summaryrefslogtreecommitdiff
path: root/docs/tutorials/wiki2/authorization.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/tutorials/wiki2/authorization.rst')
-rw-r--r--docs/tutorials/wiki2/authorization.rst77
1 files changed, 38 insertions, 39 deletions
diff --git a/docs/tutorials/wiki2/authorization.rst b/docs/tutorials/wiki2/authorization.rst
index 0f3a9c31c..64cab30db 100644
--- a/docs/tutorials/wiki2/authorization.rst
+++ b/docs/tutorials/wiki2/authorization.rst
@@ -27,13 +27,13 @@ Adding A Root Factory
~~~~~~~~~~~~~~~~~~~~~
We're going to start to use a custom :term:`root factory` within our
-``__init__.py`` file. The objects generated by the root factory will be
-used as the :term:`context` of each request to our application. In
-order for :app:`Pyramid` declarative security to work properly, the
-context object generated during a request must be decorated with
-security declarations; when we begin to use a custom root factory to
-generate our contexts, we can begin to make use of the declarative
-security features of :app:`Pyramid`.
+``__init__.py`` file. The objects generated by the root factory will be used
+as the :term:`context` of each request to our application. We do this to
+allow :app:`Pyramid` declarative security to work properly. The context
+object generated by the root factory during a request will be decorated with
+security declarations. When we begin to use a custom root factory to generate
+our contexts, we can begin to make use of the declarative security features
+of :app:`Pyramid`.
We'll modify our ``__init__.py``, passing in a :term:`root factory` to our
:term:`Configurator` constructor. We'll point it at a new class we create
@@ -45,19 +45,17 @@ inside our ``models.py`` file. Add the following statements to your
:linenos:
:language: python
-The ``RootFactory`` class we've just added will be used by
-:app:`Pyramid` to construct a ``context`` object. The context is
-attached to the request object passed to our view callables as the
-``context`` attribute.
+The ``RootFactory`` class we've just added will be used by :app:`Pyramid` to
+construct a ``context`` object. The context is attached to the request
+object passed to our view callables as the ``context`` attribute.
-All of our context objects will possess an ``__acl__`` attribute that
-allows :data:`pyramid.security.Everyone` (a special principal) to
-view all pages, while allowing only a :term:`principal` named
-``group:editors`` to edit and add pages. The ``__acl__`` attribute
-attached to a context is interpreted specially by :app:`Pyramid` as
-an access control list during view callable execution. See
-:ref:`assigning_acls` for more information about what an :term:`ACL`
-represents.
+The context object generated by our root factory will possess an ``__acl__``
+attribute that allows :data:`pyramid.security.Everyone` (a special principal)
+to view all pages, while allowing only a :term:`principal` named
+``group:editors`` to edit and add pages. The ``__acl__`` attribute attached
+to a context is interpreted specially by :app:`Pyramid` as an access control
+list during view callable execution. See :ref:`assigning_acls` for more
+information about what an :term:`ACL` represents.
.. note: Although we don't use the functionality here, the ``factory`` used
to create route contexts may differ per-route as opposed to globally. See
@@ -94,35 +92,36 @@ representing a :term:`dotted Python name`, which points at the
``groupfinder`` function in the current directory's ``security.py`` file. We
haven't added that module yet, but we're about to.
-We'll also change ``__init__.py`` to add a
-:meth:`pyramid.config.Configurator.add_view` call that points at our
-``login`` :term:`view callable`, also known as a :term:`forbidden view`:
+We'll also change ``__init__.py``, adding a call to
+:meth:`pyramid.config.Configurator.add_view` that points at our ``login``
+:term:`view callable`. This is also known as a :term:`forbidden view`:
.. literalinclude:: src/authorization/tutorial/__init__.py
:lines: 24-26
:linenos:
:language: python
-This configures our newly created login view to show up when :app:`Pyramid`
-detects that a view invocation can not be authorized.
+A forbidden view configures our newly created login view to show up when
+:app:`Pyramid` detects that a view invocation can not be authorized.
-Also, we'll add
-``view_permission`` arguments with the value ``edit`` to the ``edit_page``
-and ``add_page`` routes. This indicates that the view callables which these
-routes reference cannot be invoked without the authenticated user possessing
-the ``edit`` permission with respect to the current context.
+We'll also add ``view_permission`` arguments with the value ``edit`` to the
+``edit_page`` and ``add_page`` routes. This indicates that the view
+callables which these routes reference cannot be invoked without the
+authenticated user possessing the ``edit`` permission with respect to the
+current context.
.. literalinclude:: src/authorization/tutorial/__init__.py
:lines: 32-39
:linenos:
:language: python
-This makes the assertion that only users who possess the effective ``edit``
-permission at the time of the request may invoke those two views. We've
-granted the ``group:editors`` principal the ``edit`` permission at the root
-model via its ACL, so only the a user whom is a member of the group named
-``group:editors`` will able to invoke the views associated with the
-``add_page`` or ``edit_page`` routes.
+Adding these ``view_permission`` arguments causes Pyramid to make the
+assertion that only users who possess the effective ``edit`` permission at
+the time of the request may invoke those two views. We've granted the
+``group:editors`` principal the ``edit`` permission at the root model via its
+ACL, so only the a user whom is a member of the group named ``group:editors``
+will able to invoke the views associated with the ``add_page`` or
+``edit_page`` routes.
Viewing Your Changes
~~~~~~~~~~~~~~~~~~~~
@@ -186,8 +185,8 @@ Changing Existing Views
~~~~~~~~~~~~~~~~~~~~~~~
Then we need to change each of our ``view_page``, ``edit_page`` and
-``add_page`` views in ``views.py`` to pass a "logged in" parameter to
-its template. We'll add something like this to each view body:
+``add_page`` views in ``views.py`` to pass a "logged in" parameter to its
+template. We'll add something like this to each view body:
.. ignore-next-block
.. code-block:: python
@@ -196,8 +195,8 @@ its template. We'll add something like this to each view body:
from pyramid.security import authenticated_userid
logged_in = authenticated_userid(request)
-We'll then change the return value of these views to pass the
-`resulting `logged_in`` value to the template, e.g.:
+We'll then change the return value of these views to pass the `resulting
+`logged_in`` value to the template, e.g.:
.. ignore-next-block
.. code-block:: python
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 17:02:10 +0000