blob: accc462058c7f091ec54c4f7d029cde8e839cd1e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
.. _security_module:
:mod:`repoze.bfg.security`
==========================
.. automodule:: repoze.bfg.security
API Functions
~~~~~~~~~~~~~
.. autofunction:: authenticated_userid
.. autofunction:: effective_principals
.. autofunction:: has_permission
.. autofunction:: principals_allowed_by_permission
Constants
~~~~~~~~~
.. attribute:: Everyone
The special principal id named 'Everyone'. This principal id is
granted to all requests. Its actual value is the string
'system.Everyone'.
.. attribute:: Authenticated
The special principal id named 'Authenticated'. This principal id
is granted to all requests which contain any other non-Everyone
principal id (according to the security policy). Its actual value
is the string 'system.Authenticated'.
Return Values
~~~~~~~~~~~~~
.. attribute:: Allow
The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone,
'read')`` that means allow access. A sequence of ACEs makes up an
ACL. It is a string, and it's actual value is "Allow".
.. attribute:: Deny
The ACE "action" (the first element in an ACE e.g. ``(Deny,
'george', 'read')`` that means deny access. A sequence of ACEs
makes up an ACL. It is a string, and it's actual value is "Deny".
.. autoclass:: ACLDenied
:members:
.. autoclass:: ACLAllowed
:members:
.. autoclass:: Denied
:members:
.. autoclass:: Allowed
:members:
.. _security_policies_api_section:
Security Policies
~~~~~~~~~~~~~~~~~
.. autofunction:: RepozeWhoIdentityACLSecurityPolicy
.. autofunction:: RemoteUserACLSecurityPolicy
|
