Merge pull request #3598 from merwok/feature/is_authenticated

Add Request.is_authenticated and is_authenticated predicate

5 files changed, 59 insertions, 0 deletions

diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py
index a12e18fa8..4f3440c40 100644
--- a/src/pyramid/config/routes.py
+++ b/src/pyramid/config/routes.py
@@ -268,6 +268,17 @@ class RoutesConfiguratorMixin:
 
               Removed support for media ranges.
 
+        is_authenticated
+
+          This value, if specified, must be either ``True`` or ``False``.
+          If it is specified and ``True``, only a request from an authenticated
+          user, as determined by the :term:`security policy` in use, will
+          satisfy the predicate.
+          If it is specified and ``False``, only a request from a user who is
+          not authenticated will satisfy the predicate.
+
+          .. versionadded:: 2.0
+
         effective_principals
 
           If specified, this value should be a :term:`principal` identifier or
@@ -282,6 +293,7 @@ class RoutesConfiguratorMixin:
           .. versionadded:: 1.4a4
 
           .. deprecated:: 2.0
+              Use ``is_authenticated`` or a custom predicate.
 
         custom_predicates
 
@@ -537,6 +549,7 @@ class RoutesConfiguratorMixin:
             ('request_param', p.RequestParamPredicate),
             ('header', p.HeaderPredicate),
             ('accept', p.AcceptPredicate),
+            ('is_authenticated', p.IsAuthenticatedPredicate),
             ('effective_principals', p.EffectivePrincipalsPredicate),
             ('custom', p.CustomPredicate),
             ('traverse', p.TraversePredicate),
diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py
index a064ebd05..26b69beb9 100644
--- a/src/pyramid/config/views.py
+++ b/src/pyramid/config/views.py
@@ -712,6 +712,17 @@ class ViewsConfiguratorMixin:
 
           .. versionadded:: 1.4a3
 
+        is_authenticated
+
+          This value, if specified, must be either ``True`` or ``False``.
+          If it is specified and ``True``, only a request from an authenticated
+          user, as determined by the :term:`security policy` in use, will
+          satisfy the predicate.
+          If it is specified and ``False``, only a request from a user who is
+          not authenticated will satisfy the predicate.
+
+          .. versionadded:: 2.0
+
         effective_principals
 
           If specified, this value should be a :term:`principal` identifier or
@@ -726,6 +737,7 @@ class ViewsConfiguratorMixin:
           .. versionadded:: 1.4a4
 
           .. deprecated:: 2.0
+              Use ``is_authenticated`` or a custom predicate.
 
         custom_predicates
 
@@ -1205,6 +1217,7 @@ class ViewsConfiguratorMixin:
             ('request_type', p.RequestTypePredicate),
             ('match_param', p.MatchParamPredicate),
             ('physical_path', p.PhysicalPathPredicate),
+            ('is_authenticated', p.IsAuthenticatedPredicate),
             ('effective_principals', p.EffectivePrincipalsPredicate),
             ('custom', p.CustomPredicate),
         ):
diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py
index e92662f11..b8c8d06a9 100644
--- a/src/pyramid/interfaces.py
+++ b/src/pyramid/interfaces.py
@@ -113,6 +113,16 @@ class IResponse(Interface):
         """ Return a new app_iter built from the response app_iter that
         serves up only the given start:stop range. """
 
+    authenticated_identity = Attribute(
+        """An object representing the authenticated user, as determined by
+        the security policy in use, or ``None`` for unauthenticated requests.
+        The object's class and meaning is defined by the security policy."""
+    )
+
+    authenticated_userid = Attribute(
+        """A string to identify the authenticated user or ``None``."""
+    )
+
     body = Attribute(
         """The body of the response, as a str. This will read in the entire
         app_iter if necessary."""
@@ -233,6 +243,11 @@ class IResponse(Interface):
 
     headers = Attribute(""" The headers in a dictionary-like object """)
 
+    is_authenticated = Attribute(
+        """A boolean indicating whether the request has an authenticated
+        user, as determined by the security policy in use."""
+    )
+
     last_modified = Attribute(
         """ Gets and sets and deletes the Last-Modified header. For more
         information on Last-Modified see RFC 2616 section 14.29. Converts
diff --git a/src/pyramid/predicates.py b/src/pyramid/predicates.py
index 576bbbce6..fe8bc228c 100644
--- a/src/pyramid/predicates.py
+++ b/src/pyramid/predicates.py
@@ -276,6 +276,19 @@ class PhysicalPathPredicate:
         return False
 
 
+class IsAuthenticatedPredicate:
+    def __init__(self, val, config):
+        self.val = val
+
+    def text(self):
+        return "is_authenticated = %r" % (self.val,)
+
+    phash = text
+
+    def __call__(self, context, request):
+        return request.is_authenticated == self.val
+
+
 class EffectivePrincipalsPredicate:
     def __init__(self, val, config):
         if is_nonstr_iter(val):
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index 58bc72116..2a1ef24bd 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -244,6 +244,11 @@ class SecurityAPIMixin:
             return None
         return policy.authenticated_userid(self)
 
+    @property
+    def is_authenticated(self):
+        """Return ``True`` if a user is authenticated for this request."""
+        return self.authenticated_identity is not None
+
     def has_permission(self, permission, context=None):
         """ Given a permission and an optional context, returns an instance of
         :data:`pyramid.security.Allowed` if the permission is granted to this