Docs: Add resource tree into security overview.

author: Karl O. Pinc <kop@meme.com> 2014-08-12 23:05:35 -0500
committer: Karl O. Pinc <kop@meme.com> 2014-08-12 23:53:33 -0500
commit: 6bedf31e5275c2f2a33051a547aa1dc722aafa97 (patch)
tree: 18cbad1db9db200edbb87296b8c0d214ebe3d2e3 /docs/narr
parent: a0cba72fb9925a1476ebf0848fa6ae07bbea5840 (diff)
download: pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.tar.gz
pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.tar.bz2
pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 29c62d9f3..e6bbff44e 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -20,6 +20,12 @@ allowed.  Here's how it works at a high level:
 
 - A :term:`request` is generated when a user visits the application.
 
+- If an :term:`authorization policy` is in effect the application uses
+  the request and it's :term:`root factory` to create a :ref:`resource tree
+  <the_resource_tree>` of :term:`contexts <context>`.  The resource
+  tree maps contexts to URLs and within the contexts the application
+  puts declarations which authorize access.
+
 - Based on the request, a :term:`context` resource is located through
   :term:`resource location`.  A context is located differently depending on
   whether the application uses :term:`traversal` or :term:`URL dispatch`, but
author	Karl O. Pinc <kop@meme.com>	2014-08-12 23:05:35 -0500
committer	Karl O. Pinc <kop@meme.com>	2014-08-12 23:53:33 -0500
commit	6bedf31e5275c2f2a33051a547aa1dc722aafa97 (patch)
tree	18cbad1db9db200edbb87296b8c0d214ebe3d2e3 /docs/narr
parent	a0cba72fb9925a1476ebf0848fa6ae07bbea5840 (diff)
download	pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.tar.gz pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.tar.bz2 pyramid-6bedf31e5275c2f2a33051a547aa1dc722aafa97.zip