diff options
| author | Chris McDonough <chrism@agendaless.com> | 2010-09-09 17:46:49 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2010-09-09 17:46:49 +0000 |
| commit | e25a70a7d1c2016eaeff9c630df9109e715bba3b (patch) | |
| tree | 520508b0bb66600e50b46db46c0a85ef05f0690c /docs/zcml | |
| parent | 6ae0139d3682730e44a3b2330f83d10b31ebbc95 (diff) | |
| download | pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.gz pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.bz2 pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.zip | |
Features
--------
- In support of making it easier to configure applications which are
"secure by default", a default permission feature was added. If
supplied, the default permission is used as the permission string to
all view registrations which don't otherwise name a permission.
These APIs are in support of that:
- A new constructor argument was added to the Configurator:
``default_permission``.
- A new method was added to the Configurator:
``set_default_permission``.
- A new ZCML directive was added: ``default_permission``.
Documentation
-------------
- Added documentation for the ``default_permission`` ZCML directive.
- Added documentation for the ``default_permission`` constructor value
and the ``set_default_permission`` method in the Configurator API
documentation.
- Added a new section to the "security" chapter named "Setting a
Default Permission".
- Document ``renderer_globals_factory`` and ``request_factory``
arguments to Configurator constructor.
Diffstat (limited to 'docs/zcml')
| -rw-r--r-- | docs/zcml/default_permission.rst | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/zcml/default_permission.rst b/docs/zcml/default_permission.rst new file mode 100644 index 000000000..39edbacd4 --- /dev/null +++ b/docs/zcml/default_permission.rst @@ -0,0 +1,61 @@ +.. _default_permission_directive: + +``default_permission`` +------------------------------- + +Set the default permission to be used by all :term:`view +configuration` registrations. + +This directive accepts a single attribute ,``name``, which should be +used as the default permission string. An example of a permission +string:``view``. Adding a default permission makes it unnecessary to +protect each view configuration with an explicit permission, unless +your application policy requires some exception for a particular view. + +If a default permission is *not* set, views represented by view +configuration registrations which do not explicitly declare a +permission will be executable by entirely anonymous users (any +authorization policy is ignored). + +There can be only one default permission active at a time within an +application, thus the default permission directive can only be used +once in any particular set of ZCML. + +.. note: This API is new as of :mod:`repoze.bfg` version 1.3. + +Attributes +~~~~~~~~~~ + +``name`` must be a string representing a :term:`permission`, + e.g. ``view``. + + + The ``secret`` is a string that will be used to encrypt the data + stored by the cookie. It is required and has no default. + +Example +~~~~~~~ + +.. code-block:: xml + :linenos: + + <default_permission + name="view" + /> + +Alternatives +~~~~~~~~~~~~ + +Using the ``default_permission`` argument to the +:class:`repoze.bfg.configuration.Configurator` constructor can be used +to achieve the same purpose. + +Using the +:meth:`repoze.bfg.configuration.Configurator.set_default_permission` +method can be used to achieve the same purpose when using imperative +configuration. + +See Also +~~~~~~~~ + +See also :ref:``setting_a_default_permission``. |