From baa59284e1ee26284ecb68d957d5607e40ed786f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Mon, 22 Jun 2020 16:33:13 -0400 Subject: first shot for #1602 --- src/pyramid/config/routes.py | 7 +++++++ src/pyramid/config/views.py | 7 +++++++ src/pyramid/interfaces.py | 12 ++++++++++++ src/pyramid/predicates.py | 13 +++++++++++++ src/pyramid/security.py | 5 +++++ 5 files changed, 44 insertions(+) (limited to 'src') diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py index a12e18fa8..0fbfcca0c 100644 --- a/src/pyramid/config/routes.py +++ b/src/pyramid/config/routes.py @@ -268,6 +268,12 @@ class RoutesConfiguratorMixin: Removed support for media ranges. + is_authenticated + + XXX doc doc + + .. versionadded:: 2.0 + effective_principals If specified, this value should be a :term:`principal` identifier or @@ -537,6 +543,7 @@ class RoutesConfiguratorMixin: ('request_param', p.RequestParamPredicate), ('header', p.HeaderPredicate), ('accept', p.AcceptPredicate), + ('is_authenticated', p.IsAuthenticatedPredicate), ('effective_principals', p.EffectivePrincipalsPredicate), ('custom', p.CustomPredicate), ('traverse', p.TraversePredicate), diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py index a064ebd05..87f2cbcd7 100644 --- a/src/pyramid/config/views.py +++ b/src/pyramid/config/views.py @@ -712,6 +712,12 @@ class ViewsConfiguratorMixin: .. versionadded:: 1.4a3 + is_authenticated + + XXX doc doc + + ..versionadded:: 2.0 + effective_principals If specified, this value should be a :term:`principal` identifier or @@ -1205,6 +1211,7 @@ class ViewsConfiguratorMixin: ('request_type', p.RequestTypePredicate), ('match_param', p.MatchParamPredicate), ('physical_path', p.PhysicalPathPredicate), + ('is_authenticated', p.IsAuthenticatedPredicate), ('effective_principals', p.EffectivePrincipalsPredicate), ('custom', p.CustomPredicate), ): diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py index e92662f11..85539c2f2 100644 --- a/src/pyramid/interfaces.py +++ b/src/pyramid/interfaces.py @@ -113,6 +113,14 @@ class IResponse(Interface): """ Return a new app_iter built from the response app_iter that serves up only the given start:stop range. """ + authenticated_identity = Attribute( + """XXX Doc doc""" + ) + + authenticated_userid = Attribute( + """XXX Doc doc""" + ) + body = Attribute( """The body of the response, as a str. This will read in the entire app_iter if necessary.""" @@ -233,6 +241,10 @@ class IResponse(Interface): headers = Attribute(""" The headers in a dictionary-like object """) + is_authenticated = Attribute( + """XXX doc doc""" + ) + last_modified = Attribute( """ Gets and sets and deletes the Last-Modified header. For more information on Last-Modified see RFC 2616 section 14.29. Converts diff --git a/src/pyramid/predicates.py b/src/pyramid/predicates.py index 576bbbce6..fe8bc228c 100644 --- a/src/pyramid/predicates.py +++ b/src/pyramid/predicates.py @@ -276,6 +276,19 @@ class PhysicalPathPredicate: return False +class IsAuthenticatedPredicate: + def __init__(self, val, config): + self.val = val + + def text(self): + return "is_authenticated = %r" % (self.val,) + + phash = text + + def __call__(self, context, request): + return request.is_authenticated == self.val + + class EffectivePrincipalsPredicate: def __init__(self, val, config): if is_nonstr_iter(val): diff --git a/src/pyramid/security.py b/src/pyramid/security.py index 58bc72116..356286407 100644 --- a/src/pyramid/security.py +++ b/src/pyramid/security.py @@ -244,6 +244,11 @@ class SecurityAPIMixin: return None return policy.authenticated_userid(self) + @property + def is_authenticated(self): + """Return True if a user is authenticated for this request.""" + return self.authenticated_identity is not None + def has_permission(self, permission, context=None): """ Given a permission and an optional context, returns an instance of :data:`pyramid.security.Allowed` if the permission is granted to this -- cgit v1.2.3 From 70a23ba6e872ae03988caa322f8dd2b03770515c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Wed, 1 Jul 2020 18:33:12 -0400 Subject: add tests and docs --- src/pyramid/config/routes.py | 7 ++++++- src/pyramid/config/views.py | 6 +++++- src/pyramid/interfaces.py | 9 ++++++--- src/pyramid/security.py | 2 +- 4 files changed, 18 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py index 0fbfcca0c..feb28c7a7 100644 --- a/src/pyramid/config/routes.py +++ b/src/pyramid/config/routes.py @@ -270,7 +270,12 @@ class RoutesConfiguratorMixin: is_authenticated - XXX doc doc + This value, if specified, should be either ``True`` or ``False``. + If it is specified and is ``True``, the route will only match if + the request has an authenticated user, as determined by the + :term:`security policy` in use. If it is specified and ``False``, + the route will only match if the request does not have an + authenticated user. .. versionadded:: 2.0 diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py index 87f2cbcd7..4a5723a14 100644 --- a/src/pyramid/config/views.py +++ b/src/pyramid/config/views.py @@ -714,7 +714,11 @@ class ViewsConfiguratorMixin: is_authenticated - XXX doc doc + This value, if specified, should be either ``True`` or ``False``. + If it is specified and is ``True``, the request must be for an + authenticated user, as determined by the :term:`security policy` in + use. If it is specified and ``False``, the associated view callable + will match only if the request does not have an authenticated user. ..versionadded:: 2.0 diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py index 85539c2f2..b8c8d06a9 100644 --- a/src/pyramid/interfaces.py +++ b/src/pyramid/interfaces.py @@ -114,11 +114,13 @@ class IResponse(Interface): serves up only the given start:stop range. """ authenticated_identity = Attribute( - """XXX Doc doc""" + """An object representing the authenticated user, as determined by + the security policy in use, or ``None`` for unauthenticated requests. + The object's class and meaning is defined by the security policy.""" ) authenticated_userid = Attribute( - """XXX Doc doc""" + """A string to identify the authenticated user or ``None``.""" ) body = Attribute( @@ -242,7 +244,8 @@ class IResponse(Interface): headers = Attribute(""" The headers in a dictionary-like object """) is_authenticated = Attribute( - """XXX doc doc""" + """A boolean indicating whether the request has an authenticated + user, as determined by the security policy in use.""" ) last_modified = Attribute( diff --git a/src/pyramid/security.py b/src/pyramid/security.py index 356286407..2a1ef24bd 100644 --- a/src/pyramid/security.py +++ b/src/pyramid/security.py @@ -246,7 +246,7 @@ class SecurityAPIMixin: @property def is_authenticated(self): - """Return True if a user is authenticated for this request.""" + """Return ``True`` if a user is authenticated for this request.""" return self.authenticated_identity is not None def has_permission(self, permission, context=None): -- cgit v1.2.3 From 5f37acda1c8af7cb288e792e2c82f728fe254818 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Araujo?= Date: Thu, 2 Jul 2020 17:06:02 -0400 Subject: improve doc Co-Authored-By: Steve Piercy --- src/pyramid/config/routes.py | 13 +++++++------ src/pyramid/config/views.py | 14 ++++++++------ 2 files changed, 15 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/pyramid/config/routes.py b/src/pyramid/config/routes.py index feb28c7a7..4f3440c40 100644 --- a/src/pyramid/config/routes.py +++ b/src/pyramid/config/routes.py @@ -270,12 +270,12 @@ class RoutesConfiguratorMixin: is_authenticated - This value, if specified, should be either ``True`` or ``False``. - If it is specified and is ``True``, the route will only match if - the request has an authenticated user, as determined by the - :term:`security policy` in use. If it is specified and ``False``, - the route will only match if the request does not have an - authenticated user. + This value, if specified, must be either ``True`` or ``False``. + If it is specified and ``True``, only a request from an authenticated + user, as determined by the :term:`security policy` in use, will + satisfy the predicate. + If it is specified and ``False``, only a request from a user who is + not authenticated will satisfy the predicate. .. versionadded:: 2.0 @@ -293,6 +293,7 @@ class RoutesConfiguratorMixin: .. versionadded:: 1.4a4 .. deprecated:: 2.0 + Use ``is_authenticated`` or a custom predicate. custom_predicates diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py index 4a5723a14..26b69beb9 100644 --- a/src/pyramid/config/views.py +++ b/src/pyramid/config/views.py @@ -714,13 +714,14 @@ class ViewsConfiguratorMixin: is_authenticated - This value, if specified, should be either ``True`` or ``False``. - If it is specified and is ``True``, the request must be for an - authenticated user, as determined by the :term:`security policy` in - use. If it is specified and ``False``, the associated view callable - will match only if the request does not have an authenticated user. + This value, if specified, must be either ``True`` or ``False``. + If it is specified and ``True``, only a request from an authenticated + user, as determined by the :term:`security policy` in use, will + satisfy the predicate. + If it is specified and ``False``, only a request from a user who is + not authenticated will satisfy the predicate. - ..versionadded:: 2.0 + .. versionadded:: 2.0 effective_principals @@ -736,6 +737,7 @@ class ViewsConfiguratorMixin: .. versionadded:: 1.4a4 .. deprecated:: 2.0 + Use ``is_authenticated`` or a custom predicate. custom_predicates -- cgit v1.2.3