diff options
Diffstat (limited to 'docs/narr/security.rst')
| -rw-r--r-- | docs/narr/security.rst | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index cdc16b6a1..60be067bf 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -69,17 +69,21 @@ A simple security policy might look like the following: from pyramid.security import Allowed, Denied class SessionSecurityPolicy: + def authenticated_userid(self, request): + """ Return a string ID for the user. """ + userid = self.identify(request).id + if validate_userid(request, userid): + return userid + else: + return None + def identify(self, request): """ Return app-specific user object. """ - userid = request.session.get('userid') + userid = self.authenticated_userid if userid is None: return None return load_identity_from_db(request, userid) - def authenticated_userid(self, request): - """ Return a string ID for the user. """ - return self.identify(request).id - def permits(self, request, context, permission): """ Allow access to everything if signed in. """ identity = self.identify(request) @@ -141,12 +145,18 @@ For example, our above security policy can leverage these helpers like so: def __init__(self): self.helper = SessionAuthenticationHelper() - def identify(self, request): + def authenticated_userid(self, request): userid = self.helper.authenticated_userid(request) - return load_identity_from_db(request, userid) + if validate_userid(request, userid): + return userid + else: + return None - def authenticated_userid(self, request): - return self.identify(request).id + def identify(self, request): + userid = self.authenticated_userid + if userid is None: + return None + return load_identity_from_db(request, userid) def permits(self, request, context, permission): """ Allow access to everything if signed in. """ |