Docs

- An "Environment and Configuration" chapter was added to the narrative portion of the documentation. Features - Ensure bfg doesn't generate warnings when running under Python 2.6. - The environment variable ``BFG_RELOAD_TEMPLATES`` is now available (serves the same purpose as ``reload_templates`` in the config file). - A new configuration file option ``debug_authorization`` was added. This turns on printing of security authorization debug statements to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment variable was also added; this performs the same duty. Bug Fixes - The environment variable ``BFG_SECURITY_DEBUG`` did not always work. It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed. Deprecations - A deprecation warning is now issued when old API names from the ``repoze.bfg.templates`` module are imported. Backwards incompatibilities - The ``BFG_SECURITY_DEBUG`` environment variable was renamed to ``BFG_DEBUG_AUTHORIZATION``.
author: Chris McDonough <chrism@agendaless.com> 2008-10-03 20:11:06 +0000
committer: Chris McDonough <chrism@agendaless.com> 2008-10-03 20:11:06 +0000
commit: 47b4d3ee62dfdb830a83192907b0602218f9ab5e (patch)
tree: 6fe0cce905bcc39f1ab431101fe419f4197305f9 /repoze/bfg/security.py
parent: 68fe4a3a211176a282212a441d04ab53227f6bd2 (diff)
download: pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.gz
pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.bz2
pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.zip
1 files changed, 9 insertions, 27 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index ee54c7971..dd2f94ab8 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -1,4 +1,3 @@
-import logging
 import os
 import sys
 
@@ -11,6 +10,7 @@ from repoze.bfg.interfaces import ISecurityPolicy
 from repoze.bfg.interfaces import IViewPermission
 from repoze.bfg.interfaces import IViewPermissionFactory
 from repoze.bfg.interfaces import NoAuthorizationInformation
+from repoze.bfg.interfaces import ILogger
 
 Everyone = 'system.Everyone'
 Authenticated = 'system.Authenticated'
@@ -68,7 +68,7 @@ def principals_allowed_by_permission(context, permission):
 
 class ACLAuthorizer(object):
 
-    def __init__(self, context, logger=None):
+    def __init__(self, context, logger):
         self.context = context
         self.logger = logger
 
@@ -101,16 +101,16 @@ class ACLSecurityPolicy(object):
     implements(ISecurityPolicy)
     authorizer_factory = ACLAuthorizer
     
-    def __init__(self, logger, get_principals):
-        self.logger = logger
+    def __init__(self, get_principals):
         self.get_principals = get_principals
 
     def permits(self, context, request, permission):
         """ Return ``Allowed`` if the policy permits access,
         ``Denied`` if not."""
+        logger = queryUtility(ILogger, name='repoze.bfg.authdebug')
         principals = self.effective_principals(request)
         for location in lineage(context):
-            authorizer = self.authorizer_factory(location, self.logger)
+            authorizer = self.authorizer_factory(location, logger)
             try:
                 return authorizer.permits(permission, *principals)
             except NoAuthorizationInformation:
@@ -148,29 +148,13 @@ class ACLSecurityPolicy(object):
                 return sorted(allowed.keys())
         return []
 
-DEBUG_LOG_KEY = 'BFG_SECURITY_DEBUG'
-
-def debug_logger(logger):
-    if logger is None:
-        do_debug_log = os.environ.get(DEBUG_LOG_KEY, '')
-        if str(do_debug_log).lower() in ('1', 'y', 'true', 't', 'on'):
-            handler = logging.StreamHandler(sys.stdout)
-            fmt = '%(asctime)s %(message)s'
-            formatter = logging.Formatter(fmt)
-            handler.setFormatter(formatter)
-            logger = logging.Logger('repoze.bfg.security')
-            logger.addHandler(handler)
-            logger.setLevel(logging.DEBUG)
-            return logger
-    return logger
-
 def get_remoteuser(request):
     user_id = request.environ.get('REMOTE_USER')
     if user_id:
         return [user_id]
     return []
 
-def RemoteUserACLSecurityPolicy(logger=None):
+def RemoteUserACLSecurityPolicy():
     """ A security policy which:
 
     - examines the request.environ for the REMOTE_USER variable and
@@ -188,8 +172,7 @@ def RemoteUserACLSecurityPolicy(logger=None):
       grant or deny access.
 
     """
-    logger = debug_logger(logger)
-    return ACLSecurityPolicy(logger, get_remoteuser)
+    return ACLSecurityPolicy(get_remoteuser)
 
 def get_who_principals(request):
     identity = request.environ.get('repoze.who.identity')
@@ -199,7 +182,7 @@ def get_who_principals(request):
     principals.extend(identity.get('groups', []))
     return principals
 
-def RepozeWhoIdentityACLSecurityPolicy(logger=None):
+def RepozeWhoIdentityACLSecurityPolicy():
     """ A security policy which:
 
     - examines the request.environ for the ``repoze.who.identity``
@@ -219,8 +202,7 @@ def RepozeWhoIdentityACLSecurityPolicy(logger=None):
       grant or deny access.
 
     """
-    logger = debug_logger(logger)
-    return ACLSecurityPolicy(logger, get_who_principals)
+    return ACLSecurityPolicy(get_who_principals)
 
 class PermitsResult:
     def __init__(self, ace, acl, permission, principals, context):
author	Chris McDonough <chrism@agendaless.com>	2008-10-03 20:11:06 +0000
committer	Chris McDonough <chrism@agendaless.com>	2008-10-03 20:11:06 +0000
commit	47b4d3ee62dfdb830a83192907b0602218f9ab5e (patch)
tree	6fe0cce905bcc39f1ab431101fe419f4197305f9 /repoze/bfg/security.py
parent	68fe4a3a211176a282212a441d04ab53227f6bd2 (diff)
download	pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.gz pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.tar.bz2 pyramid-47b4d3ee62dfdb830a83192907b0602218f9ab5e.zip