From 21300198ee62eb00b757a77f2792329ff2d882a0 Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Thu, 15 Jun 2017 06:21:04 +0200
Subject: [PATCH] fix p.security.ACLPermitsResult to subclass p.security.PermitsResult
---
pyramid/security.py | 109 +++++++++++++++++++++++++++++++++---------------------
1 files changed, 67 insertions(+), 42 deletions(-)
diff --git a/pyramid/security.py b/pyramid/security.py
index 035f09f..d123146 100644
--- a/pyramid/security.py
+++ b/pyramid/security.py
@@ -245,6 +245,14 @@
class PermitsResult(int):
def __new__(cls, s, *args):
+ """
+ Create a new instance.
+
+ :param fmt: A format string explaining the reason for denial.
+ :param args: Arguments are stored and used with the format string
+ to generate the ``msg``.
+
+ """
inst = int.__new__(cls, cls.boolval)
inst.s = s
inst.args = args
@@ -252,6 +260,7 @@
@property
def msg(self):
+ """ A string indicating why the result was generated."""
return self.s % self.args
def __str__(self):
@@ -263,24 +272,52 @@
self.msg)
class Denied(PermitsResult):
- """ An instance of ``Denied`` is returned when a security-related
+ """
+ An instance of ``Denied`` is returned when a security-related
API or other :app:`Pyramid` code denies an action unrelated to
an ACL check. It evaluates equal to all boolean false types. It
has an attribute named ``msg`` describing the circumstances for
- the deny."""
+ the deny.
+
+ """
boolval = 0
class Allowed(PermitsResult):
- """ An instance of ``Allowed`` is returned when a security-related
+ """
+ An instance of ``Allowed`` is returned when a security-related
API or other :app:`Pyramid` code allows an action unrelated to
an ACL check. It evaluates equal to all boolean true types. It
has an attribute named ``msg`` describing the circumstances for
- the allow."""
+ the allow.
+
+ """
boolval = 1
-class ACLPermitsResult(int):
+class ACLPermitsResult(PermitsResult):
def __new__(cls, ace, acl, permission, principals, context):
- inst = int.__new__(cls, cls.boolval)
+ """
+ Create a new instance.
+
+ :param ace: The :term:`ACE` that matched, triggering the result.
+ :param acl: The :term:`ACL` containing ``ace``.
+ :param permission: The required :term:`permission`.
+ :param principals: The list of :term:`principals <principal>` provided.
+ :param context: The :term:`context` providing the :term:`lineage`
+ searched.
+
+ """
+ fmt = ('%s permission %r via ACE %r in ACL %r on context %r for '
+ 'principals %r')
+ inst = PermitsResult.__new__(
+ cls,
+ fmt,
+ cls.__name__,
+ permission,
+ ace,
+ acl,
+ context,
+ principals,
+ )
inst.permission = permission
inst.ace = ace
inst.acl = acl
@@ -288,44 +325,31 @@
inst.context = context
return inst
- @property
- def msg(self):
- s = ('%s permission %r via ACE %r in ACL %r on context %r for '
- 'principals %r')
- return s % (self.__class__.__name__,
- self.permission,
- self.ace,
- self.acl,
- self.context,
- self.principals)
+class ACLDenied(ACLPermitsResult, Denied):
+ """
+ An instance of ``ACLDenied`` is a specialization of
+ :class:`pyramid.security.Denied` that represents that a security check
+ made explicitly against ACL was denied. It evaluates equal to all
+ boolean false types. It also has the following attributes: ``acl``,
+ ``ace``, ``permission``, ``principals``, and ``context``. These
+ attributes indicate the security values involved in the request. Its
+ ``__str__`` method prints a summary of these attributes for debugging
+ purposes. The same summary is available as the ``msg`` attribute.
- def __str__(self):
- return self.msg
+ """
- def __repr__(self):
- return '<%s instance at %s with msg %r>' % (self.__class__.__name__,
- id(self),
- self.msg)
+class ACLAllowed(ACLPermitsResult, Allowed):
+ """
+ An instance of ``ACLAllowed`` is a specialization of
+ :class:`pyramid.security.Allowed` that represents that a security check
+ made explicitly against ACL was allowed. It evaluates equal to all
+ boolean true types. It also has the following attributes: ``acl``,
+ ``ace``, ``permission``, ``principals``, and ``context``. These
+ attributes indicate the security values involved in the request. Its
+ ``__str__`` method prints a summary of these attributes for debugging
+ purposes. The same summary is available as the ``msg`` attribute.
-class ACLDenied(ACLPermitsResult):
- """ An instance of ``ACLDenied`` represents that a security check made
- explicitly against ACL was denied. It evaluates equal to all boolean
- false types. It also has the following attributes: ``acl``, ``ace``,
- ``permission``, ``principals``, and ``context``. These attributes
- indicate the security values involved in the request. Its __str__ method
- prints a summary of these attributes for debugging purposes. The same
- summary is available as the ``msg`` attribute."""
- boolval = 0
-
-class ACLAllowed(ACLPermitsResult):
- """ An instance of ``ACLAllowed`` represents that a security check made
- explicitly against ACL was allowed. It evaluates equal to all boolean
- true types. It also has the following attributes: ``acl``, ``ace``,
- ``permission``, ``principals``, and ``context``. These attributes
- indicate the security values involved in the request. Its __str__ method
- prints a summary of these attributes for debugging purposes. The same
- summary is available as the ``msg`` attribute."""
- boolval = 1
+ """
class AuthenticationAPIMixin(object):
@@ -395,7 +419,8 @@
:type permission: unicode, str
:param context: A resource object or ``None``
:type context: object
- :returns: `pyramid.security.PermitsResult`
+ :returns: Either :class:`pyramid.security.Allowed` or
+ :class:`pyramid.security.Denied`.
.. versionadded:: 1.5
--
Gitblit v1.9.3