From e25a70a7d1c2016eaeff9c630df9109e715bba3b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Thu, 9 Sep 2010 17:46:49 +0000 Subject: Features -------- - In support of making it easier to configure applications which are "secure by default", a default permission feature was added. If supplied, the default permission is used as the permission string to all view registrations which don't otherwise name a permission. These APIs are in support of that: - A new constructor argument was added to the Configurator: ``default_permission``. - A new method was added to the Configurator: ``set_default_permission``. - A new ZCML directive was added: ``default_permission``. Documentation ------------- - Added documentation for the ``default_permission`` ZCML directive. - Added documentation for the ``default_permission`` constructor value and the ``set_default_permission`` method in the Configurator API documentation. - Added a new section to the "security" chapter named "Setting a Default Permission". - Document ``renderer_globals_factory`` and ``request_factory`` arguments to Configurator constructor. --- docs/zcml/default_permission.rst | 61 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 docs/zcml/default_permission.rst (limited to 'docs/zcml') diff --git a/docs/zcml/default_permission.rst b/docs/zcml/default_permission.rst new file mode 100644 index 000000000..39edbacd4 --- /dev/null +++ b/docs/zcml/default_permission.rst @@ -0,0 +1,61 @@ +.. _default_permission_directive: + +``default_permission`` +------------------------------- + +Set the default permission to be used by all :term:`view +configuration` registrations. + +This directive accepts a single attribute ,``name``, which should be +used as the default permission string. An example of a permission +string:``view``. Adding a default permission makes it unnecessary to +protect each view configuration with an explicit permission, unless +your application policy requires some exception for a particular view. + +If a default permission is *not* set, views represented by view +configuration registrations which do not explicitly declare a +permission will be executable by entirely anonymous users (any +authorization policy is ignored). + +There can be only one default permission active at a time within an +application, thus the default permission directive can only be used +once in any particular set of ZCML. + +.. note: This API is new as of :mod:`repoze.bfg` version 1.3. + +Attributes +~~~~~~~~~~ + +``name`` must be a string representing a :term:`permission`, + e.g. ``view``. + + + The ``secret`` is a string that will be used to encrypt the data + stored by the cookie. It is required and has no default. + +Example +~~~~~~~ + +.. code-block:: xml + :linenos: + + + +Alternatives +~~~~~~~~~~~~ + +Using the ``default_permission`` argument to the +:class:`repoze.bfg.configuration.Configurator` constructor can be used +to achieve the same purpose. + +Using the +:meth:`repoze.bfg.configuration.Configurator.set_default_permission` +method can be used to achieve the same purpose when using imperative +configuration. + +See Also +~~~~~~~~ + +See also :ref:``setting_a_default_permission``. -- cgit v1.2.3