move security into one place

author: Michael Merickel <michael@merickel.org> 2016-02-10 23:55:03 -0600
committer: Michael Merickel <michael@merickel.org> 2016-02-10 23:55:03 -0600
commit: f2e9c68e8168cfe51f7dc5ed86fea0471968f508 (patch)
tree: 348d35927f21a6c1b98aa68f99c9019f6712c25d /docs
parent: 9a7cfe3b4e248451750f5694255450bf1983e848 (diff)
download: pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.tar.gz
pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.tar.bz2
pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.zip
5 files changed, 52 insertions, 36 deletions
diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py b/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py
index a62c42378..8eacdee5a 100644
--- a/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py
+++ b/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py
@@ -1,22 +1,13 @@
 from pyramid.config import Configurator
-from pyramid.authentication import AuthTktAuthenticationPolicy
-from pyramid.authorization import ACLAuthorizationPolicy
-
-from .security.default import groupfinder
 
 
 def main(global_config, **settings):
     """ This function returns a Pyramid WSGI application.
     """
-    authn_policy = AuthTktAuthenticationPolicy(
-        'sosecret', callback=groupfinder, hashalg='sha512')
-    authz_policy = ACLAuthorizationPolicy()
     config = Configurator(settings=settings)
     config.include('pyramid_jinja2')
     config.include('.models')
-    config.set_root_factory('.models.mymodel.RootFactory')
-    config.set_authentication_policy(authn_policy)
-    config.set_authorization_policy(authz_policy)
+    config.include('.security')
     config.add_static_view('static', 'static', cache_max_age=3600)
     config.add_route('view_wiki', '/')
     config.add_route('login', '/login')
diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/models/mymodel.py b/docs/tutorials/wiki2/src/authorization/tutorial/models/mymodel.py
index 25209c745..b23d0c0d2 100644
--- a/docs/tutorials/wiki2/src/authorization/tutorial/models/mymodel.py
+++ b/docs/tutorials/wiki2/src/authorization/tutorial/models/mymodel.py
@@ -1,7 +1,3 @@
-from pyramid.security import (
-    Allow,
-    Everyone,
-)
 from sqlalchemy import (
     Column,
     Integer,
@@ -17,13 +13,3 @@ class Page(Base):
     id = Column(Integer, primary_key=True)
     name = Column(Text, unique=True)
     data = Column(Integer)
-
-
-class RootFactory(object):
-    __acl__ = [
-        (Allow, Everyone, 'view'),
-        (Allow, 'group:editors', 'edit'),
-    ]
-
-    def __init__(self, request):
-        pass
diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/security.py b/docs/tutorials/wiki2/src/authorization/tutorial/security.py
new file mode 100644
index 000000000..7bceabf3f
--- /dev/null
+++ b/docs/tutorials/wiki2/src/authorization/tutorial/security.py
@@ -0,0 +1,51 @@
+from pyramid.authentication import AuthTktAuthenticationPolicy
+from pyramid.authorization import ACLAuthorizationPolicy
+
+from pyramid.security import (
+    Allow,
+    Authenticated,
+    Everyone,
+)
+
+
+USERS = {
+    'editor': 'editor',
+    'viewer': 'viewer',
+}
+
+GROUPS = {
+    'editor': ['group:editors'],
+}
+
+class MyAuthenticationPolicy(AuthTktAuthenticationPolicy):
+    def authenticated_userid(self, request):
+        userid = self.unauthenticated_userid(request)
+        if userid in USERS:
+            return userid
+
+    def effective_principals(self, request):
+        principals = [Everyone]
+        userid = self.authenticated_userid(request)
+        if userid is not None:
+            principals.append(Authenticated)
+            principals.append(userid)
+
+            groups = GROUPS.get(userid, [])
+            principals.extend(groups)
+        return principals
+
+class RootFactory(object):
+    __acl__ = [
+        (Allow, Everyone, 'view'),
+        (Allow, 'group:editors', 'edit'),
+    ]
+
+    def __init__(self, request):
+        pass
+
+def includeme(config):
+    authn_policy = MyAuthenticationPolicy('sosecret', hashalg='sha512')
+    authz_policy = ACLAuthorizationPolicy()
+    config.set_root_factory(RootFactory)
+    config.set_authentication_policy(authn_policy)
+    config.set_authorization_policy(authz_policy)
diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/security/__init__.py b/docs/tutorials/wiki2/src/authorization/tutorial/security/__init__.py
deleted file mode 100644
index e69de29bb..000000000
--- a/docs/tutorials/wiki2/src/authorization/tutorial/security/__init__.py
+++ /dev/null
diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/security/default.py b/docs/tutorials/wiki2/src/authorization/tutorial/security/default.py
deleted file mode 100644
index 7fc1ea7c8..000000000
--- a/docs/tutorials/wiki2/src/authorization/tutorial/security/default.py
+++ /dev/null
@@ -1,12 +0,0 @@
-USERS = {
-    'editor': 'editor',
-    'viewer': 'viewer',
-}
-
-GROUPS = {
-    'editor': ['group:editors'],
-}
-
-def groupfinder(userid, request):
-    if userid in USERS:
-        return GROUPS.get(userid, [])
author	Michael Merickel <michael@merickel.org>	2016-02-10 23:55:03 -0600
committer	Michael Merickel <michael@merickel.org>	2016-02-10 23:55:03 -0600
commit	f2e9c68e8168cfe51f7dc5ed86fea0471968f508 (patch)
tree	348d35927f21a6c1b98aa68f99c9019f6712c25d /docs
parent	9a7cfe3b4e248451750f5694255450bf1983e848 (diff)
download	pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.tar.gz pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.tar.bz2 pyramid-f2e9c68e8168cfe51f7dc5ed86fea0471968f508.zip