Document sequence-ability of ACE permission list.

author: Chris McDonough <chrism@agendaless.com> 2009-01-25 18:09:15 +0000
committer: Chris McDonough <chrism@agendaless.com> 2009-01-25 18:09:15 +0000
commit: 9c82bce68cfc7b9c12438f2941a295f3ecefb5ff (patch)
tree: da63ff71dbfec72351a64d22c65723e3d042d84a /docs
parent: 62bcc58d7859fc2bdf5bab4a64b991e12250884b (diff)
download: pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.tar.gz
pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.tar.bz2
pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 4afb04258..91c7240dc 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -114,6 +114,18 @@ and edit the blog.
 .. note:: Each tuple within the above ``__acl__`` structure is known
           as a :term:`ACE`, which stands for "access control entry".
 
+The third argument in an ACE can also be a sequence of permission
+names instead of a single permission name.  So instead of the above,
+where we assign a differnt ACE for two grants to the ``group.editors``
+group, we can collapse this into a single ACE, as below.
+
+.. code-block:: python
+
+   __acl__ = [
+       (Allow, Everyone, 'view'),
+       (Allow, 'group:editors', ('add', 'edit')),
+       ]
+
 A principal is usually a user id, however it also may be a group id if
 your authentication system provides group information and the security
 policy is written to respect them.  The
author	Chris McDonough <chrism@agendaless.com>	2009-01-25 18:09:15 +0000
committer	Chris McDonough <chrism@agendaless.com>	2009-01-25 18:09:15 +0000
commit	9c82bce68cfc7b9c12438f2941a295f3ecefb5ff (patch)
tree	da63ff71dbfec72351a64d22c65723e3d042d84a /docs
parent	62bcc58d7859fc2bdf5bab4a64b991e12250884b (diff)
download	pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.tar.gz pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.tar.bz2 pyramid-9c82bce68cfc7b9c12438f2941a295f3ecefb5ff.zip