From 9e3bdbce1063f67b2e927fec0677cf74095ea9ad Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Wed, 16 Jul 2008 22:25:43 +0000
Subject: Rearrange into narrative and API sections; include README in
 narrative as "introduction".

---
 docs/api/security.rst | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 docs/api/security.rst

(limited to 'docs/api/security.rst')

diff --git a/docs/api/security.rst b/docs/api/security.rst
new file mode 100644
index 000000000..317a7b335
--- /dev/null
+++ b/docs/api/security.rst
@@ -0,0 +1,43 @@
+.. _security_module:
+
+:mod:`repoze.bfg.security`
+==========================
+
+.. automodule:: repoze.bfg.security
+
+  .. autofunction:: has_permission
+
+  .. attribute:: Everyone
+
+    The special principal id named 'Everyone'.  This principal id is
+    granted to all requests.  Its actual value is the string
+    'system.Everyone'.
+
+  .. attribute:: Authenticated
+
+    The special principal id named 'Authenticated'.  This principal id
+    is granted to all requests which contain any other non-Everyone
+    principal id (according to the security policy).  Its actual value
+    is the string 'system.Authenticated'.
+
+  .. attribute:: Allow
+
+    The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone,
+    'read')`` that means allow access.  A sequence of ACEs makes up an
+    ACL.  It is a string, and it's actual value is "Allow".
+
+  .. attribute:: Deny
+
+    The ACE "action" (the first element in an ACE e.g. ``(Deny,
+    'george', 'read')`` that means deny access.  A sequence of ACEs
+    makes up an ACL.  It is a string, and it's actual value is "Deny".
+
+  .. autoclass:: RemoteUserACLSecurityPolicy
+     :members:
+
+  .. autoclass:: Denied
+     :members:
+
+  .. autoclass:: Allowed
+     :members:
+
-- 
cgit v1.2.3