diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-11-23 03:41:51 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-11-23 03:41:51 +0000 |
| commit | 41723e16c5274afbdda44c7b19fe663a8e923eaf (patch) | |
| tree | 63895cf303bf5acc48af6fc8d2ba2c42b03942af /repoze/bfg/security.py | |
| parent | 8f8fc8bfe3e5fd11a20f32d47791c248f6721e29 (diff) | |
| download | pyramid-41723e16c5274afbdda44c7b19fe663a8e923eaf.tar.gz pyramid-41723e16c5274afbdda44c7b19fe663a8e923eaf.tar.bz2 pyramid-41723e16c5274afbdda44c7b19fe663a8e923eaf.zip | |
``repoze.bfg.security.has_permission``
``repoze.bfg.security.authenticated_userid``
``repoze.bfg.security.effective_principals``
``repoze.bfg.security.view_execution_permitted``
``repoze.bfg.security.remember``
``repoze.bfg.security.forget``
Each of these functions now expects to be called with a request
object that has a ``registry`` attribute which represents the
current ZCA registry. Previously these functions used the ZCA
threadlocal API to get the current registry.
Diffstat (limited to 'repoze/bfg/security.py')
| -rw-r--r-- | repoze/bfg/security.py | 46 |
1 files changed, 35 insertions, 11 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index e0873a0ad..a7a5d5f35 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -1,6 +1,4 @@ -from zope.component import getSiteManager from zope.component import providedBy -from zope.component import queryUtility from zope.deprecation import deprecated @@ -11,6 +9,8 @@ from repoze.bfg.interfaces import ISecuredView # b/c import from repoze.bfg.exceptions import Forbidden as Unauthorized +from repoze.bfg.threadlocal import get_current_registry + deprecated('Unauthorized', "('from repoze.bfg.security import Unauthorized' was " "deprecated as of repoze.bfg 1.1; instead use 'from " @@ -43,11 +43,15 @@ def has_permission(permission, context, request): function delegates to the current authentication and authorization policies. Return ``Allowed`` unconditionally if no authentication policy has been configured in this application.""" - authn_policy = queryUtility(IAuthenticationPolicy) + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c + authn_policy = reg.queryUtility(IAuthenticationPolicy) if authn_policy is None: return Allowed('No authentication policy in use.') - authz_policy = queryUtility(IAuthorizationPolicy) + authz_policy = reg.queryUtility(IAuthorizationPolicy) if authz_policy is None: raise ValueError('Authentication policy registered without ' 'authorization policy') # should never happen @@ -58,8 +62,12 @@ def authenticated_userid(request): """ Return the userid of the currently authenticated user or ``None`` if there is no authentication policy in effect or there is no currently authenticated user. """ + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c - policy = queryUtility(IAuthenticationPolicy) + policy = reg.queryUtility(IAuthenticationPolicy) if policy is None: return None return policy.authenticated_userid(request) @@ -70,8 +78,12 @@ def effective_principals(request): authenticated user if a user is currently authenticated. If no authentication policy is in effect, this will return an empty sequence.""" + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c - policy = queryUtility(IAuthenticationPolicy) + policy = reg.queryUtility(IAuthenticationPolicy) if policy is None: return [] return policy.effective_principals(request) @@ -90,7 +102,8 @@ def principals_allowed_by_permission(context, permission): ``NotImplementedError`` exception to be raised when this function is invoked. """ - policy = queryUtility(IAuthorizationPolicy) + reg = get_current_registry() + policy = reg.queryUtility(IAuthorizationPolicy) if policy is None: return [Everyone] return policy.principals_allowed_by_permission(context, permission) @@ -102,9 +115,12 @@ def view_execution_permitted(context, request, name=''): ``request``. Return a boolean result. If no authentication policy is in effect, or if the view is not protected by a permission, return True.""" - sm = getSiteManager() + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c provides = map(providedBy, (context, request)) - view = sm.adapters.lookup(provides, ISecuredView, name=name) + view = reg.adapters.lookup(provides, ISecuredView, name=name) if view is None: return Allowed( 'Allowed: view name %r in context %r (no permission defined)' % @@ -129,7 +145,11 @@ def remember(request, principal, **kw): return an empty sequence. If used, the composition and meaning of ``**kw`` must be agreed upon by the calling code and the effective authentication policy.""" - policy = queryUtility(IAuthenticationPolicy) + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c + policy = reg.queryUtility(IAuthenticationPolicy) if policy is None: return [] else: @@ -150,7 +170,11 @@ def forget(request): If no authentication policy is in use, this function will always return an empty sequence.""" - policy = queryUtility(IAuthenticationPolicy) + try: + reg = request.registry + except AttributeError: + reg = get_current_registry() # b/c + policy = reg.queryUtility(IAuthenticationPolicy) if policy is None: return [] else: |