diff options
| -rw-r--r-- | docs/narr/security.rst | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 6e07c9338..c7a07b857 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -564,12 +564,23 @@ that implements the following interface: class AuthenticationPolicy(object): """ An object representing a Pyramid authentication policy. """ + def authenticated_userid(self, request): """ Return the authenticated userid or ``None`` if no - authenticated userid can be found. """ + authenticated userid can be found. This method of the policy + should ensure that a record exists in whatever persistent store is + used related to the user (the user should not have been deleted); + if a record associated with the current id does not exist in a + persistent store, it should return ``None``.""" + + def unauthenticated_userid(self, request): + """ Return the *unauthenticated* userid. This method performs the + same duty as ``authenticated_userid`` but is permitted to return the + userid based only on data present in the request; it needn't (and + shouldn't) check any persistent store to ensure that the user record + related to the request userid exists.""" def effective_principals(self, request): - """ Return a sequence representing the effective principals including the userid and any groups belonged to by the current user, including 'system' groups such as |