diff options
| author | Matt Russell <mattr@netsight.co.uk> | 2013-10-24 23:52:42 +0100 |
|---|---|---|
| committer | Matt Russell <matthew.russell@horizon5.org> | 2013-10-27 22:23:31 +0000 |
| commit | 3c2f95e8049bbd45b144d454daa68005361828b2 (patch) | |
| tree | 163b64c41eb061b7f995513de3c2f00f902d86eb /docs/narr/resources.rst | |
| parent | a4492a9bbe0a58aaed68f12657d3ddf979d22921 (diff) | |
| download | pyramid-3c2f95e8049bbd45b144d454daa68005361828b2.tar.gz pyramid-3c2f95e8049bbd45b144d454daa68005361828b2.tar.bz2 pyramid-3c2f95e8049bbd45b144d454daa68005361828b2.zip | |
Security APIs on pyramid.request.Request
The pyramid.security Authorization API function has_permission is made available on the request.
The pyramid.security Authentication API functions are now available as
properties (unauthenticated_userid, authenticated_userid, effective_principals)
and methods (remember_userid, forget_userid) on pyramid.request.Request.
Backwards compatibility:
For each of the APIs moved to request method or property,
the original API in the pyramid.security module proxies to the request.
Reworked tests to check module level b/c wrappers call through to mixins for each API.
Tests that check no reg on request now do the right thing.
Use a response callback to set the request headers for forget_userid and remember_userid.
Update docs.
Attempt to improve a documentation section referencing the pyramid.security.has_permission
function in docs/narr/resources.rst
Ensures backwards compatiblity for `pyramid.security.forget`
and `pyramid.security.remember`.
Diffstat (limited to 'docs/narr/resources.rst')
| -rw-r--r-- | docs/narr/resources.rst | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/narr/resources.rst b/docs/narr/resources.rst index b1bb611e5..34d75f2cc 100644 --- a/docs/narr/resources.rst +++ b/docs/narr/resources.rst @@ -201,7 +201,7 @@ location-aware resources. These APIs include (but are not limited to) :func:`~pyramid.traversal.resource_path`, :func:`~pyramid.traversal.resource_path_tuple`, or :func:`~pyramid.traversal.traverse`, :func:`~pyramid.traversal.virtual_root`, -and (usually) :func:`~pyramid.security.has_permission` and +and (usually) :meth:`~pyramid.request.Request.has_permission` and :func:`~pyramid.security.principals_allowed_by_permission`. In general, since so much :app:`Pyramid` infrastructure depends on @@ -695,10 +695,10 @@ The APIs provided by :ref:`location_module` are used against resources. These can be used to walk down a resource tree, or conveniently locate one resource "inside" another. -Some APIs in :ref:`security_module` accept a resource object as a parameter. -For example, the :func:`~pyramid.security.has_permission` API accepts a +Some APIs on the :class:`pyramid.request.Request` accept a resource object as a parameter. +For example, the :meth:`~pyramid.request.Request.has_permission` API accepts a resource object as one of its arguments; the ACL is obtained from this -resource or one of its ancestors. Other APIs in the :mod:`pyramid.security` -module also accept :term:`context` as an argument, and a context is always a -resource. +resource or one of its ancestors. Other security related APIs on the +:class:`pyramid.request.Request` class also accept :term:`context` as an argument, +and a context is always a resource. |