diff options
Diffstat (limited to 'docs/api')
| -rw-r--r-- | docs/api/authorization.rst | 66 | ||||
| -rw-r--r-- | docs/api/request.rst | 2 | ||||
| -rw-r--r-- | docs/api/security.rst | 59 |
3 files changed, 112 insertions, 15 deletions
diff --git a/docs/api/authorization.rst b/docs/api/authorization.rst index c6b3d090e..be040f055 100644 --- a/docs/api/authorization.rst +++ b/docs/api/authorization.rst @@ -10,3 +10,69 @@ .. autoclass:: ACLAuthorizationPolicy +Constants +--------- + +.. attribute:: Everyone + + The special principal id named ``Everyone``. This principal id is + granted to all requests. Its actual value is the string + ``'system.Everyone'``. + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + +.. attribute:: Authenticated + + The special principal id named ``Authenticated``. This principal id + is granted to all requests which contain any other non-Everyone + principal id (according to the :term:`authentication policy`). + Its actual value is the string ``'system.Authenticated'``. + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + +.. attribute:: ALL_PERMISSIONS + + An object that can be used as the ``permission`` member of an ACE + which matches all permissions unconditionally. For example, an + ACE that uses ``ALL_PERMISSIONS`` might be composed like so: + ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + +.. attribute:: DENY_ALL + + A convenience shorthand ACE that defines ``('Deny', + 'system.Everyone', ALL_PERMISSIONS)``. This is often used as the + last ACE in an ACL in systems that use an "inheriting" security + policy, representing the concept "don't inherit any other ACEs". + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + +Return Values +------------- + +.. autoclass:: ACLDenied + :members: msg + + .. automethod:: __new__ + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + +.. autoclass:: ACLAllowed + :members: msg + + .. automethod:: __new__ + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. diff --git a/docs/api/request.rst b/docs/api/request.rst index 59d85ac2a..ed7f91e91 100644 --- a/docs/api/request.rst +++ b/docs/api/request.rst @@ -202,7 +202,7 @@ currently authenticated, but this depends on the :term:`authentication policy` in effect. If no :term:`authentication policy` is in effect, this will return a sequence containing only the - :attr:`pyramid.security.Everyone` principal. + :attr:`pyramid.authorization.Everyone` principal. .. method:: invoke_subrequest(request, use_tweens=False) diff --git a/docs/api/security.rst b/docs/api/security.rst index edb66472e..7bfdbd0ad 100644 --- a/docs/api/security.rst +++ b/docs/api/security.rst @@ -10,7 +10,7 @@ Authentication API Functions .. autofunction:: forget -.. autofunction:: remember(request, userid, **kwargs) +.. autofunction:: remember Authorization API Functions --------------------------- @@ -22,18 +22,34 @@ Authorization API Functions Constants --------- +.. attribute:: NO_PERMISSION_REQUIRED + + A special permission which indicates that the view should always + be executable by entirely anonymous users, regardless of the + default permission, bypassing any :term:`authorization policy` + that may be in effect. Its actual value is the string + ``'__no_permission_required__'``. + .. attribute:: Everyone - The special principal id named 'Everyone'. This principal id is + The special principal id named ``Everyone``. This principal id is granted to all requests. Its actual value is the string - 'system.Everyone'. + ``'system.Everyone'``. + + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Everyone`. .. attribute:: Authenticated - The special principal id named 'Authenticated'. This principal id + The special principal id named ``Authenticated``. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the :term:`authentication policy`). - Its actual value is the string 'system.Authenticated'. + Its actual value is the string ``'system.Authenticated'``. + + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Authenticated`. .. attribute:: ALL_PERMISSIONS @@ -42,6 +58,10 @@ Constants ACE that uses ``ALL_PERMISSIONS`` might be composed like so: ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ALL_PERMISSIONS`. + .. attribute:: DENY_ALL A convenience shorthand ACE that defines ``('Deny', @@ -49,13 +69,9 @@ Constants last ACE in an ACL in systems that use an "inheriting" security policy, representing the concept "don't inherit any other ACEs". -.. attribute:: NO_PERMISSION_REQUIRED + .. deprecated:: 2.0 - A special permission which indicates that the view should always - be executable by entirely anonymous users, regardless of the - default permission, bypassing any :term:`authorization policy` - that may be in effect. Its actual value is the string - '__no_permission_required__'. + Moved to :data:`pyramid.authorization.DENY_ALL`. Return Values ------------- @@ -64,13 +80,21 @@ Return Values The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, 'read')`` that means allow access. A sequence of ACEs makes up an - ACL. It is a string, and its actual value is "Allow". + ACL. It is a string, and its actual value is ``'Allow'``. + + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Allow`. .. attribute:: Deny The ACE "action" (the first element in an ACE e.g. ``(Deny, 'george', 'read')`` that means deny access. A sequence of ACEs - makes up an ACL. It is a string, and its actual value is "Deny". + makes up an ACL. It is a string, and its actual value is ``'Deny'``. + + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Deny`. .. autoclass:: Denied :members: msg @@ -85,10 +109,17 @@ Return Values .. autoclass:: ACLDenied :members: msg + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ACLDenied`. + .. automethod:: __new__ .. autoclass:: ACLAllowed :members: msg - .. automethod:: __new__ + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ACLAllowed`. + .. automethod:: __new__ |