| | |
| | | |
| | | class PermitsResult(int): |
| | | def __new__(cls, s, *args): |
| | | """ |
| | | Create a new instance. |
| | | |
| | | :param fmt: A format string explaining the reason for denial. |
| | | :param args: Arguments are stored and used with the format string |
| | | to generate the ``msg``. |
| | | |
| | | """ |
| | | inst = int.__new__(cls, cls.boolval) |
| | | inst.s = s |
| | | inst.args = args |
| | |
| | | |
| | | @property |
| | | def msg(self): |
| | | """ A string indicating why the result was generated.""" |
| | | return self.s % self.args |
| | | |
| | | def __str__(self): |
| | |
| | | self.msg) |
| | | |
| | | class Denied(PermitsResult): |
| | | """ An instance of ``Denied`` is returned when a security-related |
| | | """ |
| | | An instance of ``Denied`` is returned when a security-related |
| | | API or other :app:`Pyramid` code denies an action unrelated to |
| | | an ACL check. It evaluates equal to all boolean false types. It |
| | | has an attribute named ``msg`` describing the circumstances for |
| | | the deny.""" |
| | | the deny. |
| | | |
| | | """ |
| | | boolval = 0 |
| | | |
| | | class Allowed(PermitsResult): |
| | | """ An instance of ``Allowed`` is returned when a security-related |
| | | """ |
| | | An instance of ``Allowed`` is returned when a security-related |
| | | API or other :app:`Pyramid` code allows an action unrelated to |
| | | an ACL check. It evaluates equal to all boolean true types. It |
| | | has an attribute named ``msg`` describing the circumstances for |
| | | the allow.""" |
| | | the allow. |
| | | |
| | | """ |
| | | boolval = 1 |
| | | |
| | | class ACLPermitsResult(int): |
| | | class ACLPermitsResult(PermitsResult): |
| | | def __new__(cls, ace, acl, permission, principals, context): |
| | | inst = int.__new__(cls, cls.boolval) |
| | | """ |
| | | Create a new instance. |
| | | |
| | | :param ace: The :term:`ACE` that matched, triggering the result. |
| | | :param acl: The :term:`ACL` containing ``ace``. |
| | | :param permission: The required :term:`permission`. |
| | | :param principals: The list of :term:`principals <principal>` provided. |
| | | :param context: The :term:`context` providing the :term:`lineage` |
| | | searched. |
| | | |
| | | """ |
| | | fmt = ('%s permission %r via ACE %r in ACL %r on context %r for ' |
| | | 'principals %r') |
| | | inst = PermitsResult.__new__( |
| | | cls, |
| | | fmt, |
| | | cls.__name__, |
| | | permission, |
| | | ace, |
| | | acl, |
| | | context, |
| | | principals, |
| | | ) |
| | | inst.permission = permission |
| | | inst.ace = ace |
| | | inst.acl = acl |
| | |
| | | inst.context = context |
| | | return inst |
| | | |
| | | @property |
| | | def msg(self): |
| | | s = ('%s permission %r via ACE %r in ACL %r on context %r for ' |
| | | 'principals %r') |
| | | return s % (self.__class__.__name__, |
| | | self.permission, |
| | | self.ace, |
| | | self.acl, |
| | | self.context, |
| | | self.principals) |
| | | class ACLDenied(ACLPermitsResult, Denied): |
| | | """ |
| | | An instance of ``ACLDenied`` is a specialization of |
| | | :class:`pyramid.security.Denied` that represents that a security check |
| | | made explicitly against ACL was denied. It evaluates equal to all |
| | | boolean false types. It also has the following attributes: ``acl``, |
| | | ``ace``, ``permission``, ``principals``, and ``context``. These |
| | | attributes indicate the security values involved in the request. Its |
| | | ``__str__`` method prints a summary of these attributes for debugging |
| | | purposes. The same summary is available as the ``msg`` attribute. |
| | | |
| | | def __str__(self): |
| | | return self.msg |
| | | """ |
| | | |
| | | def __repr__(self): |
| | | return '<%s instance at %s with msg %r>' % (self.__class__.__name__, |
| | | id(self), |
| | | self.msg) |
| | | class ACLAllowed(ACLPermitsResult, Allowed): |
| | | """ |
| | | An instance of ``ACLAllowed`` is a specialization of |
| | | :class:`pyramid.security.Allowed` that represents that a security check |
| | | made explicitly against ACL was allowed. It evaluates equal to all |
| | | boolean true types. It also has the following attributes: ``acl``, |
| | | ``ace``, ``permission``, ``principals``, and ``context``. These |
| | | attributes indicate the security values involved in the request. Its |
| | | ``__str__`` method prints a summary of these attributes for debugging |
| | | purposes. The same summary is available as the ``msg`` attribute. |
| | | |
| | | class ACLDenied(ACLPermitsResult): |
| | | """ An instance of ``ACLDenied`` represents that a security check made |
| | | explicitly against ACL was denied. It evaluates equal to all boolean |
| | | false types. It also has the following attributes: ``acl``, ``ace``, |
| | | ``permission``, ``principals``, and ``context``. These attributes |
| | | indicate the security values involved in the request. Its __str__ method |
| | | prints a summary of these attributes for debugging purposes. The same |
| | | summary is available as the ``msg`` attribute.""" |
| | | boolval = 0 |
| | | |
| | | class ACLAllowed(ACLPermitsResult): |
| | | """ An instance of ``ACLAllowed`` represents that a security check made |
| | | explicitly against ACL was allowed. It evaluates equal to all boolean |
| | | true types. It also has the following attributes: ``acl``, ``ace``, |
| | | ``permission``, ``principals``, and ``context``. These attributes |
| | | indicate the security values involved in the request. Its __str__ method |
| | | prints a summary of these attributes for debugging purposes. The same |
| | | summary is available as the ``msg`` attribute.""" |
| | | boolval = 1 |
| | | """ |
| | | |
| | | class AuthenticationAPIMixin(object): |
| | | |
| | |
| | | :type permission: unicode, str |
| | | :param context: A resource object or ``None`` |
| | | :type context: object |
| | | :returns: `pyramid.security.PermitsResult` |
| | | :returns: Either :class:`pyramid.security.Allowed` or |
| | | :class:`pyramid.security.Denied`. |
| | | |
| | | .. versionadded:: 1.5 |
| | | |