From 041897caf1f765d0edffcc3a1af2787714f308ca Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sat, 17 Jan 2009 21:13:35 +0000 Subject: Security policy documentation. --- repoze/bfg/security.py | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'repoze') diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index bdf40d8bc..1f7c80028 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -164,6 +164,16 @@ def RemoteUserACLSecurityPolicy(): __acl__ attribute will be used by the security machinery to grant or deny access. + Enable this security policy by adding the following to your + application's ``configure.zcml``: + + .. code-block:: xml + + + """ return ACLSecurityPolicy(get_remoteuser) @@ -176,12 +186,13 @@ def get_who_principals(request): return principals def RepozeWhoIdentityACLSecurityPolicy(): - """ A security policy which: + """ + A security policy which: - examines the request.environ for the ``repoze.who.identity`` dictionary. If one is found, the principal ids for the request are composed of ``repoze.who.identity['repoze.who.userid']`` - plus ``repoze.who.identity.get('groups', []). + plus ``repoze.who.identity.get('groups', [])``. - uses an ACL-based authorization model which attempts to find an ACL on the context, and which returns ``Allowed`` from its @@ -194,6 +205,15 @@ def RepozeWhoIdentityACLSecurityPolicy(): __acl__ attribute will be used by the security machinery to grant or deny access. + Enable this security policy by adding the following to your + application's ``configure.zcml``: + + .. code-block:: xml + + """ return ACLSecurityPolicy(get_who_principals) -- cgit v1.2.3