Merge pull request #3550 from mmerickel/moar-security-policy

security policy docs and legacy policy improvements

5 files changed, 54 insertions, 38 deletions

diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py
index daef8e9f2..25af9627d 100644
--- a/src/pyramid/config/routes.py
+++ b/src/pyramid/config/routes.py
@@ -335,9 +335,10 @@ class RoutesConfiguratorMixin(object):
         if 'effective_principals' in predicates:
             warnings.warn(
                 (
-                    'The new security policy has removed the concept of '
-                    'principals. See "Upgrading Authentication/Authorization" '
-                    'in "What\'s New in Pyramid 2.0" for more information.'
+                    'The new security policy has deprecated '
+                    'effective_principals. See "Upgrading '
+                    'Authentication/Authorization" in "What\'s New in '
+                    'Pyramid 2.0" of the documentation for more information.'
                 ),
                 DeprecationWarning,
                 stacklevel=3,
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py
index 99eb5792c..7d6703b07 100644
--- a/src/pyramid/config/security.py
+++ b/src/pyramid/config/security.py
@@ -1,5 +1,5 @@
+import warnings
 from zope.interface import implementer
-from zope.deprecation import deprecate
 
 from pyramid.interfaces import (
     IAuthorizationPolicy,
@@ -57,13 +57,6 @@ class SecurityConfiguratorMixin(object):
             introspectables=(intr,),
         )
 
-    @deprecate(
-        'Authentication and authorization policies have been deprecated in '
-        'favor of security policies.  See '
-        'https://docs.pylonsproject.org/projects/pyramid/en/latest'
-        '/whatsnew-2.0.html#upgrading-authentication-authorization '
-        'for more information.'
-    )
     @action_method
     def set_authentication_policy(self, policy):
         """
@@ -84,6 +77,14 @@ class SecurityConfiguratorMixin(object):
            achieve the same purpose.
 
         """
+        warnings.warn(
+            'Authentication and authorization policies have been deprecated '
+            'in favor of security policies.  See "Upgrading '
+            'Authentication/Authorization" in "What\'s New in Pyramid 2.0" '
+            'of the documentation for more information.',
+            DeprecationWarning,
+            stacklevel=3,
+        )
 
         def register():
             self.registry.registerUtility(policy, IAuthenticationPolicy)
@@ -137,6 +138,14 @@ class SecurityConfiguratorMixin(object):
            achieve the same purpose.
 
         """
+        warnings.warn(
+            'Authentication and authorization policies have been deprecated '
+            'in favor of security policies.  See "Upgrading '
+            'Authentication/Authorization" in "What\'s New in Pyramid 2.0" '
+            'of the documentation for more information.',
+            DeprecationWarning,
+            stacklevel=3,
+        )
 
         def register():
             self.registry.registerUtility(policy, IAuthorizationPolicy)
diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py
index 324462d1a..3fc6a4a58 100644
--- a/src/pyramid/config/views.py
+++ b/src/pyramid/config/views.py
@@ -794,9 +794,10 @@ class ViewsConfiguratorMixin(object):
         if 'effective_principals' in view_options:
             warnings.warn(
                 (
-                    'The new security policy has removed the concept of '
-                    'principals. See "Upgrading Authentication/Authorization" '
-                    'in "What\'s New in Pyramid 2.0" for more information.'
+                    'The new security policy has deprecated '
+                    'effective_principals. See "Upgrading '
+                    'Authentication/Authorization" in "What\'s New in '
+                    'Pyramid 2.0" of the documentation for more information.'
                 ),
                 DeprecationWarning,
                 stacklevel=4,
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index e3a978c52..8a7985a52 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -41,10 +41,6 @@ def _get_security_policy(request):
     return request.registry.queryUtility(ISecurityPolicy)
 
 
-def _get_authentication_policy(request):
-    return request.registry.queryUtility(IAuthenticationPolicy)
-
-
 def remember(request, userid, **kw):
     """
     Returns a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``)
@@ -71,7 +67,7 @@ def remember(request, userid, **kw):
 
     .. versionchanged:: 1.6
         Deprecated the ``principal`` argument in favor of ``userid`` to clarify
-        its relationship to the authentication policy.
+        its relationship to the security policy.
 
     .. versionchanged:: 1.10
         Removed the deprecated ``principal`` argument.
@@ -141,9 +137,8 @@ def principals_allowed_by_permission(context, permission):
 deprecated(
     'principals_allowed_by_permission',
     'The new security policy has removed the concept of principals.  See '
-    'https://docs.pylonsproject.org/projects/pyramid/en/latest'
-    '/whatsnew-2.0.html#upgrading-authentication-authorization '
-    'for more information.',
+    '"Upgrading Authentication/Authorization" in "What\'s New in Pyramid 2.0" '
+    'of the documentation for more information.',
 )
 
 
@@ -152,7 +147,7 @@ def view_execution_permitted(context, request, name=''):
     by a :term:`permission`, check the permission associated with the
     view using the effective authentication/authorization policies and
     the ``request``.  Return a boolean result.  If no
-    :term:`authorization policy` is in effect, or if the view is not
+    :term:`security policy` is in effect, or if the view is not
     protected by a permission, return ``True``. If no view can view found,
     an exception will be raised.
 
@@ -376,14 +371,22 @@ class AuthenticationAPIMixin(object):
         associated with the userid exists in persistent storage.
 
         """
-        authn = _get_authentication_policy(self)
         security = _get_security_policy(self)
-        if authn is not None:
-            return authn.unauthenticated_userid(self)
-        elif security is not None:
-            return security.authenticated_userid(self)
-        else:
+        if security is None:
             return None
+        if isinstance(security, LegacySecurityPolicy):
+            authn = security._get_authn_policy(self)
+            return authn.unauthenticated_userid(self)
+        return security.authenticated_userid(self)
+
+    unauthenticated_userid = deprecated(
+        unauthenticated_userid,
+        (
+            'The new security policy has deprecated unauthenticated_userid. '
+            'See "Upgrading Authentication/Authorization" in "What\'s New in '
+            'Pyramid 2.0" of the documentation for more information.'
+        ),
+    )
 
     @property
     def effective_principals(self):
@@ -399,17 +402,19 @@ class AuthenticationAPIMixin(object):
         :data:`pyramid.security.Everyone` principal.
 
         """
-        policy = _get_authentication_policy(self)
-        if policy is None:
-            return [Everyone]
-        return policy.effective_principals(self)
+        security = _get_security_policy(self)
+        if security is not None and isinstance(security, LegacySecurityPolicy):
+            authn = security._get_authn_policy(self)
+            return authn.effective_principals(self)
+        return [Everyone]
 
     effective_principals = deprecated(
         effective_principals,
-        'The new security policy has removed the concept of principals.  See '
-        'https://docs.pylonsproject.org/projects/pyramid/en/latest'
-        '/whatsnew-2.0.html#upgrading-authentication-authorization '
-        'for more information.',
+        (
+            'The new security policy has deprecated effective_principals. '
+            'See "Upgrading Authentication/Authorization" in "What\'s New in '
+            'Pyramid 2.0" of the documentation for more information.'
+        ),
     )
 
 
diff --git a/src/pyramid/view.py b/src/pyramid/view.py
index eeac4e783..201e8af7c 100644
--- a/src/pyramid/view.py
+++ b/src/pyramid/view.py
@@ -102,7 +102,7 @@ def render_view_to_iterable(context, request, name='', secure=True):
     If ``secure`` is ``True``, and the view is protected by a permission, the
     permission will be checked before the view function is invoked.  If the
     permission check disallows view execution (based on the current
-    :term:`authentication policy`), a
+    :term:`security policy`), a
     :exc:`pyramid.httpexceptions.HTTPForbidden` exception will be raised; its
     ``args`` attribute explains why the view access was disallowed.