -105,7 +111,13 @@ class SecurityConfiguratorMixin(object):
 
     @action_method
     def set_authorization_policy(self, policy):
-        """ Override the :app:`Pyramid` :term:`authorization policy` in the
+        """
+        .. deprecated:: 2.0
+
+            Authentication policies have been replaced by
+            security policies.  See :ref:`upgrading_auth` for more information.
+
+        Override the :app:`Pyramid` :term:`authorization policy` in the
         current configuration.  The ``policy`` argument must be an instance
         of an authorization policy or a :term:`dotted Python name` that points
         at an instance of an authorization policy.
@@ -115,6 +127,7 @@ class SecurityConfiguratorMixin(object):
            Using the ``authorization_policy`` argument to the
            :class:`pyramid.config.Configurator` constructor can be used to
            achieve the same purpose.
+
         """
 
         def register():
diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py
index bc52e324e..06ab1c32e 100644
--- a/src/pyramid/interfaces.py
+++ b/src/pyramid/interfaces.py
@@ -518,7 +518,8 @@ class IAuthenticationPolicy(Interface):
 
     .. deprecated:: 2.0
 
-        Use :class:`ISecurityPolicy`.
+        Authentication policies have been removed in favor of security
+        policies.  See :ref:`upgrading_auth` for more information.
 
     """
 
@@ -577,7 +578,8 @@ class IAuthorizationPolicy(Interface):
 
     .. deprecated:: 2.0
 
-        Use :class:`ISecurityPolicy`.
+        Authentication policies have been removed in favor of security
+        policies.  See :ref:`upgrading_auth` for more information.
 
     """
 
diff --git a/src/pyramid/predicates.py b/src/pyramid/predicates.py
index 974f41cc5..eafd4b890 100644
--- a/src/pyramid/predicates.py
+++ b/src/pyramid/predicates.py
@@ -294,7 +294,8 @@ class EffectivePrincipalsPredicate(object):
     """
     .. deprecated:: 2.0
 
-        No longer applicable with the new :term:`security policy`.
+        The new security system has removed the concept of principals.  See
+        :ref:`upgrading_auth` for more information.
 
     """
 
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index eb5ba3e19..44ae75196 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -107,7 +107,13 @@ def forget(request):
 
 
 def principals_allowed_by_permission(context, permission):
-    """ Provided a ``context`` (a resource object), and a ``permission``
+    """
+    .. deprecated:: 2.0
+
+        The new security policy has removed the concept of principals.  See
+        :ref:`upgrading_auth` for more information.
+
+    Provided a ``context`` (a resource object), and a ``permission``
     string, if an :term:`authorization policy` is
     in effect, return a sequence of :term:`principal` ids that possess
     the permission in the ``context``.  If no authorization policy is
@@ -322,13 +328,16 @@ class SecurityAPIMixin(object):
 class AuthenticationAPIMixin(object):
     @property
     def authenticated_userid(self):
-        """ Return the userid of the currently authenticated user or
-        ``None`` if there is no :term:`authentication policy` in effect or
-        there is no currently authenticated user.
-
+        """
         .. deprecated:: 2.0
 
-            Use ``request.identity`` instead.
+            ``authenticated_userid`` has been replaced by
+            :attr:`authenticated_identity` in the new security system.  See
+            :ref:`upgrading_auth` for more information.
+
+        Return the userid of the currently authenticated user or
+        ``None`` if there is no :term:`authentication policy` in effect or
+        there is no currently authenticated user.
 
         """
         authn = _get_authentication_policy(self)
@@ -342,7 +351,14 @@ class AuthenticationAPIMixin(object):
 
     @property
     def unauthenticated_userid(self):
-        """ Return an object which represents the *claimed* (not verified) user
+        """
+        .. deprecated:: 2.0
+
+            ``unauthenticated_userid`` has been replaced by
+            :attr:`authenticated_identity` in the new security system.  See
+            :ref:`upgrading_auth` for more information.
+
+        Return an object which represents the *claimed* (not verified) user
         id of the credentials present in the request. ``None`` if there is no
         :term:`authentication policy` in effect or there is no user data
         associated with the current request.  This differs from
@@ -350,10 +366,6 @@ class AuthenticationAPIMixin(object):
         effective authentication policy will not ensure that a record
         associated with the userid exists in persistent storage.
 
-        .. deprecated:: 2.0
-
-            Use ``request.identity`` instead.
-
         """
         authn = _get_authentication_policy(self)
         security = _get_security_policy(self)
@@ -366,13 +378,17 @@ class AuthenticationAPIMixin(object):
 
     @property
     def effective_principals(self):
-        """ Return the list of 'effective' :term:`principal` identifiers
+        """
+        .. deprecated:: 2.0
+
+            The new security policy has removed the concept of principals.  See
+            :ref:`upgrading_auth` for more information.
+
+        Return the list of 'effective' :term:`principal` identifiers
         for the ``request``. If no :term:`authentication policy` is in effect,
         this will return a one-element list containing the
         :data:`pyramid.security.Everyone` principal.
 
-        .. deprecated:: 2.0
-
         """
         policy = _get_authentication_policy(self)
         if policy is None: