| commit | author | age | ||
| 921713 | 1 | .. _security_module: |
| CM | 2 | |
| 9c3b27 | 3 | :mod:`pyramid.security` |
| 921713 | 4 | ========================== |
| CM | 5 | |
| 9c3b27 | 6 | .. automodule:: pyramid.security |
| 921713 | 7 | |
| 312804 | 8 | Authentication API Functions |
| CM | 9 | ---------------------------- |
| b54cdb | 10 | |
| efc743 | 11 | .. autofunction:: authenticated_userid |
| b54cdb | 12 | |
| 2526d8 | 13 | .. autofunction:: unauthenticated_userid |
| CM | 14 | |
| efc743 | 15 | .. autofunction:: effective_principals |
| 921713 | 16 | |
| a1a9fb | 17 | .. autofunction:: forget |
| CM | 18 | |
| 7a2b72 | 19 | .. autofunction:: remember(request, userid, **kwargs) |
| a1a9fb | 20 | |
| 312804 | 21 | Authorization API Functions |
| CM | 22 | --------------------------- |
| 23 | ||
| 24 | .. autofunction:: has_permission | |
| 25 | ||
| 26 | .. autofunction:: principals_allowed_by_permission | |
| 27 | ||
| a1a9fb | 28 | .. autofunction:: view_execution_permitted |
| CM | 29 | |
| 041897 | 30 | Constants |
| 312804 | 31 | --------- |
| 041897 | 32 | |
| CM | 33 | .. attribute:: Everyone |
| 921713 | 34 | |
| CM | 35 | The special principal id named 'Everyone'. This principal id is |
| 36 | granted to all requests. Its actual value is the string | |
| 37 | 'system.Everyone'. | |
| 38 | ||
| 041897 | 39 | .. attribute:: Authenticated |
| 921713 | 40 | |
| CM | 41 | The special principal id named 'Authenticated'. This principal id |
| 42 | is granted to all requests which contain any other non-Everyone | |
| a1a9fb | 43 | principal id (according to the :term:`authentication policy`). |
| CM | 44 | Its actual value is the string 'system.Authenticated'. |
| 921713 | 45 | |
| 226b49 | 46 | .. attribute:: ALL_PERMISSIONS |
| CM | 47 | |
| 48 | An object that can be used as the ``permission`` member of an ACE | |
| 49 | which matches all permissions unconditionally. For example, an | |
| 50 | ACE that uses ``ALL_PERMISSIONS`` might be composed like so: | |
| 51 | ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. | |
| 52 | ||
| 53 | .. attribute:: DENY_ALL | |
| 54 | ||
| 55 | A convenience shorthand ACE that defines ``('Deny', | |
| 56 | 'system.Everyone', ALL_PERMISSIONS)``. This is often used as the | |
| 57 | last ACE in an ACL in systems that use an "inheriting" security | |
| 58 | policy, representing the concept "don't inherit any other ACEs". | |
| 59 | ||
| feceff | 60 | .. attribute:: NO_PERMISSION_REQUIRED |
| MM | 61 | |
| 1dd5ab | 62 | A special permission which indicates that the view should always |
| DH | 63 | be executable by entirely anonymous users, regardless of the |
| 64 | default permission, bypassing any :term:`authorization policy` | |
| 65 | that may be in effect. Its actual value is the string | |
| 66 | '__no_permission_required__'. | |
| 67 | ||
| 041897 | 68 | Return Values |
| 312804 | 69 | ------------- |
| 041897 | 70 | |
| CM | 71 | .. attribute:: Allow |
| 921713 | 72 | |
| CM | 73 | The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, |
| 74 | 'read')`` that means allow access. A sequence of ACEs makes up an | |
| 283494 | 75 | ACL. It is a string, and its actual value is "Allow". |
| 921713 | 76 | |
| 041897 | 77 | .. attribute:: Deny |
| 921713 | 78 | |
| CM | 79 | The ACE "action" (the first element in an ACE e.g. ``(Deny, |
| 80 | 'george', 'read')`` that means deny access. A sequence of ACEs | |
| 283494 | 81 | makes up an ACL. It is a string, and its actual value is "Deny". |
| 921713 | 82 | |
| 041897 | 83 | .. autoclass:: Denied |
| 213001 | 84 | :members: msg |
| MM | 85 | |
| 86 | .. automethod:: __new__ | |
| 921713 | 87 | |
| 041897 | 88 | .. autoclass:: Allowed |
| 213001 | 89 | :members: msg |
| MM | 90 | |
| 91 | .. automethod:: __new__ | |
| 92 | ||
| 93 | .. autoclass:: ACLDenied | |
| 94 | :members: msg | |
| 95 | ||
| 96 | .. automethod:: __new__ | |
| 97 | ||
| 98 | .. autoclass:: ACLAllowed | |
| 99 | :members: msg | |
| 100 | ||
| 101 | .. automethod:: __new__ | |
| 041897 | 102 | |
