Bring back identity into permits.

4 files changed, 12 insertions, 7 deletions

diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py
index 891b851ee..d20401028 100644
--- a/src/pyramid/interfaces.py
+++ b/src/pyramid/interfaces.py
@@ -494,7 +494,7 @@ class ISecurityPolicy(Interface):
         verified user, or ``None`` if unauthenticated.
         """
 
-    def permits(request, context, permission):
+    def permits(request, context, identity, permission):
         """ Return an instance of :class:`pyramid.security.Allowed` if a user
         of the given identity is allowed the ``permission`` in the current
         ``context``, else return an instance of
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index e3a978c52..d6af69e51 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -351,7 +351,9 @@ class SecurityAPIMixin:
         policy = _get_security_policy(self)
         if policy is None:
             return Allowed('No security policy in use.')
-        return policy.permits(self, context, permission)
+        return policy.permits(
+            self, context, self.authenticated_identity, permission
+        )
 
 
 class AuthenticationAPIMixin(object):
@@ -447,7 +449,7 @@ class LegacySecurityPolicy:
         authn = self._get_authn_policy(request)
         return authn.forget(request)
 
-    def permits(self, request, context, permission):
+    def permits(self, request, context, identity, permission):
         authn = self._get_authn_policy(request)
         authz = self._get_authz_policy(request)
         principals = authn.effective_principals(request)
diff --git a/src/pyramid/testing.py b/src/pyramid/testing.py
index a92bb5d03..f550156dd 100644
--- a/src/pyramid/testing.py
+++ b/src/pyramid/testing.py
@@ -64,7 +64,7 @@ class DummySecurityPolicy(object):
     def authenticated_userid(self, request):
         return self.userid
 
-    def permits(self, request, context, permission):
+    def permits(self, request, context, identity, permission):
         return self.permissive
 
     def remember(self, request, userid, **kw):
diff --git a/src/pyramid/viewderivers.py b/src/pyramid/viewderivers.py
index 7c28cbf85..35f9a08d2 100644
--- a/src/pyramid/viewderivers.py
+++ b/src/pyramid/viewderivers.py
@@ -316,7 +316,8 @@ def _secured_view(view, info):
     if policy and (permission is not None):
 
         def permitted(context, request):
-            return policy.permits(request, context, permission)
+            identity = policy.identify(request)
+            return policy.permits(request, context, identity, permission)
 
         def secured_view(context, request):
             result = permitted(context, request)
@@ -362,8 +363,10 @@ def _authdebug_view(view, info):
                 elif permission is None:
                     msg = 'Allowed (no permission registered)'
                 else:
-                    result = policy.permits(request, context, permission)
-                    msg = str(result)
+                    identity = policy.identify(request)
+                    msg = str(
+                        policy.permits(request, context, identity, permission)
+                    )
             else:
                 msg = 'Allowed (no security policy in use)'