From b1b92284f496800a4dfd2cea72cb9be07ba8661c Mon Sep 17 00:00:00 2001
From: Paul Everitt <paul@agendaless.com>
Date: Fri, 13 Sep 2013 16:52:14 -0400
Subject: First cut at import of quick tutorial.

---
 docs/quick_tutorial/authorization.rst | 112 ++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)
 create mode 100644 docs/quick_tutorial/authorization.rst

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
new file mode 100644
index 000000000..37b1a0520
--- /dev/null
+++ b/docs/quick_tutorial/authorization.rst
@@ -0,0 +1,112 @@
+===========================================
+21: Protecting Resources With Authorization
+===========================================
+
+Assign security statements to resources describing the permissions
+required to perform an operation.
+
+Background
+==========
+
+Our application has URLs that allow people to add/edit/delete content
+via a web browser. Time to add security to the application. Let's
+protect our add/edit views to require a login (username of
+``editor`` and password of ``editor``.) We will allow the other views
+to continue working without a password.
+
+Objectives
+==========
+
+- Introduce the Pyramid concepts of authentication, authorization,
+  permissions, and access control lists (ACLs)
+
+- Make a :term:`root factory` that returns an instance of our
+  class for the top of the application
+
+- Assign security statements to our root resource
+
+- Add a permissions predicate on a view
+
+- Provide a :term:`Forbidden view` to handle visiting a URL without
+  adequate permissions
+
+Steps
+=====
+
+#. We are going to use the authentication step as our starting point:
+
+   .. code-block:: bash
+
+    (env27)$ cd ..; cp -r authentication authorization; cd authorization
+    (env27)$ python setup.py develop
+
+#. Start by changing ``authorization/tutorial/__init__.py`` to
+   specify a root factory to the :term:`pyramid:configurator`:
+
+   .. literalinclude:: authorization/tutorial/__init__.py
+    :linenos:
+
+#. That means we need to implement
+   ``authorization/tutorial/resources.py``
+
+   .. literalinclude:: authorization/tutorial/resources.py
+    :linenos:
+
+#. Change ``authorization/tutorial/views.py`` to require the ``edit``
+   permission on the ``hello`` view and implement the forbidden view:
+
+   .. literalinclude:: authorization/tutorial/views.py
+    :linenos:
+
+#. Run your Pyramid application with:
+
+   .. code-block:: bash
+
+    (env27)$ pserve development.ini --reload
+
+#. Open ``http://localhost:6543/`` in a browser.
+
+#. If you are still logged in, click the "Log Out" link.
+
+#. Visit ``http://localhost:6543/howdy`` in a browser. You should be
+   asked to login.
+
+Analysis
+========
+
+This simple tutorial step can be boiled down to the following:
+
+- A view can require a *permission* (``edit``)
+
+- The context for our view (the ``Root``) has an access control list
+  (ACL)
+
+- This ACL says that the ``edit`` permission is available on ``Root``
+  to the ``group:editors`` *principal*
+
+- The registered ``groupfinder`` answers whether a particular user
+  (``editor``) has a particular group (``group:editors``)
+
+In summary: ``hello`` wants ``edit`` permission, ``Root`` says
+``group:editors`` has ``edit`` permission.
+
+Of course, this only applies on ``Root``. Some other part of the site
+(a.k.a. *context*) might have a different ACL.
+
+If you are not logged in and visit ``/hello``, you need to get
+shown the login screen. How does Pyramid know what is the login page to
+use? We explicitly told Pyramid that the ``login`` view should be used
+by decorating the view with ``@forbidden_view_config``.
+
+Extra Credit
+============
+
+#. Perhaps you would like experience of not having enough permissions
+   (forbidden) to be richer. How could you change this?
+
+#. Perhaps we want to store security statements in a database and
+   allow editing via a browser. How might this be done?
+
+#. What if we want different security statements on different kinds of
+   objects? Or on the same kinds of objects, but in different parts of a
+   URL hierarchy?
-- 
cgit v1.2.3


From 4042c772c8043ac96a22db439a736fec9ea2aafa Mon Sep 17 00:00:00 2001
From: Paul Everitt <paul@agendaless.com>
Date: Fri, 13 Sep 2013 17:09:35 -0400
Subject: All the references re-wired.

---
 docs/quick_tutorial/authorization.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
index 37b1a0520..9acd3b4a5 100644
--- a/docs/quick_tutorial/authorization.rst
+++ b/docs/quick_tutorial/authorization.rst
@@ -41,7 +41,7 @@ Steps
     (env27)$ python setup.py develop
 
 #. Start by changing ``authorization/tutorial/__init__.py`` to
-   specify a root factory to the :term:`pyramid:configurator`:
+   specify a root factory to the :term:`configurator`:
 
    .. literalinclude:: authorization/tutorial/__init__.py
     :linenos:
-- 
cgit v1.2.3


From 0a784868bdbc3a0eb226ed00e8d89cda9d181ec5 Mon Sep 17 00:00:00 2001
From: Paul Everitt <paul@agendaless.com>
Date: Fri, 13 Sep 2013 17:11:42 -0400
Subject: Fix naming of virtualenv prefix.

---
 docs/quick_tutorial/authorization.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
index 9acd3b4a5..e7e3b0306 100644
--- a/docs/quick_tutorial/authorization.rst
+++ b/docs/quick_tutorial/authorization.rst
@@ -37,8 +37,8 @@ Steps
 
    .. code-block:: bash
 
-    (env27)$ cd ..; cp -r authentication authorization; cd authorization
-    (env27)$ python setup.py develop
+    (env)$ cd ..; cp -r authentication authorization; cd authorization
+    (env)$ python setup.py develop
 
 #. Start by changing ``authorization/tutorial/__init__.py`` to
    specify a root factory to the :term:`configurator`:
@@ -62,7 +62,7 @@ Steps
 
    .. code-block:: bash
 
-    (env27)$ pserve development.ini --reload
+    (env)$ pserve development.ini --reload
 
 #. Open ``http://localhost:6543/`` in a browser.
 
-- 
cgit v1.2.3


From b0b28ede912c817a62a84b97c332e39eda02d166 Mon Sep 17 00:00:00 2001
From: Tshepang Lekhonkhobe <tshepang@gmail.com>
Date: Mon, 16 Sep 2013 02:14:53 +0200
Subject: s/env/venv just for sake of consistency

---
 docs/quick_tutorial/authorization.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
index e7e3b0306..7833a9b77 100644
--- a/docs/quick_tutorial/authorization.rst
+++ b/docs/quick_tutorial/authorization.rst
@@ -37,8 +37,8 @@ Steps
 
    .. code-block:: bash
 
-    (env)$ cd ..; cp -r authentication authorization; cd authorization
-    (env)$ python setup.py develop
+    (venv)$ cd ..; cp -r authentication authorization; cd authorization
+    (venv)$ python setup.py develop
 
 #. Start by changing ``authorization/tutorial/__init__.py`` to
    specify a root factory to the :term:`configurator`:
@@ -62,7 +62,7 @@ Steps
 
    .. code-block:: bash
 
-    (env)$ pserve development.ini --reload
+    (venv)$ pserve development.ini --reload
 
 #. Open ``http://localhost:6543/`` in a browser.
 
-- 
cgit v1.2.3


From d749bf4c987c4ab90bd5f89326e7d4059e4f47b3 Mon Sep 17 00:00:00 2001
From: Tshepang Lekhonkhobe <tshepang@gmail.com>
Date: Mon, 16 Sep 2013 02:18:11 +0200
Subject: make example links clickable, for convenience

---
 docs/quick_tutorial/authorization.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
index 7833a9b77..ec85ce6ec 100644
--- a/docs/quick_tutorial/authorization.rst
+++ b/docs/quick_tutorial/authorization.rst
@@ -64,11 +64,11 @@ Steps
 
     (venv)$ pserve development.ini --reload
 
-#. Open ``http://localhost:6543/`` in a browser.
+#. Open http://localhost:6543/ in a browser.
 
 #. If you are still logged in, click the "Log Out" link.
 
-#. Visit ``http://localhost:6543/howdy`` in a browser. You should be
+#. Visit http://localhost:6543/howdy in a browser. You should be
    asked to login.
 
 Analysis
-- 
cgit v1.2.3


From 187104fd81418beeb51592913041d9751bafe08d Mon Sep 17 00:00:00 2001
From: Paul Everitt <paul@agendaless.com>
Date: Wed, 25 Sep 2013 09:27:43 -0400
Subject: Quick Tutorial: Improve the setup instructions (adapted from Steve
 Piercy's work), particularly for Windows. Change all the steps to use
 $VENV/bin prefixes on commands (don't presume that they have done source
 env/bin/activate).

---
 docs/quick_tutorial/authorization.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'docs/quick_tutorial/authorization.rst')

diff --git a/docs/quick_tutorial/authorization.rst b/docs/quick_tutorial/authorization.rst
index ec85ce6ec..6b10d3409 100644
--- a/docs/quick_tutorial/authorization.rst
+++ b/docs/quick_tutorial/authorization.rst
@@ -37,8 +37,8 @@ Steps
 
    .. code-block:: bash
 
-    (venv)$ cd ..; cp -r authentication authorization; cd authorization
-    (venv)$ python setup.py develop
+    $ cd ..; cp -r authentication authorization; cd authorization
+    $ $VENV/bin/python setup.py develop
 
 #. Start by changing ``authorization/tutorial/__init__.py`` to
    specify a root factory to the :term:`configurator`:
@@ -62,7 +62,7 @@ Steps
 
    .. code-block:: bash
 
-    (venv)$ pserve development.ini --reload
+    $ $VENV/bin/pserve development.ini --reload
 
 #. Open http://localhost:6543/ in a browser.
 
-- 
cgit v1.2.3