From b54cdb6d0951a28b7d7bf4f585a4059cc5e6b18a Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Sun, 20 Jul 2008 08:41:08 +0000
Subject:   - Add API functions for authenticated_userid and
 effective_principals.

---
 repoze/bfg/security.py | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

(limited to 'repoze/bfg/security.py')

diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py
index 7e0ba6ffe..5ab6ae31d 100644
--- a/repoze/bfg/security.py
+++ b/repoze/bfg/security.py
@@ -27,6 +27,25 @@ def has_permission(permission, context, request):
         return True
     return policy.permits(context, request, permission)
 
+def authenticated_userid(request):
+    """ Return the userid of the currently authenticated user or None
+    if there is no security policy in effect or there is no currently
+    authenticated user """
+    policy = queryUtility(ISecurityPolicy)
+    if policy is None:
+        return None
+    return policy.authenticated_userid(request)
+
+def effective_principals(request):
+    """ Return the list of 'effective' principals for the request.
+    This will include the userid of the currently authenticated user
+    if a user is currently authenticated. If no security policy is in
+    effect, this will return an empty sequence."""
+    policy = queryUtility(ISecurityPolicy)
+    if policy is None:
+        return []
+    return policy.effective_principals(request)
+
 class ACLAuthorizer(object):
 
     def __init__(self, context, logger=None):
@@ -60,7 +79,6 @@ class ACLAuthorizer(object):
         result = Denied(None, acl, permission, principals, self.context)
         self.logger and self.logger.debug(str(result))
         return result
-        
 
 class RemoteUserACLSecurityPolicy(object):
     """ A security policy which:
@@ -100,14 +118,9 @@ class RemoteUserACLSecurityPolicy(object):
         return False
 
     def authenticated_userid(self, request):
-        """ Return the id of the currently authenticated user or
-        None if the user is not authenticated """
         return request.environ.get('REMOTE_USER', None)
 
     def effective_principals(self, request):
-        """ Return the list of 'effective' principals for the request.
-        This will include the userid of the currently authenticated
-        user if a user is currently authenticated. """
         userid = self.authenticated_userid(request)
         effective_principals = [Everyone]
 
@@ -116,7 +129,6 @@ class RemoteUserACLSecurityPolicy(object):
             effective_principals.append(userid)
         return effective_principals
 
-
 class PermitsResult:
     def __init__(self, ace, acl, permission, principals, context):
         self.acl = acl
-- 
cgit v1.2.3