From 041897caf1f765d0edffcc3a1af2787714f308ca Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sat, 17 Jan 2009 21:13:35 +0000
Subject: Security policy documentation.

---
 docs/api/security.rst | 50 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 16 deletions(-)

(limited to 'docs/api/security.rst')

diff --git a/docs/api/security.rst b/docs/api/security.rst
index c7088656e..accc46205 100644
--- a/docs/api/security.rst
+++ b/docs/api/security.rst
@@ -5,47 +5,65 @@
 
 .. automodule:: repoze.bfg.security
 
-  .. autofunction:: authenticated_userid
+API Functions
+~~~~~~~~~~~~~
 
-  .. autofunction:: effective_principals
+.. autofunction:: authenticated_userid
 
-  .. autofunction:: has_permission
+.. autofunction:: effective_principals
 
-  .. autofunction:: principals_allowed_by_permission
+.. autofunction:: has_permission
 
-  .. attribute:: Everyone
+.. autofunction:: principals_allowed_by_permission
+
+Constants
+~~~~~~~~~
+
+.. attribute:: Everyone
 
     The special principal id named 'Everyone'.  This principal id is
     granted to all requests.  Its actual value is the string
     'system.Everyone'.
 
-  .. attribute:: Authenticated
+.. attribute:: Authenticated
 
     The special principal id named 'Authenticated'.  This principal id
     is granted to all requests which contain any other non-Everyone
     principal id (according to the security policy).  Its actual value
     is the string 'system.Authenticated'.
 
-  .. attribute:: Allow
+Return Values
+~~~~~~~~~~~~~
+
+.. attribute:: Allow
 
     The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone,
     'read')`` that means allow access.  A sequence of ACEs makes up an
     ACL.  It is a string, and it's actual value is "Allow".
 
-  .. attribute:: Deny
+.. attribute:: Deny
 
     The ACE "action" (the first element in an ACE e.g. ``(Deny,
     'george', 'read')`` that means deny access.  A sequence of ACEs
     makes up an ACL.  It is a string, and it's actual value is "Deny".
 
-  .. autoclass:: ACLDenied
-     :members:
+.. autoclass:: ACLDenied
+   :members:
+
+.. autoclass:: ACLAllowed
+   :members:
+
+.. autoclass:: Denied
+   :members:
+
+.. autoclass:: Allowed
+   :members:
+
+.. _security_policies_api_section:
 
-  .. autoclass:: ACLAllowed
-     :members:
+Security Policies
+~~~~~~~~~~~~~~~~~
 
-  .. autoclass:: Denied
-     :members:
+.. autofunction:: RepozeWhoIdentityACLSecurityPolicy
 
-  .. autoclass:: Allowed
-     :members:
+.. autofunction:: RemoteUserACLSecurityPolicy
-- 
cgit v1.2.3