From 80b4af9533c54fd02636e997bfe620fcb7b491e0 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Mon, 28 Feb 2011 10:38:06 -0500
Subject: Fix authentication policy example.

Closes #137
---
 docs/narr/security.rst | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'docs/narr/security.rst')

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 6e07c9338..c7a07b857 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -564,12 +564,23 @@ that implements the following interface:
 
    class AuthenticationPolicy(object):
        """ An object representing a Pyramid authentication policy. """
+
        def authenticated_userid(self, request):
            """ Return the authenticated userid or ``None`` if no
-           authenticated userid can be found. """
+           authenticated userid can be found. This method of the policy 
+           should ensure that a record exists in whatever persistent store is 
+           used related to the user (the user should not have been deleted); 
+           if a record associated with the current id does not exist in a 
+           persistent store, it should return ``None``."""
+
+       def unauthenticated_userid(self, request):
+           """ Return the *unauthenticated* userid.  This method performs the
+           same duty as ``authenticated_userid`` but is permitted to return the
+           userid based only on data present in the request; it needn't (and
+           shouldn't) check any persistent store to ensure that the user record
+           related to the request userid exists."""
 
        def effective_principals(self, request):
-
            """ Return a sequence representing the effective principals
            including the userid and any groups belonged to by the current
            user, including 'system' groups such as
-- 
cgit v1.2.3