Implement legacy security policy.

2 files changed, 87 insertions, 1 deletions

diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index 61819588b..abb9c7442 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -1,6 +1,7 @@
-from zope.interface import providedBy
+from zope.interface import implementer, providedBy
 
 from pyramid.interfaces import (
+    ISecurityPolicy,
     IAuthenticationPolicy,
     IAuthorizationPolicy,
     ISecuredView,
@@ -363,3 +364,36 @@ class AuthorizationAPIMixin(object):
             )  # should never happen
         principals = authn_policy.effective_principals(self)
         return authz_policy.permits(context, principals, permission)
+
+
+@implementer(ISecurityPolicy)
+class LegacySecurityPolicy:
+    """
+    A :term:`security policy` which provides a backwards compatibility shim for
+    the :term:`authentication policy` and the :term:`authorization policy`.
+
+    """
+
+    def _get_authn_policy(self, request):
+        return request.registry.getUtility(IAuthenticationPolicy)
+
+    def _get_authz_policy(self, request):
+        return request.registry.getUtility(IAuthorizationPolicy)
+
+    def identify(self, request):
+        authn = self._get_authn_policy(request)
+        return authn.authenticated_userid(request)
+
+    def remember(self, request, userid, **kw):
+        authn = self._get_authn_policy(request)
+        return authn.remember(request, userid, **kw)
+
+    def forget(self, request):
+        authn = self._get_authn_policy(request)
+        return authn.forget(request)
+
+    def permits(self, request, context, identity, permission):
+        authn = self._get_authn_policy(request)
+        authz = self._get_authz_policy(request)
+        principals = authn.effective_principals(request)
+        return authz.permits(context, principals, permission)
diff --git a/tests/test_security.py b/tests/test_security.py
index 8b8028f61..ee4340ced 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -473,6 +473,58 @@ class TestHasPermission(unittest.TestCase):
         self.assertRaises(AttributeError, request.has_permission, 'view')
 
 
+class TestLegacySecurityPolicy(unittest.TestCase):
+    def setUp(self):
+        testing.setUp()
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_identity(self):
+        from pyramid.security import LegacySecurityPolicy
+
+        request = _makeRequest()
+        policy = LegacySecurityPolicy()
+        _registerAuthenticationPolicy(request.registry, 'userid')
+
+        self.assertEqual(policy.identify(request), 'userid')
+
+    def test_remember(self):
+        from pyramid.security import LegacySecurityPolicy
+
+        request = _makeRequest()
+        policy = LegacySecurityPolicy()
+        _registerAuthenticationPolicy(request.registry, None)
+
+        self.assertEqual(
+            policy.remember(request, 'userid'), [('X-Pyramid-Test', 'userid')]
+        )
+
+    def test_forget(self):
+        from pyramid.security import LegacySecurityPolicy
+
+        request = _makeRequest()
+        policy = LegacySecurityPolicy()
+        _registerAuthenticationPolicy(request.registry, None)
+
+        self.assertEqual(
+            policy.forget(request), [('X-Pyramid-Test', 'logout')]
+        )
+
+    def test_permits(self):
+        from pyramid.security import LegacySecurityPolicy
+
+        request = _makeRequest()
+        policy = LegacySecurityPolicy()
+        _registerAuthenticationPolicy(request.registry, ['p1', 'p2'])
+        _registerAuthorizationPolicy(request.registry, True)
+
+        self.assertIs(
+            policy.permits(request, request.context, 'userid', 'permission'),
+            True,
+        )
+
+
 _TEST_HEADER = 'X-Pyramid-Test'