diff options
| author | Theron Luhn <theron@luhn.com> | 2019-12-15 20:27:10 -0800 |
|---|---|---|
| committer | Theron Luhn <theron@luhn.com> | 2019-12-15 20:27:10 -0800 |
| commit | 5f6f7184a997cb2dfa341eef53259d4254a242e8 (patch) | |
| tree | 3b9b015c4c06f2f621ca20d7edf15afe896dc1bb /docs/narr | |
| parent | d79e1dfa0f0f52dbce8ec4a9b08c6ef7740f6dea (diff) | |
| download | pyramid-5f6f7184a997cb2dfa341eef53259d4254a242e8.tar.gz pyramid-5f6f7184a997cb2dfa341eef53259d4254a242e8.tar.bz2 pyramid-5f6f7184a997cb2dfa341eef53259d4254a242e8.zip | |
Remove requirement that identity is validated.
Diffstat (limited to 'docs/narr')
| -rw-r--r-- | docs/narr/security.rst | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index cdc16b6a1..60be067bf 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -69,17 +69,21 @@ A simple security policy might look like the following: from pyramid.security import Allowed, Denied class SessionSecurityPolicy: + def authenticated_userid(self, request): + """ Return a string ID for the user. """ + userid = self.identify(request).id + if validate_userid(request, userid): + return userid + else: + return None + def identify(self, request): """ Return app-specific user object. """ - userid = request.session.get('userid') + userid = self.authenticated_userid if userid is None: return None return load_identity_from_db(request, userid) - def authenticated_userid(self, request): - """ Return a string ID for the user. """ - return self.identify(request).id - def permits(self, request, context, permission): """ Allow access to everything if signed in. """ identity = self.identify(request) @@ -141,12 +145,18 @@ For example, our above security policy can leverage these helpers like so: def __init__(self): self.helper = SessionAuthenticationHelper() - def identify(self, request): + def authenticated_userid(self, request): userid = self.helper.authenticated_userid(request) - return load_identity_from_db(request, userid) + if validate_userid(request, userid): + return userid + else: + return None - def authenticated_userid(self, request): - return self.identify(request).id + def identify(self, request): + userid = self.authenticated_userid + if userid is None: + return None + return load_identity_from_db(request, userid) def permits(self, request, context, permission): """ Allow access to everything if signed in. """ |