diff options
| author | Carlos de la Guardia <cguardia@hal9001.(none)> | 2011-03-15 20:35:02 -0400 |
|---|---|---|
| committer | Carlos de la Guardia <cguardia@hal9001.(none)> | 2011-03-15 20:35:02 -0400 |
| commit | 0aed1cdd37fb57663b978d1d8728d5b652b0b092 (patch) | |
| tree | 09057b3bf9ee1a397694e884ff225a599be7f6f1 /docs/tutorials/wiki2/authorization.rst | |
| parent | 9fd15137314f304559479c1846d930a36b0e772e (diff) | |
| download | pyramid-0aed1cdd37fb57663b978d1d8728d5b652b0b092.tar.gz pyramid-0aed1cdd37fb57663b978d1d8728d5b652b0b092.tar.bz2 pyramid-0aed1cdd37fb57663b978d1d8728d5b652b0b092.zip | |
Restructured the routes wiki tutorial to make it easier to follow along. Moved the routes tutorial above the traversal tutorial.
Diffstat (limited to 'docs/tutorials/wiki2/authorization.rst')
| -rw-r--r-- | docs/tutorials/wiki2/authorization.rst | 63 |
1 files changed, 38 insertions, 25 deletions
diff --git a/docs/tutorials/wiki2/authorization.rst b/docs/tutorials/wiki2/authorization.rst index fef74e4e2..0f3a9c31c 100644 --- a/docs/tutorials/wiki2/authorization.rst +++ b/docs/tutorials/wiki2/authorization.rst @@ -40,16 +40,10 @@ We'll modify our ``__init__.py``, passing in a :term:`root factory` to our inside our ``models.py`` file. Add the following statements to your ``models.py`` file: -.. code-block:: python - - from pyramid.security import Allow - from pyramid.security import Everyone - - class RootFactory(object): - __acl__ = [ (Allow, Everyone, 'view'), - (Allow, 'group:editors', 'edit') ] - def __init__(self, request): - pass +.. literalinclude:: src/authorization/tutorial/models.py + :lines: 3-4,45-49 + :linenos: + :language: python The ``RootFactory`` class we've just added will be used by :app:`Pyramid` to construct a ``context`` object. The context is @@ -84,16 +78,45 @@ For any :app:`Pyramid` application to perform authorization, we need to add a We'll change our ``__init__.py`` file to enable an ``AuthTktAuthenticationPolicy`` and an ``ACLAuthorizationPolicy`` to enable -declarative security checking. We'll also change ``__init__.py`` to add a -:meth:`pyramid.config.Configurator.add_view` call to points at our -``login`` :term:`view callable`, also known as a :term:`forbidden view`. +declarative security checking. + +.. literalinclude:: src/authorization/tutorial/__init__.py + :lines: 15-21 + :linenos: + :language: python + +Note that that the +:class:`pyramid.authentication.AuthTktAuthenticationPolicy` constructor +accepts two arguments: ``secret`` and ``callback``. ``secret`` is a string +representing an encryption key used by the "authentication ticket" machinery +represented by this policy: it is required. The ``callback`` is a string, +representing a :term:`dotted Python name`, which points at the +``groupfinder`` function in the current directory's ``security.py`` file. We +haven't added that module yet, but we're about to. + +We'll also change ``__init__.py`` to add a +:meth:`pyramid.config.Configurator.add_view` call that points at our +``login`` :term:`view callable`, also known as a :term:`forbidden view`: + +.. literalinclude:: src/authorization/tutorial/__init__.py + :lines: 24-26 + :linenos: + :language: python + This configures our newly created login view to show up when :app:`Pyramid` -detects that a view invocation can not be authorized. Also, we'll add +detects that a view invocation can not be authorized. + +Also, we'll add ``view_permission`` arguments with the value ``edit`` to the ``edit_page`` and ``add_page`` routes. This indicates that the view callables which these routes reference cannot be invoked without the authenticated user possessing the ``edit`` permission with respect to the current context. +.. literalinclude:: src/authorization/tutorial/__init__.py + :lines: 32-39 + :linenos: + :language: python + This makes the assertion that only users who possess the effective ``edit`` permission at the time of the request may invoke those two views. We've granted the ``group:editors`` principal the ``edit`` permission at the root @@ -111,16 +134,6 @@ and adding views, your application's ``__init__.py`` will look like this: :linenos: :language: python -Note that that the -:class:`pyramid.authentication.AuthTktAuthenticationPolicy` constructor -accepts two arguments: ``secret`` and ``callback``. ``secret`` is a string -representing an encryption key used by the "authentication ticket" machinery -represented by this policy: it is required. The ``callback`` is a string, -representing a :term:`dotted Python name`, which points at the -``groupfinder`` function in the current directory's ``security.py`` file. We -haven't added that module yet, but we're about to. - - Adding ``security.py`` ~~~~~~~~~~~~~~~~~~~~~~ @@ -161,7 +174,7 @@ provide a link to it. This view will clear the credentials of the logged in user and redirect back to the front page. We'll add a different file (for presentation convenience) to add login -and logout view callables. Add a file named ``login.py`` to your +and the logout view callables. Add a file named ``login.py`` to your application (in the same directory as ``views.py``) with the following content: |