diff options
| author | Theron Luhn <theron@luhn.com> | 2019-02-17 12:15:48 -0800 |
|---|---|---|
| committer | Theron Luhn <theron@luhn.com> | 2019-02-17 12:15:48 -0800 |
| commit | 753d596aa2c93bed1fc95fb71bbeef383646c2cb (patch) | |
| tree | e5a9b0f57eccd76fa1e6ce45d93bf3a0bb4643e8 /src | |
| parent | 1035ca1086ee86d3ce4f207bd3c9b55d5484170b (diff) | |
| download | pyramid-753d596aa2c93bed1fc95fb71bbeef383646c2cb.tar.gz pyramid-753d596aa2c93bed1fc95fb71bbeef383646c2cb.tar.bz2 pyramid-753d596aa2c93bed1fc95fb71bbeef383646c2cb.zip | |
Add ISecurityPolicy interface.
Deprecate IAuthenticationPolicy and IAuthorizationPolicy.
Diffstat (limited to 'src')
| -rw-r--r-- | src/pyramid/interfaces.py | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py index f1e238c6b..9dabb9cfc 100644 --- a/src/pyramid/interfaces.py +++ b/src/pyramid/interfaces.py @@ -482,8 +482,40 @@ class IViewMapperFactory(Interface): """ +class ISecurityPolicy(Interface): + def identify(request): + """ Return an object identifying a trusted and verified user. """ + + def permits(request, context, identity, permission): + """ Return an instance of :class:`pyramid.security.Allowed` if a user + of the given identity is allowed the ``permission`` in the current + ``context``, else return an instance of + :class:`pyramid.security.Denied`. + """ + + def remember(request, userid, **kw): + """ Return a set of headers suitable for 'remembering' the + :term:`userid` named ``userid`` when set in a response. An + individual authentication policy and its consumers can + decide on the composition and meaning of ``**kw``. + + """ + + def forget(request): + """ Return a set of headers suitable for 'forgetting' the + current user on subsequent requests. + + """ + + class IAuthenticationPolicy(Interface): - """ An object representing a Pyramid authentication policy. """ + """ An object representing a Pyramid authentication policy. + + .. deprecated:: 2.0 + + Use :class:`ISecurityPolicy`. + + """ def authenticated_userid(request): """ Return the authenticated :term:`userid` or ``None`` if @@ -536,7 +568,13 @@ class IAuthenticationPolicy(Interface): class IAuthorizationPolicy(Interface): - """ An object representing a Pyramid authorization policy. """ + """ An object representing a Pyramid authorization policy. + + .. deprecated:: 2.0 + + Use :class:`ISecurityPolicy`. + + """ def permits(context, principals, permission): """ Return an instance of :class:`pyramid.security.Allowed` if any |