diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-05-24 23:12:59 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-05-24 23:12:59 +0000 |
| commit | 86ed4016ea6a681d4f579ace62cea032a679544d (patch) | |
| tree | 697f67bbcb9e55e45db5d9aae52f0c3280e9b1e2 /repoze/bfg/security.py | |
| parent | ab5959d3d4e4603a61b3559096da30d2adfdcf4b (diff) | |
| download | pyramid-86ed4016ea6a681d4f579ace62cea032a679544d.tar.gz pyramid-86ed4016ea6a681d4f579ace62cea032a679544d.tar.bz2 pyramid-86ed4016ea6a681d4f579ace62cea032a679544d.zip | |
Features
--------
- It is now possible to write a custom security policy that returns a
customized ``Forbidden`` WSGI application when BFG cannot authorize
an invocation of a view. To this end, ISecurityPolicy objects must
now have a ``forbidden`` method. This method should return a WSGI
application. The returned WSGI application should generate a
response which is appropriate when access to a view resource was
forbidden by the security policy (e.g. perhaps a login page).
``repoze.bfg`` is willing to operate with a custom security policy
that does not have a ``forbidden`` method, but it will issue a
warning; eventually security policies without a ``forbidden`` method
will cease to work under ``repoze.bfg``.
Note that the ``forbidden`` WSGI application returned by the
security policy is not used if a developer has registered an
IForbiddenAppFactory (see the "Hooks" narrative chapter); the
explicitly registered IForbiddenAppFactory will be preferred over
the (more general) security policy forbidden app factory.
- All default security policies now have a ``forbidden`` callable
attached to them. This particular callable returns a WSGI
application which generates a ``401 Unauthorized`` response for
backwards compatibility (had backwards compatibility not been an
issue, this callable would have returned a WSGI app that generated a
``403 Forbidden`` response).
Backwards Incompatibilities
---------------------------
- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications
(registered a a utility for INotFoundAppFactory and
IUnauthorizedAppFactory) could rely on an environment key named
``message`` describing the circumstance of the response. This key
has been renamed to ``repoze.bfg.message`` (as per the WSGI spec,
which requires environment extensions to contain dots).
Deprecations
------------
- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.
Diffstat (limited to 'repoze/bfg/security.py')
| -rw-r--r-- | repoze/bfg/security.py | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index 90916bac2..bd1edaf6d 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -8,6 +8,8 @@ from repoze.bfg.interfaces import ISecurityPolicy from repoze.bfg.interfaces import IViewPermission from repoze.bfg.interfaces import IViewPermissionFactory +from repoze.bfg.wsgi import Unauthorized as UnauthorizedApp + Everyone = 'system.Everyone' Authenticated = 'system.Authenticated' Allow = 'Allow' @@ -145,6 +147,8 @@ class ACLSecurityPolicy(object): return [] + forbidden = UnauthorizedApp + class InheritingACLSecurityPolicy(object): """ A security policy which uses ACLs in the following ways: @@ -268,6 +272,8 @@ class InheritingACLSecurityPolicy(object): return allowed + forbidden = UnauthorizedApp + def get_remoteuser(request): user_id = request.environ.get('REMOTE_USER') if user_id: @@ -595,6 +601,3 @@ class ViewPermissionFactory(object): class Unauthorized(Exception): pass - - - |