From 0168300b0da3c79e05ec87aa777e04674a86cebb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Sat, 14 Dec 2019 13:32:07 -0500 Subject: start reworking security policy --- docs/whatsnew-2.0.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'docs/whatsnew-2.0.rst') diff --git a/docs/whatsnew-2.0.rst b/docs/whatsnew-2.0.rst index bf1554a27..4448e0f69 100644 --- a/docs/whatsnew-2.0.rst +++ b/docs/whatsnew-2.0.rst @@ -44,10 +44,12 @@ The new security policy adds the concept of an :term:`identity`, which is an object representing the user associated with the current request. The identity can be accessed via :attr:`pyramid.request.Request.authenticated_identity`. The object can be of any shape, such as a simple ID string or an ORM object, -but should implement a ``__str__`` method that returns a string identifying the -current user, e.g. the ID of the user object in a database. The string -representation is return as -:attr:`pyramid.request.Request.authenticated_userid`. +and should represent an active user. + +As in previous version, the property :attr:`pyramid.request.Request.authenticated_userid` +can be used to get a string identifying the current user, for example +the ID of the user object in a database. The value is obtained from the +security policy. (:attr:`pyramid.request.Request.unauthenticated_userid` has been deprecated.) The concept of :term:`principals ` has been removed; the -- cgit v1.2.3 From cd0b92d10bfbb38068c216ce44dde9732fa127a8 Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sat, 14 Dec 2019 20:27:30 -0600 Subject: Update docs. --- docs/whatsnew-2.0.rst | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) (limited to 'docs/whatsnew-2.0.rst') diff --git a/docs/whatsnew-2.0.rst b/docs/whatsnew-2.0.rst index b5f349166..6b3261284 100644 --- a/docs/whatsnew-2.0.rst +++ b/docs/whatsnew-2.0.rst @@ -40,17 +40,15 @@ The new security policy should implement ``security_policy`` argument of :class:`pyramid.config.Configurator` or :meth:`pyramid.config.Configurator.set_security_policy`. +The policy contains ``authenticated_userid`` and ``remember``, +with the same method signatures as in the legacy authentication policy. It +also contains ``forget``, but now with keyword arguments in the method +signature. + The new security policy adds the concept of an :term:`identity`, which is an object representing the user associated with the current request. The identity can be accessed via :attr:`pyramid.request.Request.authenticated_identity`. -The object can be of any shape, such as a simple ID string or an ORM object, -and should represent an active user. - -As in previous version, the property :attr:`pyramid.request.Request.authenticated_userid` -can be used to get a string identifying the current user, for example -the ID of the user object in a database. The value is obtained from the -security policy. -(:attr:`pyramid.request.Request.unauthenticated_userid` has been deprecated.) +The object can be of any shape, such as a simple ID string or an ORM object. The concept of :term:`principals ` has been removed; the ``permits`` method is passed an identity object. This change gives much more @@ -97,9 +95,8 @@ The new :attr:`pyramid.request.Request.authenticated_identity` property will output the same result as :attr:`pyramid.request.Request.authenticated_userid`. If using a security policy, -:attr:`pyramid.request.Request.unauthenticated_userid` and -:attr:`pyramid.request.Request.authenticated_userid` will both return the -string representation of the :term:`identity`. +:attr:`pyramid.request.Request.authenticated_userid` will return the same value +as :attr:`pyramid.request.Request.authenticated_userid`. :attr:`pyramid.request.Request.effective_principals` will always return a one-element list containing the :data:`pyramid.security.Everyone` principal, as there is no equivalent in the new security policy. -- cgit v1.2.3 From 11b3c1c7dea42f8290b6a91d5ab292a27d974f3b Mon Sep 17 00:00:00 2001 From: Theron Luhn Date: Sun, 15 Dec 2019 20:02:36 -0800 Subject: Fix whatsnew. --- docs/whatsnew-2.0.rst | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'docs/whatsnew-2.0.rst') diff --git a/docs/whatsnew-2.0.rst b/docs/whatsnew-2.0.rst index 6b3261284..d5f825c43 100644 --- a/docs/whatsnew-2.0.rst +++ b/docs/whatsnew-2.0.rst @@ -94,9 +94,5 @@ normal, as well as all related :class:`pyramid.request.Request` properties. The new :attr:`pyramid.request.Request.authenticated_identity` property will output the same result as :attr:`pyramid.request.Request.authenticated_userid`. -If using a security policy, -:attr:`pyramid.request.Request.authenticated_userid` will return the same value -as :attr:`pyramid.request.Request.authenticated_userid`. -:attr:`pyramid.request.Request.effective_principals` will always return a -one-element list containing the :data:`pyramid.security.Everyone` principal, as -there is no equivalent in the new security policy. +If using a security policy, :attr:`pyramid.request.Request.unauthenticated_userid` will return the same value as :attr:`pyramid.request.Request.authenticated_userid`. +:attr:`pyramid.request.Request.effective_principals` will always return a one-element list containing the :data:`pyramid.security.Everyone` principal, as there is no equivalent in the new security policy. -- cgit v1.2.3