File: security.rst

package info (click to toggle)
python-pyramid 1.6%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 9,112 kB
  • ctags: 8,169
  • sloc: python: 41,764; makefile: 111; sh: 17
file content (94 lines) | stat: -rw-r--r-- 2,584 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
.. _security_module:

:mod:`pyramid.security`
==========================

.. automodule:: pyramid.security

Authentication API Functions
----------------------------

.. autofunction:: authenticated_userid

.. autofunction:: unauthenticated_userid

.. autofunction:: effective_principals

.. autofunction:: forget

.. autofunction:: remember(request, userid, **kwargs)

Authorization API Functions
---------------------------

.. autofunction:: has_permission

.. autofunction:: principals_allowed_by_permission

.. autofunction:: view_execution_permitted

Constants
---------

.. attribute:: Everyone

    The special principal id named 'Everyone'.  This principal id is
    granted to all requests.  Its actual value is the string
    'system.Everyone'.

.. attribute:: Authenticated

    The special principal id named 'Authenticated'.  This principal id
    is granted to all requests which contain any other non-Everyone
    principal id (according to the :term:`authentication policy`).
    Its actual value is the string 'system.Authenticated'.

.. attribute:: ALL_PERMISSIONS

    An object that can be used as the ``permission`` member of an ACE
    which matches all permissions unconditionally.  For example, an
    ACE that uses ``ALL_PERMISSIONS`` might be composed like so:
    ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``.

.. attribute:: DENY_ALL

    A convenience shorthand ACE that defines ``('Deny',
    'system.Everyone', ALL_PERMISSIONS)``.  This is often used as the
    last ACE in an ACL in systems that use an "inheriting" security
    policy, representing the concept "don't inherit any other ACEs".

.. attribute:: NO_PERMISSION_REQUIRED

	A special permission which indicates that the view should always
	be executable by entirely anonymous users, regardless of the
	default permission, bypassing any :term:`authorization policy`
	that may be in effect.  Its actual value is the string
	'__no_permission_required__'.

Return Values
-------------

.. attribute:: Allow

    The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone,
    'read')`` that means allow access.  A sequence of ACEs makes up an
    ACL.  It is a string, and its actual value is "Allow".

.. attribute:: Deny

    The ACE "action" (the first element in an ACE e.g. ``(Deny,
    'george', 'read')`` that means deny access.  A sequence of ACEs
    makes up an ACL.  It is a string, and its actual value is "Deny".

.. autoclass:: ACLDenied
   :members:

.. autoclass:: ACLAllowed
   :members:

.. autoclass:: Denied
   :members:

.. autoclass:: Allowed
   :members: