diff options
| author | Chris McDonough <chrism@plope.com> | 2013-03-19 08:28:26 -0700 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2013-03-19 08:28:26 -0700 |
| commit | 804c27a1c7fe4fb50224e5d5be163c6f894b990a (patch) | |
| tree | 4335f960277684b87f99b085a07f7b7deec3fda0 /docs | |
| parent | 881feb9c25b5c16d05e5ae9f3384eded1231fe59 (diff) | |
| parent | aae62a0ba0d4709b50fd5f2e0be86fd91080d014 (diff) | |
| download | pyramid-804c27a1c7fe4fb50224e5d5be163c6f894b990a.tar.gz pyramid-804c27a1c7fe4fb50224e5d5be163c6f894b990a.tar.bz2 pyramid-804c27a1c7fe4fb50224e5d5be163c6f894b990a.zip | |
Merge branch 'master' of github.com:Pylons/pyramid
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/security.rst | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 5b79edd19..203aa2404 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -234,8 +234,8 @@ class: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone class Blog(object): __acl__ = [ @@ -250,8 +250,8 @@ Or, if your resources are persistent, an ACL might be specified via the .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone class Blog(object): pass @@ -270,6 +270,27 @@ resource instances with an ACL (as opposed to just decorating their class) in applications such as "CMS" systems where fine-grained access is required on an object-by-object basis. +Dynamic ACLs are also possible by turning the ACL into a callable on the +resource. This may allow the ACL to dynamically generate rules based on +properties of the instance. + +.. code-block:: python + :linenos: + + from pyramid.security import Allow + from pyramid.security import Everyone + + class Blog(object): + def __acl__(self): + return [ + (Allow, Everyone, 'view'), + (Allow, self.owner, 'edit'), + (Allow, 'group:editors', 'edit'), + ] + + def __init__(self, owner): + self.owner = owner + .. index:: single: ACE single: access control entry @@ -282,8 +303,8 @@ Here's an example ACL: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), @@ -321,9 +342,9 @@ order dictated by the ACL*. So if you have an ACL like this: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow from pyramid.security import Deny + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), @@ -359,8 +380,8 @@ ACE, as below. .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), |