From 67328b060928cab8ca54349cb2867088f354a95c Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 20 Jul 2008 07:53:37 +0000
Subject:   - Add authenticated_userid and effective_principals API to security
     policy.

---
 repoze/bfg/security.py | 28 ++++++++++++++++++++--------
 1 file changed, 20 insertions(+), 8 deletions(-)

(limited to 'repoze/bfg/security.py')

diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index eb260fea8..7e0ba6ffe 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -89,22 +89,34 @@ class RemoteUserACLSecurityPolicy(object):
     def permits(self, context, request, permission):
         """ Return ``Allowed`` if the policy permits access,
         ``Denied`` if not."""
-        userid = request.environ.get('REMOTE_USER', None)
-        effective_principals = [Everyone]
-
-        if userid is not None:
-            effective_principals.append(Authenticated)
-            effective_principals.append(userid)
-
+        principals = self.effective_principals(request)
         for location in LocationIterator(context):
             authorizer = self.authorizer_factory(location, self.logger)
             try:
-                return authorizer.permits(permission, *effective_principals)
+                return authorizer.permits(permission, *principals)
             except NoAuthorizationInformation:
                 continue
 
         return False
 
+    def authenticated_userid(self, request):
+        """ Return the id of the currently authenticated user or
+        None if the user is not authenticated """
+        return request.environ.get('REMOTE_USER', None)
+
+    def effective_principals(self, request):
+        """ Return the list of 'effective' principals for the request.
+        This will include the userid of the currently authenticated
+        user if a user is currently authenticated. """
+        userid = self.authenticated_userid(request)
+        effective_principals = [Everyone]
+
+        if userid is not None:
+            effective_principals.append(Authenticated)
+            effective_principals.append(userid)
+        return effective_principals
+
+
 class PermitsResult:
     def __init__(self, ace, acl, permission, principals, context):
         self.acl = acl
-- 
cgit v1.2.3