From 32bf9b3669f2ba0c4a0aaf35f4e2cdad8f9314f0 Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sun, 15 Dec 2019 19:55:10 -0800 Subject: Revert "Bring back identity into permits." This reverts commit 2e06fa414412688dc3b7e0b422b0fc0b96ec882f. --- docs/narr/security.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'docs/narr') diff --git a/docs/narr/security.rst b/docs/narr/security.rst index aac9eeb7b..cdc16b6a1 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -80,8 +80,9 @@ A simple security policy might look like the following: """ Return a string ID for the user. """ return self.identify(request).id - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): """ Allow access to everything if signed in. """ + identity = self.identify(request) if identity is not None: return Allowed('User is signed in.') else: @@ -147,8 +148,9 @@ For example, our above security policy can leverage these helpers like so: def authenticated_userid(self, request): return self.identify(request).id - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): """ Allow access to everything if signed in. """ + identity = self.identify(request) if identity is not None: return Allowed('User is signed in.') else: @@ -236,7 +238,9 @@ might look like so: from pyramid.security import Allowed, Denied class SecurityPolicy: - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): + identity = self.identify(request) + if identity is None: return Denied('User is not signed in.') if identity.role == 'admin': @@ -326,7 +330,7 @@ object. An implementation might look like this: from pyramid.authorization import ACLHelper class SecurityPolicy: - def permits(self, request, context, identity, permission): + def permits(self, request, context, permission): principals = [Everyone] if identity is not None: principals.append(Authenticated) -- cgit v1.2.3