diff options
| author | Michael Merickel <michael@merickel.org> | 2013-03-18 21:54:57 -0700 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2013-03-18 21:54:57 -0700 |
| commit | aae62a0ba0d4709b50fd5f2e0be86fd91080d014 (patch) | |
| tree | 4335f960277684b87f99b085a07f7b7deec3fda0 /docs | |
| parent | fc9dfbae2a76732ee8d027825fac28dbfd57e581 (diff) | |
| parent | 81e84fe86bee0c2753674fdaead001803936a2ba (diff) | |
| download | pyramid-aae62a0ba0d4709b50fd5f2e0be86fd91080d014.tar.gz pyramid-aae62a0ba0d4709b50fd5f2e0be86fd91080d014.tar.bz2 pyramid-aae62a0ba0d4709b50fd5f2e0be86fd91080d014.zip | |
Merge branch 'feature.callable-acl'
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/security.rst | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 5b79edd19..203aa2404 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -234,8 +234,8 @@ class: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone class Blog(object): __acl__ = [ @@ -250,8 +250,8 @@ Or, if your resources are persistent, an ACL might be specified via the .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone class Blog(object): pass @@ -270,6 +270,27 @@ resource instances with an ACL (as opposed to just decorating their class) in applications such as "CMS" systems where fine-grained access is required on an object-by-object basis. +Dynamic ACLs are also possible by turning the ACL into a callable on the +resource. This may allow the ACL to dynamically generate rules based on +properties of the instance. + +.. code-block:: python + :linenos: + + from pyramid.security import Allow + from pyramid.security import Everyone + + class Blog(object): + def __acl__(self): + return [ + (Allow, Everyone, 'view'), + (Allow, self.owner, 'edit'), + (Allow, 'group:editors', 'edit'), + ] + + def __init__(self, owner): + self.owner = owner + .. index:: single: ACE single: access control entry @@ -282,8 +303,8 @@ Here's an example ACL: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), @@ -321,9 +342,9 @@ order dictated by the ACL*. So if you have an ACL like this: .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow from pyramid.security import Deny + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), @@ -359,8 +380,8 @@ ACE, as below. .. code-block:: python :linenos: - from pyramid.security import Everyone from pyramid.security import Allow + from pyramid.security import Everyone __acl__ = [ (Allow, Everyone, 'view'), |