Features

--------

- It is now possible to write a custom security policy that returns a
  customized ``Forbidden`` WSGI application when BFG cannot authorize
  an invocation of a view.  To this end, ISecurityPolicy objects must
  now have a ``forbidden`` method.  This method should return a WSGI
  application.  The returned WSGI application should generate a
  response which is appropriate when access to a view resource was
  forbidden by the security policy (e.g. perhaps a login page).
  ``repoze.bfg`` is willing to operate with a custom security policy
  that does not have a ``forbidden`` method, but it will issue a
  warning; eventually security policies without a ``forbidden`` method
  will cease to work under ``repoze.bfg``.

  Note that the ``forbidden`` WSGI application returned by the
  security policy is not used if a developer has registered an
  IForbiddenAppFactory (see the "Hooks" narrative chapter); the
  explicitly registered IForbiddenAppFactory will be preferred over
  the (more general) security policy forbidden app factory.

- All default security policies now have a ``forbidden`` callable
  attached to them.  This particular callable returns a WSGI
  application which generates a ``401 Unauthorized`` response for
  backwards compatibility (had backwards compatibility not been an
  issue, this callable would have returned a WSGI app that generated a
  ``403 Forbidden`` response).

Backwards Incompatibilities
---------------------------

- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications
  (registered a a utility for INotFoundAppFactory and
  IUnauthorizedAppFactory) could rely on an environment key named
  ``message`` describing the circumstance of the response.  This key
  has been renamed to ``repoze.bfg.message`` (as per the WSGI spec,
  which requires environment extensions to contain dots).

Deprecations
------------

- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
  been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.

1 files changed, 23 insertions, 0 deletions

diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 03a466e7c..b596a1547 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -243,6 +243,18 @@ class TestACLSecurityPolicy(unittest.TestCase):
         result = policy.principals_allowed_by_permission(None, 'read')
         self.assertEqual(result, [])
 
+    def test_forbidden(self):
+        policy = self._makeOne(lambda *arg: None)
+        forbidden_app = policy.forbidden()
+        environ = {}
+        result = []
+        def start_response(status, headers):
+            result.append((status, headers))
+        response = forbidden_app(environ, start_response)
+        self.assertEqual(result[0][0], '401 Unauthorized')
+        self.failUnless(len(result[0][1]), 2) # headers
+        
+
 class TestInheritingACLSecurityPolicy(unittest.TestCase):
     def setUp(self):
         cleanUp()
@@ -430,6 +442,17 @@ class TestInheritingACLSecurityPolicy(unittest.TestCase):
         result = policy.authenticated_userid(request)
         self.assertEqual(result, None)
 
+    def test_forbidden(self):
+        policy = self._makeOne(lambda *arg: None)
+        forbidden_app = policy.forbidden()
+        environ = {}
+        result = []
+        def start_response(status, headers):
+            result.append((status, headers))
+        response = forbidden_app(environ, start_response)
+        self.assertEqual(result[0][0], '401 Unauthorized')
+        self.failUnless(len(result[0][1]), 2) # headers
+
 class TestAllPermissionsList(unittest.TestCase):
     def setUp(self):
         cleanUp()