From 5abdd1d7636a8f7c5cda4c8fcf2669c3937c1186 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Sun, 3 Mar 2019 08:49:58 -0800
Subject: Implement new request.has_permission.

Deleted AuthorizationAPIMixin
---
 src/pyramid/request.py  |  7 +-----
 src/pyramid/security.py | 67 +++++++++++++++++++++----------------------------
 src/pyramid/testing.py  |  2 --
 3 files changed, 29 insertions(+), 47 deletions(-)

(limited to 'src')

diff --git a/src/pyramid/request.py b/src/pyramid/request.py
index bb0dcaa2b..5c68abe69 100644
--- a/src/pyramid/request.py
+++ b/src/pyramid/request.py
@@ -15,11 +15,7 @@ from pyramid.interfaces import (
 from pyramid.decorator import reify
 from pyramid.i18n import LocalizerRequestMixin
 from pyramid.response import Response, _get_response_factory
-from pyramid.security import (
-    SecurityAPIMixin,
-    AuthenticationAPIMixin,
-    AuthorizationAPIMixin,
-)
+from pyramid.security import SecurityAPIMixin, AuthenticationAPIMixin
 from pyramid.url import URLMethodsMixin
 from pyramid.util import (
     InstancePropertyHelper,
@@ -153,7 +149,6 @@ class Request(
     LocalizerRequestMixin,
     SecurityAPIMixin,
     AuthenticationAPIMixin,
-    AuthorizationAPIMixin,
     ViewMethodsMixin,
 ):
     """
diff --git a/src/pyramid/security.py b/src/pyramid/security.py
index 66e314f79..4881d94a6 100644
--- a/src/pyramid/security.py
+++ b/src/pyramid/security.py
@@ -299,6 +299,34 @@ class SecurityAPIMixin(object):
             return None
         return policy.identify(self)
 
+    def has_permission(self, permission, context=None):
+        """ Given a permission and an optional context, returns an instance of
+        :data:`pyramid.security.Allowed` if the permission is granted to this
+        request with the provided context, or the context already associated
+        with the request.  Otherwise, returns an instance of
+        :data:`pyramid.security.Denied`.  This method delegates to the current
+        security policy.  Returns
+        :data:`pyramid.security.Allowed` unconditionally if no security
+        policy has been registered for this request.  If ``context`` is not
+        supplied or is supplied as ``None``, the context used is the
+        ``request.context`` attribute.
+
+        :param permission: Does this request have the given permission?
+        :type permission: str
+        :param context: A resource object or ``None``
+        :type context: object
+        :returns: Either :class:`pyramid.security.Allowed` or
+                  :class:`pyramid.security.Denied`.
+
+        """
+        if context is None:
+            context = self.context
+        policy = _get_security_policy(self)
+        if policy is None:
+            return Allowed('No security policy in use.')
+        identity = policy.identify(self)
+        return policy.permits(self, context, identity, permission)
+
 
 class AuthenticationAPIMixin(object):
     @property
@@ -361,45 +389,6 @@ class AuthenticationAPIMixin(object):
         return policy.effective_principals(self)
 
 
-class AuthorizationAPIMixin(object):
-    def has_permission(self, permission, context=None):
-        """ Given a permission and an optional context, returns an instance of
-        :data:`pyramid.security.Allowed` if the permission is granted to this
-        request with the provided context, or the context already associated
-        with the request.  Otherwise, returns an instance of
-        :data:`pyramid.security.Denied`.  This method delegates to the current
-        authentication and authorization policies.  Returns
-        :data:`pyramid.security.Allowed` unconditionally if no authentication
-        policy has been registered for this request.  If ``context`` is not
-        supplied or is supplied as ``None``, the context used is the
-        ``request.context`` attribute.
-
-        :param permission: Does this request have the given permission?
-        :type permission: str
-        :param context: A resource object or ``None``
-        :type context: object
-        :returns: Either :class:`pyramid.security.Allowed` or
-                  :class:`pyramid.security.Denied`.
-
-        .. versionadded:: 1.5
-
-        """
-        if context is None:
-            context = self.context
-        reg = _get_registry(self)
-        authn_policy = reg.queryUtility(IAuthenticationPolicy)
-        if authn_policy is None:
-            return Allowed('No authentication policy in use.')
-        authz_policy = reg.queryUtility(IAuthorizationPolicy)
-        if authz_policy is None:
-            raise ValueError(
-                'Authentication policy registered without '
-                'authorization policy'
-            )  # should never happen
-        principals = authn_policy.effective_principals(self)
-        return authz_policy.permits(context, principals, permission)
-
-
 @implementer(ISecurityPolicy)
 class LegacySecurityPolicy:
     """
diff --git a/src/pyramid/testing.py b/src/pyramid/testing.py
index 7a85aff85..90a49c04a 100644
--- a/src/pyramid/testing.py
+++ b/src/pyramid/testing.py
@@ -19,7 +19,6 @@ from pyramid.security import (
     Everyone,
     SecurityAPIMixin,
     AuthenticationAPIMixin,
-    AuthorizationAPIMixin,
 )
 
 from pyramid.threadlocal import get_current_registry, manager
@@ -306,7 +305,6 @@ class DummyRequest(
     LocalizerRequestMixin,
     SecurityAPIMixin,
     AuthenticationAPIMixin,
-    AuthorizationAPIMixin,
     ViewMethodsMixin,
 ):
     """ A DummyRequest object (incompletely) imitates a :term:`request` object.
-- 
cgit v1.2.3