From 918155824ec9bdd8f7a08c1b0a3e0c56720e9f41 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Mon, 16 Dec 2019 17:30:43 -0800
Subject: Update docs/narr/security.rst code examples.

---
 docs/narr/security.rst | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

(limited to 'docs/narr')

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index 60be067bf..50eeab27b 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -69,21 +69,20 @@ A simple security policy might look like the following:
     from pyramid.security import Allowed, Denied
 
     class SessionSecurityPolicy:
-        def authenticated_userid(self, request):
-            """ Return a string ID for the user. """
-            userid = self.identify(request).id
-            if validate_userid(request, userid):
-                return userid
-            else:
-                return None
-
         def identify(self, request):
             """ Return app-specific user object. """
-            userid = self.authenticated_userid
+            userid = request.session.get('userid')
             if userid is None:
                 return None
             return load_identity_from_db(request, userid)
 
+        def authenticated_userid(self, request):
+            """ Return a string ID for the user. """
+            identity = request.authenticated_identity
+            if identity is None:
+                return None
+            return string(identity.id)
+
         def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
             identity = self.identify(request)
@@ -145,19 +144,20 @@ For example, our above security policy can leverage these helpers like so:
         def __init__(self):
             self.helper = SessionAuthenticationHelper()
 
-        def authenticated_userid(self, request):
-            userid = self.helper.authenticated_userid(request)
-            if validate_userid(request, userid):
-                return userid
-            else:
-                return None
-
         def identify(self, request):
-            userid = self.authenticated_userid
+            """ Return app-specific user object. """
+            userid = self.helper.authenticated_userid(request)
             if userid is None:
                 return None
             return load_identity_from_db(request, userid)
 
+        def authenticated_userid(self, request):
+            """ Return a string ID for the user. """
+            identity = request.authenticated_identity
+            if identity is None:
+                return None
+            return str(identity.id)
+
         def permits(self, request, context, permission):
             """ Allow access to everything if signed in. """
             identity = self.identify(request)
-- 
cgit v1.2.3