move doc references from pyramid.security to pyramid.authorization

7 files changed, 30 insertions, 28 deletions

diff --git a/src/pyramid/authentication.py b/src/pyramid/authentication.py
index 0ccc646c3..8c6c0f981 100644
--- a/src/pyramid/authentication.py
+++ b/src/pyramid/authentication.py
@@ -11,7 +11,7 @@ from webob.cookies import CookieProfile
 from zope.interface import implementer
 
 from pyramid.interfaces import IAuthenticationPolicy, IDebugLogger
-from pyramid.security import Authenticated, Everyone
+from pyramid.authorization import Authenticated, Everyone
 from pyramid.util import (
     SimpleSerializer,
     ascii_,
@@ -98,7 +98,7 @@ class CallbackAuthenticationPolicy(object):
         """ A list of effective principals derived from request.
 
         This will return a list of principals including, at least,
-        :data:`pyramid.security.Everyone`. If there is no authenticated
+        :data:`pyramid.authorization.Everyone`. If there is no authenticated
         userid, or the ``callback`` returns ``None``, this will be the
         only principal:
 
@@ -108,8 +108,9 @@ class CallbackAuthenticationPolicy(object):
 
         If the ``callback`` does not return ``None`` and an authenticated
         userid is found, then the principals will include
-        :data:`pyramid.security.Authenticated`, the ``authenticated_userid``
-        and the list of principals returned by the ``callback``:
+        :data:`pyramid.authorization.Authenticated`, the
+        ``authenticated_userid`` and the list of principals returned by the
+        ``callback``:
 
         .. code-block:: python
 
@@ -274,13 +275,14 @@ class RepozeWho1AuthenticationPolicy(CallbackAuthenticationPolicy):
         """ A list of effective principals derived from the identity.
 
         This will return a list of principals including, at least,
-        :data:`pyramid.security.Everyone`. If there is no identity, or
+        :data:`pyramid.authorization.Everyone`. If there is no identity, or
         the ``callback`` returns ``None``, this will be the only principal.
 
         If the ``callback`` does not return ``None`` and an identity is
         found, then the principals will include
-        :data:`pyramid.security.Authenticated`, the ``authenticated_userid``
-        and the list of principals returned by the ``callback``.
+        :data:`pyramid.authorization.Authenticated`, the
+        ``authenticated_userid`` and the list of principals returned by the
+        ``callback``.
 
         """
         effective_principals = [Everyone]
diff --git a/src/pyramid/authorization.py b/src/pyramid/authorization.py
index 4a040e9e4..87e6b8767 100644
--- a/src/pyramid/authorization.py
+++ b/src/pyramid/authorization.py
@@ -69,9 +69,9 @@ class ACLAuthorizationPolicy(object):
 
     def permits(self, context, principals, permission):
         """ Return an instance of
-        :class:`pyramid.security.ACLAllowed` instance if the policy
+        :class:`pyramid.authorization.ACLAllowed` instance if the policy
         permits access, return an instance of
-        :class:`pyramid.security.ACLDenied` if not."""
+        :class:`pyramid.authorization.ACLDenied` if not."""
         return self.helper.permits(context, principals, permission)
 
     def principals_allowed_by_permission(self, context, permission):
@@ -94,9 +94,9 @@ class ACLHelper:
     """
 
     def permits(self, context, principals, permission):
-        """ Return an instance of :class:`pyramid.security.ACLAllowed` if the
-        ACL allows access a user with the given principals, return an instance
-        of :class:`pyramid.security.ACLDenied` if not.
+        """ Return an instance of :class:`pyramid.authorization.ACLAllowed` if
+        the ACL allows access a user with the given principals, return an
+        instance of :class:`pyramid.authorization.ACLDenied` if not.
 
         When checking if principals are allowed, the security policy consults
         the ``context`` for an ACL first.  If no ACL exists on the context, or
@@ -105,18 +105,18 @@ class ACLHelper:
         so on, until the lineage is exhausted or we determine that the policy
         permits or denies.
 
-        During this processing, if any :data:`pyramid.security.Deny`
+        During this processing, if any :data:`pyramid.authorization.Deny`
         ACE is found matching any principal in ``principals``, stop
         processing by returning an
-        :class:`pyramid.security.ACLDenied` instance (equals
+        :class:`pyramid.authorization.ACLDenied` instance (equals
         ``False``) immediately.  If any
-        :data:`pyramid.security.Allow` ACE is found matching any
+        :data:`pyramid.authorization.Allow` ACE is found matching any
         principal, stop processing by returning an
-        :class:`pyramid.security.ACLAllowed` instance (equals
+        :class:`pyramid.authorization.ACLAllowed` instance (equals
         ``True``) immediately.  If we exhaust the context's
         :term:`lineage`, and no ACE has explicitly permitted or denied
         access, return an instance of
-        :class:`pyramid.security.ACLDenied` (equals ``False``).
+        :class:`pyramid.authorization.ACLDenied` (equals ``False``).
 
         """
         acl = '<No ACL found on any object in resource lineage>'
@@ -160,13 +160,13 @@ class ACLHelper:
         of principals that are explicitly granted the ``permission`` in the
         provided ``context``.  We do this by walking 'up' the object graph
         *from the root* to the context.  During this walking process, if we
-        find an explicit :data:`pyramid.security.Allow` ACE for a principal
+        find an explicit :data:`pyramid.authorization.Allow` ACE for a principal
         that matches the ``permission``, the principal is included in the allow
         list.  However, if later in the walking process that principal is
-        mentioned in any :data:`pyramid.security.Deny` ACE for the permission,
-        the principal is removed from the allow list.  If a
-        :data:`pyramid.security.Deny` to the principal
-        :data:`pyramid.security.Everyone` is encountered during the walking
+        mentioned in any :data:`pyramid.authorization.Deny` ACE for the
+        permission, the principal is removed from the allow list.  If a
+        :data:`pyramid.authorization.Deny` to the principal
+        :data:`pyramid.authorization.Everyone` is encountered during the walking
         process that matches the ``permission``, the allow list is cleared for
         all principals encountered in previous ACLs.  The walking process ends
         after we've processed the any ACL directly attached to ``context``; a
diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py
index 44fbb9c46..219c67ddc 100644
--- a/src/pyramid/config/routes.py
+++ b/src/pyramid/config/routes.py
@@ -278,7 +278,7 @@ class RoutesConfiguratorMixin(object):
           indicates that every principal named in the argument list is present
           in the current request, this predicate will return True; otherwise it
           will return False.  For example:
-          ``effective_principals=pyramid.security.Authenticated`` or
+          ``effective_principals=pyramid.authorization.Authenticated`` or
           ``effective_principals=('fred', 'group:admins')``.
 
           .. versionadded:: 1.4a4
diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py
index 2cc5e8144..e0e5d8d29 100644
--- a/src/pyramid/config/views.py
+++ b/src/pyramid/config/views.py
@@ -718,7 +718,7 @@ class ViewsConfiguratorMixin(object):
           indicates that every principal named in the argument list is present
           in the current request, this predicate will return True; otherwise it
           will return False.  For example:
-          ``effective_principals=pyramid.security.Authenticated`` or
+          ``effective_principals=pyramid.authorization.Authenticated`` or
           ``effective_principals=('fred', 'group:admins')``.
 
           .. versionadded:: 1.4a4
diff --git a/src/pyramid/httpexceptions.py b/src/pyramid/httpexceptions.py
index 51c2e90a0..76e28424a 100644
--- a/src/pyramid/httpexceptions.py
+++ b/src/pyramid/httpexceptions.py
@@ -755,7 +755,7 @@ class HTTPForbidden(HTTPClientError):
     argument, ``detail``, should be a string.  The value of this string will
     be used as the ``message`` attribute of the exception object.  The second
     special keyword argument, ``result`` is usually an instance of
-    :class:`pyramid.security.Denied` or :class:`pyramid.security.ACLDenied`
+    :class:`pyramid.security.Denied` or :class:`pyramid.authorization.ACLDenied`
     each of which indicates a reason for the forbidden error.  However,
     ``result`` is also permitted to be just a plain boolean ``False`` object
     or ``None``.  The ``result`` value will be used as the ``result``
diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py
index c4160cc2b..433ac0c9d 100644
--- a/src/pyramid/interfaces.py
+++ b/src/pyramid/interfaces.py
@@ -554,8 +554,8 @@ class IAuthenticationPolicy(Interface):
         """ Return a sequence representing the effective principals
         typically including the :term:`userid` and any groups belonged
         to by the current user, always including 'system' groups such
-        as ``pyramid.security.Everyone`` and
-        ``pyramid.security.Authenticated``.
+        as ``pyramid.authorization.Everyone`` and
+        ``pyramid.authorization.Authenticated``.
 
         """
 
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index 7b27c45f4..a5b4ce442 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -92,7 +92,7 @@ def principals_allowed_by_permission(context, permission):
     in effect, return a sequence of :term:`principal` ids that possess
     the permission in the ``context``.  If no authorization policy is
     in effect, this will return a sequence with the single value
-    :mod:`pyramid.security.Everyone` (the special principal
+    :mod:`pyramid.authorization.Everyone` (the special principal
     identifier representing all principals).
 
     .. note::