Bring back identity into permits.

author: Theron Luhn <theron@luhn.com> 2019-12-14 20:17:36 -0800
committer: Theron Luhn <theron@luhn.com> 2019-12-14 20:17:36 -0800
commit: 2e06fa414412688dc3b7e0b422b0fc0b96ec882f (patch)
tree: 8acfecec6dd36eb8ed0763a93a7674ebc7fc140a /docs/narr
parent: cd0b92d10bfbb38068c216ce44dde9732fa127a8 (diff)
download: pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.tar.gz
pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.tar.bz2
pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.zip
1 files changed, 4 insertions, 8 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index b01bec903..07b7fe825 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -80,9 +80,8 @@ A simple security policy might look like the following:
             """ Return a string ID for the user. """
             return self.identify(request).id
 
-        def permits(self, request, context, permission):
+        def permits(self, request, context, identity, permission):
             """ Allow access to everything if signed in. """
-            identity = self.identify(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -148,9 +147,8 @@ For example, our above security policy can leverage these helpers like so:
         def authenticated_userid(self, request):
             return self.identify(request).id
 
-        def permits(self, request, context, permission):
+        def permits(self, request, context, identity, permission):
             """ Allow access to everything if signed in. """
-            identity = self.identify(request)
             if identity is not None:
                 return Allowed('User is signed in.')
             else:
@@ -238,9 +236,7 @@ might look like so:
     from pyramid.security import Allowed, Denied
 
     class SecurityPolicy:
-        def permits(self, request, context, permission):
-            identity = self.identify(request)
-
+        def permits(self, request, context, identity, permission):
             if identity is None:
                 return Denied('User is not signed in.')
             if identity.role == 'admin':
@@ -330,7 +326,7 @@ object.  An implementation might look like this:
     from pyramid.authorization import ACLHelper
 
     class SecurityPolicy:
-        def permits(self, request, context, permission):
+        def permits(self, request, context, identity, permission):
             principals = [Everyone]
             if identity is not None:
                 principals.append(Authenticated)
author	Theron Luhn <theron@luhn.com>	2019-12-14 20:17:36 -0800
committer	Theron Luhn <theron@luhn.com>	2019-12-14 20:17:36 -0800
commit	2e06fa414412688dc3b7e0b422b0fc0b96ec882f (patch)
tree	8acfecec6dd36eb8ed0763a93a7674ebc7fc140a /docs/narr
parent	cd0b92d10bfbb38068c216ce44dde9732fa127a8 (diff)
download	pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.tar.gz pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.tar.bz2 pyramid-2e06fa414412688dc3b7e0b422b0fc0b96ec882f.zip