commit | author | age
|
921713
|
1 |
.. _security_module: |
CM |
2 |
|
9c3b27
|
3 |
:mod:`pyramid.security` |
921713
|
4 |
========================== |
CM |
5 |
|
9c3b27
|
6 |
.. automodule:: pyramid.security |
921713
|
7 |
|
312804
|
8 |
Authentication API Functions |
CM |
9 |
---------------------------- |
b54cdb
|
10 |
|
efc743
|
11 |
.. autofunction:: authenticated_userid |
b54cdb
|
12 |
|
2526d8
|
13 |
.. autofunction:: unauthenticated_userid |
CM |
14 |
|
efc743
|
15 |
.. autofunction:: effective_principals |
921713
|
16 |
|
a1a9fb
|
17 |
.. autofunction:: forget |
CM |
18 |
|
7a2b72
|
19 |
.. autofunction:: remember(request, userid, **kwargs) |
a1a9fb
|
20 |
|
312804
|
21 |
Authorization API Functions |
CM |
22 |
--------------------------- |
|
23 |
|
|
24 |
.. autofunction:: has_permission |
|
25 |
|
|
26 |
.. autofunction:: principals_allowed_by_permission |
|
27 |
|
a1a9fb
|
28 |
.. autofunction:: view_execution_permitted |
CM |
29 |
|
041897
|
30 |
Constants |
312804
|
31 |
--------- |
041897
|
32 |
|
CM |
33 |
.. attribute:: Everyone |
921713
|
34 |
|
CM |
35 |
The special principal id named 'Everyone'. This principal id is |
|
36 |
granted to all requests. Its actual value is the string |
|
37 |
'system.Everyone'. |
|
38 |
|
041897
|
39 |
.. attribute:: Authenticated |
921713
|
40 |
|
CM |
41 |
The special principal id named 'Authenticated'. This principal id |
|
42 |
is granted to all requests which contain any other non-Everyone |
a1a9fb
|
43 |
principal id (according to the :term:`authentication policy`). |
CM |
44 |
Its actual value is the string 'system.Authenticated'. |
921713
|
45 |
|
226b49
|
46 |
.. attribute:: ALL_PERMISSIONS |
CM |
47 |
|
|
48 |
An object that can be used as the ``permission`` member of an ACE |
|
49 |
which matches all permissions unconditionally. For example, an |
|
50 |
ACE that uses ``ALL_PERMISSIONS`` might be composed like so: |
|
51 |
``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. |
|
52 |
|
|
53 |
.. attribute:: DENY_ALL |
|
54 |
|
|
55 |
A convenience shorthand ACE that defines ``('Deny', |
|
56 |
'system.Everyone', ALL_PERMISSIONS)``. This is often used as the |
|
57 |
last ACE in an ACL in systems that use an "inheriting" security |
|
58 |
policy, representing the concept "don't inherit any other ACEs". |
|
59 |
|
feceff
|
60 |
.. attribute:: NO_PERMISSION_REQUIRED |
MM |
61 |
|
1dd5ab
|
62 |
A special permission which indicates that the view should always |
DH |
63 |
be executable by entirely anonymous users, regardless of the |
|
64 |
default permission, bypassing any :term:`authorization policy` |
|
65 |
that may be in effect. Its actual value is the string |
|
66 |
'__no_permission_required__'. |
|
67 |
|
041897
|
68 |
Return Values |
312804
|
69 |
------------- |
041897
|
70 |
|
CM |
71 |
.. attribute:: Allow |
921713
|
72 |
|
CM |
73 |
The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, |
|
74 |
'read')`` that means allow access. A sequence of ACEs makes up an |
283494
|
75 |
ACL. It is a string, and its actual value is "Allow". |
921713
|
76 |
|
041897
|
77 |
.. attribute:: Deny |
921713
|
78 |
|
CM |
79 |
The ACE "action" (the first element in an ACE e.g. ``(Deny, |
|
80 |
'george', 'read')`` that means deny access. A sequence of ACEs |
283494
|
81 |
makes up an ACL. It is a string, and its actual value is "Deny". |
921713
|
82 |
|
041897
|
83 |
.. autoclass:: Denied |
213001
|
84 |
:members: msg |
MM |
85 |
|
|
86 |
.. automethod:: __new__ |
921713
|
87 |
|
041897
|
88 |
.. autoclass:: Allowed |
213001
|
89 |
:members: msg |
MM |
90 |
|
|
91 |
.. automethod:: __new__ |
|
92 |
|
|
93 |
.. autoclass:: ACLDenied |
|
94 |
:members: msg |
|
95 |
|
|
96 |
.. automethod:: __new__ |
|
97 |
|
|
98 |
.. autoclass:: ACLAllowed |
|
99 |
:members: msg |
|
100 |
|
|
101 |
.. automethod:: __new__ |
041897
|
102 |
|