Implement setting ISecurityPolicy in the configurator.

author: Theron Luhn <theron@luhn.com> 2019-02-17 12:44:02 -0800
committer: Theron Luhn <theron@luhn.com> 2019-02-17 13:04:53 -0800
commit: a6234e4e19efab838b202d0935de0de92c2ee00f (patch)
tree: 845e7783fc091c139c75191e97daeea234567c4e /src
parent: e47e7f457a6143dda28f9dd1674c53b1ece67f9d (diff)
download: pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.tar.gz
pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.tar.bz2
pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.zip
2 files changed, 45 insertions, 2 deletions
diff --git a/src/pyramid/config/__init__.py b/src/pyramid/config/__init__.py
index 072b654c4..d8961268a 100644
--- a/src/pyramid/config/__init__.py
+++ b/src/pyramid/config/__init__.py
@@ -139,13 +139,17 @@ class Configurator(
     :term:`dotted Python name` to the same.  If it is ``None``, a default
     root factory will be used.
 
+    If ``security_policy`` is passed, it should be an instance of a
+    :term:`security policy` or a :term:`dotted Python name` to the same.
+
     If ``authentication_policy`` is passed, it should be an instance
     of an :term:`authentication policy` or a :term:`dotted Python
-    name` to the same.
+    name` to the same.  (Deprecated as of Pyramid 2.0 in favor of
+    ``security_policy``.)
 
     If ``authorization_policy`` is passed, it should be an instance of
     an :term:`authorization policy` or a :term:`dotted Python name` to
-    the same.
+    the same.  (Deprecated as of Pyramid 2.0 in favor of ``security_policy``.)
 
     .. note:: A ``ConfigurationError`` will be raised when an
        authorization policy is supplied without also supplying an
@@ -278,6 +282,7 @@ class Configurator(
         package=None,
         settings=None,
         root_factory=None,
+        security_policy=None,
         authentication_policy=None,
         authorization_policy=None,
         renderers=None,
@@ -315,6 +320,7 @@ class Configurator(
                 root_factory=root_factory,
                 authentication_policy=authentication_policy,
                 authorization_policy=authorization_policy,
+                security_policy=security_policy,
                 renderers=renderers,
                 debug_logger=debug_logger,
                 locale_negotiator=locale_negotiator,
@@ -330,6 +336,7 @@ class Configurator(
         self,
         settings=None,
         root_factory=None,
+        security_policy=None,
         authentication_policy=None,
         authorization_policy=None,
         renderers=None,
@@ -415,6 +422,9 @@ class Configurator(
         if authentication_policy:
             self.set_authentication_policy(authentication_policy)
 
+        if security_policy:
+            self.set_security_policy(security_policy)
+
         if default_view_mapper is not None:
             self.set_view_mapper(default_view_mapper)
 
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py
index 08e7cb81a..b023917aa 100644
--- a/src/pyramid/config/security.py
+++ b/src/pyramid/config/security.py
@@ -6,6 +6,7 @@ from pyramid.interfaces import (
     ICSRFStoragePolicy,
     IDefaultCSRFOptions,
     IDefaultPermission,
+    ISecurityPolicy,
     PHASE1_CONFIG,
     PHASE2_CONFIG,
 )
@@ -22,6 +23,38 @@ class SecurityConfiguratorMixin(object):
         self.set_csrf_storage_policy(LegacySessionCSRFStoragePolicy())
 
     @action_method
+    def set_security_policy(self, policy):
+        """ Override the :app:`Pyramid` :term:`security policy` in the current
+        configuration.  The ``policy`` argument must be an instance
+        of a security policy or a :term:`dotted Python name`
+        that points at an instance of a security policy.
+
+        .. note::
+
+           Using the ``security_policy`` argument to the
+           :class:`pyramid.config.Configurator` constructor can be used to
+           achieve the same purpose.
+
+        """
+
+        def register():
+            self._set_security_policy(policy)
+
+        intr = self.introspectable(
+            'security policy',
+            None,
+            self.object_description(policy),
+            'security policy',
+        )
+        intr['policy'] = policy
+        # authentication policy used by view config (phase 3)
+        self.action(IAuthenticationPolicy, register, introspectables=(intr,))
+
+    def _set_security_policy(self, policy):
+        policy = self.maybe_dotted(policy)
+        self.registry.registerUtility(policy, ISecurityPolicy)
+
+    @action_method
     def set_authentication_policy(self, policy):
         """ Override the :app:`Pyramid` :term:`authentication policy` in the
         current configuration.  The ``policy`` argument must be an instance
author	Theron Luhn <theron@luhn.com>	2019-02-17 12:44:02 -0800
committer	Theron Luhn <theron@luhn.com>	2019-02-17 13:04:53 -0800
commit	a6234e4e19efab838b202d0935de0de92c2ee00f (patch)
tree	845e7783fc091c139c75191e97daeea234567c4e /src
parent	e47e7f457a6143dda28f9dd1674c53b1ece67f9d (diff)
download	pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.tar.gz pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.tar.bz2 pyramid-a6234e4e19efab838b202d0935de0de92c2ee00f.zip