diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-07-20 08:41:08 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-07-20 08:41:08 +0000 |
| commit | b54cdb6d0951a28b7d7bf4f585a4059cc5e6b18a (patch) | |
| tree | 0b600c099bdec04c46c13512689c59c9ec8dadac /repoze/bfg/security.py | |
| parent | ae0b3f07e3e6b8d6cde11ddf2fead38b7fc8dfd3 (diff) | |
| download | pyramid-b54cdb6d0951a28b7d7bf4f585a4059cc5e6b18a.tar.gz pyramid-b54cdb6d0951a28b7d7bf4f585a4059cc5e6b18a.tar.bz2 pyramid-b54cdb6d0951a28b7d7bf4f585a4059cc5e6b18a.zip | |
- Add API functions for authenticated_userid and effective_principals.
Diffstat (limited to 'repoze/bfg/security.py')
| -rw-r--r-- | repoze/bfg/security.py | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index 7e0ba6ffe..5ab6ae31d 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -27,6 +27,25 @@ def has_permission(permission, context, request): return True return policy.permits(context, request, permission) +def authenticated_userid(request): + """ Return the userid of the currently authenticated user or None + if there is no security policy in effect or there is no currently + authenticated user """ + policy = queryUtility(ISecurityPolicy) + if policy is None: + return None + return policy.authenticated_userid(request) + +def effective_principals(request): + """ Return the list of 'effective' principals for the request. + This will include the userid of the currently authenticated user + if a user is currently authenticated. If no security policy is in + effect, this will return an empty sequence.""" + policy = queryUtility(ISecurityPolicy) + if policy is None: + return [] + return policy.effective_principals(request) + class ACLAuthorizer(object): def __init__(self, context, logger=None): @@ -60,7 +79,6 @@ class ACLAuthorizer(object): result = Denied(None, acl, permission, principals, self.context) self.logger and self.logger.debug(str(result)) return result - class RemoteUserACLSecurityPolicy(object): """ A security policy which: @@ -100,14 +118,9 @@ class RemoteUserACLSecurityPolicy(object): return False def authenticated_userid(self, request): - """ Return the id of the currently authenticated user or - None if the user is not authenticated """ return request.environ.get('REMOTE_USER', None) def effective_principals(self, request): - """ Return the list of 'effective' principals for the request. - This will include the userid of the currently authenticated - user if a user is currently authenticated. """ userid = self.authenticated_userid(request) effective_principals = [Everyone] @@ -116,7 +129,6 @@ class RemoteUserACLSecurityPolicy(object): effective_principals.append(userid) return effective_principals - class PermitsResult: def __init__(self, ace, acl, permission, principals, context): self.acl = acl |