diff options
| author | Chris McDonough <chrism@agendaless.com> | 2010-09-09 17:46:49 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2010-09-09 17:46:49 +0000 |
| commit | e25a70a7d1c2016eaeff9c630df9109e715bba3b (patch) | |
| tree | 520508b0bb66600e50b46db46c0a85ef05f0690c /repoze/bfg/zcml.py | |
| parent | 6ae0139d3682730e44a3b2330f83d10b31ebbc95 (diff) | |
| download | pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.gz pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.tar.bz2 pyramid-e25a70a7d1c2016eaeff9c630df9109e715bba3b.zip | |
Features
--------
- In support of making it easier to configure applications which are
"secure by default", a default permission feature was added. If
supplied, the default permission is used as the permission string to
all view registrations which don't otherwise name a permission.
These APIs are in support of that:
- A new constructor argument was added to the Configurator:
``default_permission``.
- A new method was added to the Configurator:
``set_default_permission``.
- A new ZCML directive was added: ``default_permission``.
Documentation
-------------
- Added documentation for the ``default_permission`` ZCML directive.
- Added documentation for the ``default_permission`` constructor value
and the ``set_default_permission`` method in the Configurator API
documentation.
- Added a new section to the "security" chapter named "Setting a
Default Permission".
- Document ``renderer_globals_factory`` and ``request_factory``
arguments to Configurator constructor.
Diffstat (limited to 'repoze/bfg/zcml.py')
| -rw-r--r-- | repoze/bfg/zcml.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/repoze/bfg/zcml.py b/repoze/bfg/zcml.py index 5320554bc..2bf394eb8 100644 --- a/repoze/bfg/zcml.py +++ b/repoze/bfg/zcml.py @@ -18,6 +18,7 @@ from zope.schema import TextLine from repoze.bfg.interfaces import IAuthenticationPolicy from repoze.bfg.interfaces import IAuthorizationPolicy +from repoze.bfg.interfaces import IDefaultPermission from repoze.bfg.interfaces import IRendererFactory from repoze.bfg.interfaces import IRouteRequest from repoze.bfg.interfaces import IView @@ -852,6 +853,18 @@ def utility(_context, provides=None, component=None, factory=None, name=''): kw = kw, ) +class IDefaultPermissionDirective(Interface): + name = TextLine(title=u'name', required=True) + +def default_permission(_context, name): + """ Register a default permission name """ + # the default permission must be registered eagerly so it can + # be found by the view registration machinery + reg = get_current_registry() + config = Configurator(reg, package=_context.package) + config.set_default_permission(name) + _context.action(discriminator=IDefaultPermission) + def path_spec(context, path): # we prefer registering resource specifications over absolute # paths because these can be overridden by the resource directive. |