diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-01-17 21:13:35 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-01-17 21:13:35 +0000 |
| commit | 041897caf1f765d0edffcc3a1af2787714f308ca (patch) | |
| tree | fb4db3d622de017c955d588d23a0e3a1b072bcbb /docs/api | |
| parent | eff4620c56f38c32113cd452b18b8af8f8cd1bbd (diff) | |
| download | pyramid-041897caf1f765d0edffcc3a1af2787714f308ca.tar.gz pyramid-041897caf1f765d0edffcc3a1af2787714f308ca.tar.bz2 pyramid-041897caf1f765d0edffcc3a1af2787714f308ca.zip | |
Security policy documentation.
Diffstat (limited to 'docs/api')
| -rw-r--r-- | docs/api/security.rst | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/docs/api/security.rst b/docs/api/security.rst index c7088656e..accc46205 100644 --- a/docs/api/security.rst +++ b/docs/api/security.rst @@ -5,47 +5,65 @@ .. automodule:: repoze.bfg.security - .. autofunction:: authenticated_userid +API Functions +~~~~~~~~~~~~~ - .. autofunction:: effective_principals +.. autofunction:: authenticated_userid - .. autofunction:: has_permission +.. autofunction:: effective_principals - .. autofunction:: principals_allowed_by_permission +.. autofunction:: has_permission - .. attribute:: Everyone +.. autofunction:: principals_allowed_by_permission + +Constants +~~~~~~~~~ + +.. attribute:: Everyone The special principal id named 'Everyone'. This principal id is granted to all requests. Its actual value is the string 'system.Everyone'. - .. attribute:: Authenticated +.. attribute:: Authenticated The special principal id named 'Authenticated'. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the security policy). Its actual value is the string 'system.Authenticated'. - .. attribute:: Allow +Return Values +~~~~~~~~~~~~~ + +.. attribute:: Allow The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, 'read')`` that means allow access. A sequence of ACEs makes up an ACL. It is a string, and it's actual value is "Allow". - .. attribute:: Deny +.. attribute:: Deny The ACE "action" (the first element in an ACE e.g. ``(Deny, 'george', 'read')`` that means deny access. A sequence of ACEs makes up an ACL. It is a string, and it's actual value is "Deny". - .. autoclass:: ACLDenied - :members: +.. autoclass:: ACLDenied + :members: + +.. autoclass:: ACLAllowed + :members: + +.. autoclass:: Denied + :members: + +.. autoclass:: Allowed + :members: + +.. _security_policies_api_section: - .. autoclass:: ACLAllowed - :members: +Security Policies +~~~~~~~~~~~~~~~~~ - .. autoclass:: Denied - :members: +.. autofunction:: RepozeWhoIdentityACLSecurityPolicy - .. autoclass:: Allowed - :members: +.. autofunction:: RemoteUserACLSecurityPolicy |