| commit | author | age | ||
| 921713 | 1 | .. _security_module: |
| CM | 2 | |
| 9c3b27 | 3 | :mod:`pyramid.security` |
| 921713 | 4 | ========================== |
| CM | 5 | |
| 9c3b27 | 6 | .. automodule:: pyramid.security |
| 921713 | 7 | |
| 312804 | 8 | Authentication API Functions |
| CM | 9 | ---------------------------- |
| b54cdb | 10 | |
| efc743 | 11 | .. autofunction:: authenticated_userid |
| b54cdb | 12 | |
| 2526d8 | 13 | .. autofunction:: unauthenticated_userid |
| CM | 14 | |
| efc743 | 15 | .. autofunction:: effective_principals |
| 921713 | 16 | |
| a1a9fb | 17 | .. autofunction:: forget |
| CM | 18 | |
| 19 | .. autofunction:: remember | |
| 20 | ||
| 312804 | 21 | Authorization API Functions |
| CM | 22 | --------------------------- |
| 23 | ||
| 24 | .. autofunction:: has_permission | |
| 25 | ||
| 26 | .. autofunction:: principals_allowed_by_permission | |
| 27 | ||
| a1a9fb | 28 | .. autofunction:: view_execution_permitted |
| CM | 29 | |
| 041897 | 30 | Constants |
| 312804 | 31 | --------- |
| 041897 | 32 | |
| CM | 33 | .. attribute:: Everyone |
| 921713 | 34 | |
| CM | 35 | The special principal id named 'Everyone'. This principal id is |
| 36 | granted to all requests. Its actual value is the string | |
| 37 | 'system.Everyone'. | |
| 38 | ||
| 041897 | 39 | .. attribute:: Authenticated |
| 921713 | 40 | |
| CM | 41 | The special principal id named 'Authenticated'. This principal id |
| 42 | is granted to all requests which contain any other non-Everyone | |
| a1a9fb | 43 | principal id (according to the :term:`authentication policy`). |
| CM | 44 | Its actual value is the string 'system.Authenticated'. |
| 921713 | 45 | |
| 226b49 | 46 | .. attribute:: ALL_PERMISSIONS |
| CM | 47 | |
| 48 | An object that can be used as the ``permission`` member of an ACE | |
| 49 | which matches all permissions unconditionally. For example, an | |
| 50 | ACE that uses ``ALL_PERMISSIONS`` might be composed like so: | |
| 51 | ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. | |
| 52 | ||
| 53 | .. attribute:: DENY_ALL | |
| 54 | ||
| 55 | A convenience shorthand ACE that defines ``('Deny', | |
| 56 | 'system.Everyone', ALL_PERMISSIONS)``. This is often used as the | |
| 57 | last ACE in an ACL in systems that use an "inheriting" security | |
| 58 | policy, representing the concept "don't inherit any other ACEs". | |
| 59 | ||
| feceff | 60 | .. attribute:: NO_PERMISSION_REQUIRED |
| MM | 61 | |
| 041897 | 62 | Return Values |
| 312804 | 63 | ------------- |
| 041897 | 64 | |
| CM | 65 | .. attribute:: Allow |
| 921713 | 66 | |
| CM | 67 | The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, |
| 68 | 'read')`` that means allow access. A sequence of ACEs makes up an | |
| 69 | ACL. It is a string, and it's actual value is "Allow". | |
| 70 | ||
| 041897 | 71 | .. attribute:: Deny |
| 921713 | 72 | |
| CM | 73 | The ACE "action" (the first element in an ACE e.g. ``(Deny, |
| 74 | 'george', 'read')`` that means deny access. A sequence of ACEs | |
| 75 | makes up an ACL. It is a string, and it's actual value is "Deny". | |
| 76 | ||
| 041897 | 77 | .. autoclass:: ACLDenied |
| CM | 78 | :members: |
| 17ce57 | 79 | |
| 041897 | 80 | .. autoclass:: ACLAllowed |
| CM | 81 | :members: |
| 17ce57 | 82 | |
| 041897 | 83 | .. autoclass:: Denied |
| CM | 84 | :members: |
| 921713 | 85 | |
| 041897 | 86 | .. autoclass:: Allowed |
| CM | 87 | :members: |
| 88 | ||
