From 791730715832038c1666683e37fef8bb67830045 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sun, 12 Jan 2020 20:49:35 -0600 Subject: move doc references from pyramid.security to pyramid.authorization --- docs/api/request.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/api') diff --git a/docs/api/request.rst b/docs/api/request.rst index 59d85ac2a..ed7f91e91 100644 --- a/docs/api/request.rst +++ b/docs/api/request.rst @@ -202,7 +202,7 @@ currently authenticated, but this depends on the :term:`authentication policy` in effect. If no :term:`authentication policy` is in effect, this will return a sequence containing only the - :attr:`pyramid.security.Everyone` principal. + :attr:`pyramid.authorization.Everyone` principal. .. method:: invoke_subrequest(request, use_tweens=False) -- cgit v1.2.3 From f486795cb4a92784fa1082bd69bebd84bf6d1366 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 14 Jan 2020 00:02:04 -0600 Subject: update changelog and docs --- docs/api/authorization.rst | 43 +++++++++++++++++++++++++++++++++++++++++++ docs/api/security.rst | 46 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 82 insertions(+), 7 deletions(-) (limited to 'docs/api') diff --git a/docs/api/authorization.rst b/docs/api/authorization.rst index c6b3d090e..fac47490a 100644 --- a/docs/api/authorization.rst +++ b/docs/api/authorization.rst @@ -10,3 +10,46 @@ .. autoclass:: ACLAuthorizationPolicy +Constants +--------- + +.. attribute:: Everyone + + The special principal id named 'Everyone'. This principal id is + granted to all requests. Its actual value is the string + 'system.Everyone'. + +.. attribute:: Authenticated + + The special principal id named 'Authenticated'. This principal id + is granted to all requests which contain any other non-Everyone + principal id (according to the :term:`authentication policy`). + Its actual value is the string 'system.Authenticated'. + +.. attribute:: ALL_PERMISSIONS + + An object that can be used as the ``permission`` member of an ACE + which matches all permissions unconditionally. For example, an + ACE that uses ``ALL_PERMISSIONS`` might be composed like so: + ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. + +.. attribute:: DENY_ALL + + A convenience shorthand ACE that defines ``('Deny', + 'system.Everyone', ALL_PERMISSIONS)``. This is often used as the + last ACE in an ACL in systems that use an "inheriting" security + policy, representing the concept "don't inherit any other ACEs". + +Return Values +------------- + +.. autoclass:: ACLDenied + :members: msg + + .. automethod:: __new__ + +.. autoclass:: ACLAllowed + :members: msg + + .. automethod:: __new__ + diff --git a/docs/api/security.rst b/docs/api/security.rst index edb66472e..3350f8207 100644 --- a/docs/api/security.rst +++ b/docs/api/security.rst @@ -10,7 +10,7 @@ Authentication API Functions .. autofunction:: forget -.. autofunction:: remember(request, userid, **kwargs) +.. autofunction:: remember Authorization API Functions --------------------------- @@ -22,12 +22,24 @@ Authorization API Functions Constants --------- +.. attribute:: NO_PERMISSION_REQUIRED + + A special permission which indicates that the view should always + be executable by entirely anonymous users, regardless of the + default permission, bypassing any :term:`authorization policy` + that may be in effect. Its actual value is the string + '__no_permission_required__'. + .. attribute:: Everyone The special principal id named 'Everyone'. This principal id is granted to all requests. Its actual value is the string 'system.Everyone'. + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Everyone`. + .. attribute:: Authenticated The special principal id named 'Authenticated'. This principal id @@ -35,6 +47,10 @@ Constants principal id (according to the :term:`authentication policy`). Its actual value is the string 'system.Authenticated'. + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Authenticated`. + .. attribute:: ALL_PERMISSIONS An object that can be used as the ``permission`` member of an ACE @@ -42,6 +58,10 @@ Constants ACE that uses ``ALL_PERMISSIONS`` might be composed like so: ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ALL_PERMISSIONS`. + .. attribute:: DENY_ALL A convenience shorthand ACE that defines ``('Deny', @@ -49,13 +69,9 @@ Constants last ACE in an ACL in systems that use an "inheriting" security policy, representing the concept "don't inherit any other ACEs". -.. attribute:: NO_PERMISSION_REQUIRED + .. deprecated:: 2.0 - A special permission which indicates that the view should always - be executable by entirely anonymous users, regardless of the - default permission, bypassing any :term:`authorization policy` - that may be in effect. Its actual value is the string - '__no_permission_required__'. + Moved to :data:`pyramid.authorization.DENY_ALL`. Return Values ------------- @@ -66,12 +82,20 @@ Return Values 'read')`` that means allow access. A sequence of ACEs makes up an ACL. It is a string, and its actual value is "Allow". + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Allow`. + .. attribute:: Deny The ACE "action" (the first element in an ACE e.g. ``(Deny, 'george', 'read')`` that means deny access. A sequence of ACEs makes up an ACL. It is a string, and its actual value is "Deny". + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.Deny`. + .. autoclass:: Denied :members: msg @@ -85,10 +109,18 @@ Return Values .. autoclass:: ACLDenied :members: msg + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ACLDenied`. + .. automethod:: __new__ .. autoclass:: ACLAllowed :members: msg + .. deprecated:: 2.0 + + Moved to :data:`pyramid.authorization.ACLAllowed`. + .. automethod:: __new__ -- cgit v1.2.3 From 32fca41e49875764ff7faf04f430a75344035d96 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 14 Jan 2020 15:52:54 -0600 Subject: Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Éric Araujo --- docs/api/authorization.rst | 5 ++--- docs/api/security.rst | 15 +++++++-------- 2 files changed, 9 insertions(+), 11 deletions(-) (limited to 'docs/api') diff --git a/docs/api/authorization.rst b/docs/api/authorization.rst index fac47490a..ec5dd4d36 100644 --- a/docs/api/authorization.rst +++ b/docs/api/authorization.rst @@ -17,14 +17,14 @@ Constants The special principal id named 'Everyone'. This principal id is granted to all requests. Its actual value is the string - 'system.Everyone'. + ``'system.Everyone'``. .. attribute:: Authenticated The special principal id named 'Authenticated'. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the :term:`authentication policy`). - Its actual value is the string 'system.Authenticated'. + Its actual value is the string ``'system.Authenticated'``. .. attribute:: ALL_PERMISSIONS @@ -52,4 +52,3 @@ Return Values :members: msg .. automethod:: __new__ - diff --git a/docs/api/security.rst b/docs/api/security.rst index 3350f8207..7bfdbd0ad 100644 --- a/docs/api/security.rst +++ b/docs/api/security.rst @@ -28,13 +28,13 @@ Constants be executable by entirely anonymous users, regardless of the default permission, bypassing any :term:`authorization policy` that may be in effect. Its actual value is the string - '__no_permission_required__'. + ``'__no_permission_required__'``. .. attribute:: Everyone - The special principal id named 'Everyone'. This principal id is + The special principal id named ``Everyone``. This principal id is granted to all requests. Its actual value is the string - 'system.Everyone'. + ``'system.Everyone'``. .. deprecated:: 2.0 @@ -42,10 +42,10 @@ Constants .. attribute:: Authenticated - The special principal id named 'Authenticated'. This principal id + The special principal id named ``Authenticated``. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the :term:`authentication policy`). - Its actual value is the string 'system.Authenticated'. + Its actual value is the string ``'system.Authenticated'``. .. deprecated:: 2.0 @@ -80,7 +80,7 @@ Return Values The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, 'read')`` that means allow access. A sequence of ACEs makes up an - ACL. It is a string, and its actual value is "Allow". + ACL. It is a string, and its actual value is ``'Allow'``. .. deprecated:: 2.0 @@ -90,7 +90,7 @@ Return Values The ACE "action" (the first element in an ACE e.g. ``(Deny, 'george', 'read')`` that means deny access. A sequence of ACEs - makes up an ACL. It is a string, and its actual value is "Deny". + makes up an ACL. It is a string, and its actual value is ``'Deny'``. .. deprecated:: 2.0 @@ -123,4 +123,3 @@ Return Values Moved to :data:`pyramid.authorization.ACLAllowed`. .. automethod:: __new__ - -- cgit v1.2.3 From 1d6d0fcb2ce9bdb51fdb84b926b2f7c9b80763d2 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Tue, 14 Jan 2020 23:01:01 -0600 Subject: Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Éric Araujo --- docs/api/authorization.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/api') diff --git a/docs/api/authorization.rst b/docs/api/authorization.rst index ec5dd4d36..7bf245500 100644 --- a/docs/api/authorization.rst +++ b/docs/api/authorization.rst @@ -15,13 +15,13 @@ Constants .. attribute:: Everyone - The special principal id named 'Everyone'. This principal id is + The special principal id named ``Everyone``. This principal id is granted to all requests. Its actual value is the string ``'system.Everyone'``. .. attribute:: Authenticated - The special principal id named 'Authenticated'. This principal id + The special principal id named ``Authenticated``. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the :term:`authentication policy`). Its actual value is the string ``'system.Authenticated'``. -- cgit v1.2.3 From 592cadd9c20ce410d9ab7b9a748ec59dff001f65 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Thu, 16 Jan 2020 10:34:45 -0600 Subject: update docs with pyramid.authorizatio imports after syncing master --- docs/api/authorization.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'docs/api') diff --git a/docs/api/authorization.rst b/docs/api/authorization.rst index 7bf245500..be040f055 100644 --- a/docs/api/authorization.rst +++ b/docs/api/authorization.rst @@ -19,6 +19,10 @@ Constants granted to all requests. Its actual value is the string ``'system.Everyone'``. + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + .. attribute:: Authenticated The special principal id named ``Authenticated``. This principal id @@ -26,6 +30,10 @@ Constants principal id (according to the :term:`authentication policy`). Its actual value is the string ``'system.Authenticated'``. + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + .. attribute:: ALL_PERMISSIONS An object that can be used as the ``permission`` member of an ACE @@ -33,6 +41,10 @@ Constants ACE that uses ``ALL_PERMISSIONS`` might be composed like so: ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + .. attribute:: DENY_ALL A convenience shorthand ACE that defines ``('Deny', @@ -40,6 +52,10 @@ Constants last ACE in an ACL in systems that use an "inheriting" security policy, representing the concept "don't inherit any other ACEs". + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + Return Values ------------- @@ -48,7 +64,15 @@ Return Values .. automethod:: __new__ + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. + .. autoclass:: ACLAllowed :members: msg .. automethod:: __new__ + + .. versionadded:: 2.0 + + Moved from ``pyramid.security`` into ``pyramid.authorization``. -- cgit v1.2.3