Security APIs on pyramid.request.Request

The pyramid.security Authorization API function has_permission is made available on the request.
The pyramid.security Authentication API functions are now available as
properties (unauthenticated_userid, authenticated_userid, effective_principals)
and methods (remember_userid, forget_userid) on pyramid.request.Request.

Backwards compatibility:
    For each of the APIs moved to request method or property,
    the original API in the pyramid.security module proxies to the request.

Reworked tests to check module level b/c wrappers call through to mixins for each API.
Tests that check no reg on request now do the right thing.
Use a response callback to set the request headers for forget_userid and remember_userid.

Update docs.

Attempt to improve a documentation section referencing the pyramid.security.has_permission
function in docs/narr/resources.rst

Ensures backwards compatiblity for `pyramid.security.forget`
and `pyramid.security.remember`.

1 files changed, 1 insertions, 1 deletions

diff --git a/docs/narr/viewconfig.rst b/docs/narr/viewconfig.rst
index 7c76116f7..e5a2c1ade 100644
--- a/docs/narr/viewconfig.rst
+++ b/docs/narr/viewconfig.rst
@@ -435,7 +435,7 @@ configured view.
 
   If specified, this value should be a :term:`principal` identifier or a
   sequence of principal identifiers.  If the
-  :func:`pyramid.security.effective_principals` method indicates that every
+  :meth:`pyramid.request.Request.effective_principals` method indicates that every
   principal named in the argument list is present in the current request, this
   predicate will return True; otherwise it will return False.  For example:
   ``effective_principals=pyramid.security.Authenticated`` or