From a1a9fb7128c935848b17c0ce6586991098a17f07 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 27 May 2009 04:52:51 +0000 Subject: Merge authchanges branch to trunk. --- repoze/bfg/interfaces.py | 56 ++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 7 deletions(-) (limited to 'repoze/bfg/interfaces.py') diff --git a/repoze/bfg/interfaces.py b/repoze/bfg/interfaces.py index cecc3a397..2b00ac18f 100644 --- a/repoze/bfg/interfaces.py +++ b/repoze/bfg/interfaces.py @@ -197,15 +197,26 @@ class INotFoundAppFactory(Interface): a``message`` key in the WSGI environ provides information pertaining to the reason for the notfound.""" +class IForbiddenResponseFactory(Interface): + """ A utility which returns an IResponse as the result of the + denial of a view invocation by a security policy.""" + def __call__(context, request): + """ Return an object implementing IResponse (an object with + the status, headerlist, and app_iter attributes) as a result + of a view invocation denial by a security policy. + + Note that the ``message`` key in the WSGI environ + (request.environ) provides information pertaining to the + reason for the view invocation denial. The ``context`` passed + to the forbidden app factory will be the context found by the + repoze.bfg router during traversal or url dispatch. The + ``request`` will be the request object which caused the deny.""" + class IUnauthorizedAppFactory(Interface): """ A utility which returns an Unauthorized WSGI application - factory""" - def __call__(): - """ Return a callable which returns an unauthorized WSGI - application. When the WSGI application is invoked, a - ``message`` key in the WSGI environ provides information - pertaining to the reason for the unauthorized.""" - + factory (deprecated in repoze.bfg 0.8.2) in favor of + IForbiddenResponseFactory """ + class IContextURL(Interface): """ An adapter which deals with URLs related to a context. """ @@ -220,6 +231,37 @@ class IRoutesContextFactory(Interface): """ A marker interface used to look up the default routes context factory """ +class IAuthenticationPolicy(Interface): + """ A multi-adapter on context and request """ + def authenticated_userid(context, request): + """ Return the authenticated userid or ``None`` if no + authenticated userid can be found. """ + + def effective_principals(context, request): + """ Return a sequence representing the effective principals + including the userid and any groups belonged to by the current + user, including 'system' groups such as Everyone and + Authenticated. """ + + def remember(context, request, principal, **kw): + """ Return a set of headers suitable for 'remembering' the + principal named ``principal`` when set in a response. An + individual authentication policy and its consumers can decide + on the composition and meaning of **kw. """ + + def forget(context, request): + """ Return a set of headers suitable for 'forgetting' the + current user on subsequent requests. """ + +class IAuthorizationPolicy(Interface): + """ A adapter on context """ + def permits(context, principals, permission): + """ Return True if any of the principals is allowed the + permission in the current context, else return False """ + + def principals_allowed_by_permission(context, permission): + """ Return a set of principal identifiers allowed by the permission """ + # VH_ROOT_KEY is an interface; its imported from other packages (e.g. # traversalwrapper) VH_ROOT_KEY = 'HTTP_X_VHM_ROOT' -- cgit v1.2.3