diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-07-20 07:53:37 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-07-20 07:53:37 +0000 |
| commit | 67328b060928cab8ca54349cb2867088f354a95c (patch) | |
| tree | 64fd7c362a3a263b3aa48a75a87410dfbf98f2ab /repoze/bfg/security.py | |
| parent | babac9b9bf270acd4f854fb88a68e00e46cc6b11 (diff) | |
| download | pyramid-67328b060928cab8ca54349cb2867088f354a95c.tar.gz pyramid-67328b060928cab8ca54349cb2867088f354a95c.tar.bz2 pyramid-67328b060928cab8ca54349cb2867088f354a95c.zip | |
- Add authenticated_userid and effective_principals API to security
policy.
Diffstat (limited to 'repoze/bfg/security.py')
| -rw-r--r-- | repoze/bfg/security.py | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index eb260fea8..7e0ba6ffe 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -89,22 +89,34 @@ class RemoteUserACLSecurityPolicy(object): def permits(self, context, request, permission): """ Return ``Allowed`` if the policy permits access, ``Denied`` if not.""" - userid = request.environ.get('REMOTE_USER', None) - effective_principals = [Everyone] - - if userid is not None: - effective_principals.append(Authenticated) - effective_principals.append(userid) - + principals = self.effective_principals(request) for location in LocationIterator(context): authorizer = self.authorizer_factory(location, self.logger) try: - return authorizer.permits(permission, *effective_principals) + return authorizer.permits(permission, *principals) except NoAuthorizationInformation: continue return False + def authenticated_userid(self, request): + """ Return the id of the currently authenticated user or + None if the user is not authenticated """ + return request.environ.get('REMOTE_USER', None) + + def effective_principals(self, request): + """ Return the list of 'effective' principals for the request. + This will include the userid of the currently authenticated + user if a user is currently authenticated. """ + userid = self.authenticated_userid(request) + effective_principals = [Everyone] + + if userid is not None: + effective_principals.append(Authenticated) + effective_principals.append(userid) + return effective_principals + + class PermitsResult: def __init__(self, ace, acl, permission, principals, context): self.acl = acl |