From 64ea2e288d7e6f47075269994319b9331dd09391 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 21 Sep 2008 00:44:37 +0000
Subject:    - Add ``principals_allowed_by_permission`` API to security module.

---
 repoze/bfg/interfaces.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'repoze/bfg/interfaces.py')

diff --git a/repoze/bfg/interfaces.py b/repoze/bfg/interfaces.py
index 6c28c75a7..7647facb4 100644
--- a/repoze/bfg/interfaces.py
+++ b/repoze/bfg/interfaces.py
@@ -45,8 +45,8 @@ class ISecurityPolicy(Interface):
        using authentication data """
     def permits(context, request, permission):
         """ Returns True if the combination of the authorization
-            information in the context and the authentication data in
-            the request allow the action implied by the permission """
+        information in the context and the authentication data in
+        the request allow the action implied by the permission """
 
     def authenticated_userid(request):
         """ Return the userid of the currently authenticated user or
@@ -57,6 +57,13 @@ class ISecurityPolicy(Interface):
         This must include the userid of the currently authenticated
         user if a user is currently authenticated."""
 
+    def principals_allowed_by_permission(context, permission):
+        """ Return a sequence of principal identifiers allowed by the
+        ``permission`` in the model implied by ``context``.  This
+        method may not be supported by a given security policy
+        implementation, in which case, it should raise a
+        ``NotImplementedError`` exception."""
+
 class NoAuthorizationInformation(Exception):
     pass
 
-- 
cgit v1.2.3