summaryrefslogtreecommitdiff
path: root/repoze/bfg/security.py
diff options
context:
space:
mode:
Diffstat (limited to 'repoze/bfg/security.py')
-rw-r--r--repoze/bfg/security.py28
1 files changed, 20 insertions, 8 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index eb260fea8..7e0ba6ffe 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -89,22 +89,34 @@ class RemoteUserACLSecurityPolicy(object):
def permits(self, context, request, permission):
""" Return ``Allowed`` if the policy permits access,
``Denied`` if not."""
- userid = request.environ.get('REMOTE_USER', None)
- effective_principals = [Everyone]
-
- if userid is not None:
- effective_principals.append(Authenticated)
- effective_principals.append(userid)
-
+ principals = self.effective_principals(request)
for location in LocationIterator(context):
authorizer = self.authorizer_factory(location, self.logger)
try:
- return authorizer.permits(permission, *effective_principals)
+ return authorizer.permits(permission, *principals)
except NoAuthorizationInformation:
continue
return False
+ def authenticated_userid(self, request):
+ """ Return the id of the currently authenticated user or
+ None if the user is not authenticated """
+ return request.environ.get('REMOTE_USER', None)
+
+ def effective_principals(self, request):
+ """ Return the list of 'effective' principals for the request.
+ This will include the userid of the currently authenticated
+ user if a user is currently authenticated. """
+ userid = self.authenticated_userid(request)
+ effective_principals = [Everyone]
+
+ if userid is not None:
+ effective_principals.append(Authenticated)
+ effective_principals.append(userid)
+ return effective_principals
+
+
class PermitsResult:
def __init__(self, ace, acl, permission, principals, context):
self.acl = acl
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-25 18:56:45 +0000