commit | author | age
|
921713
|
1 |
.. _security_module: |
CM |
2 |
|
9c3b27
|
3 |
:mod:`pyramid.security` |
921713
|
4 |
========================== |
CM |
5 |
|
9c3b27
|
6 |
.. automodule:: pyramid.security |
921713
|
7 |
|
312804
|
8 |
Authentication API Functions |
CM |
9 |
---------------------------- |
b54cdb
|
10 |
|
efc743
|
11 |
.. autofunction:: authenticated_userid |
b54cdb
|
12 |
|
2526d8
|
13 |
.. autofunction:: unauthenticated_userid |
CM |
14 |
|
efc743
|
15 |
.. autofunction:: effective_principals |
921713
|
16 |
|
a1a9fb
|
17 |
.. autofunction:: forget |
CM |
18 |
|
|
19 |
.. autofunction:: remember |
|
20 |
|
312804
|
21 |
Authorization API Functions |
CM |
22 |
--------------------------- |
|
23 |
|
|
24 |
.. autofunction:: has_permission |
|
25 |
|
|
26 |
.. autofunction:: principals_allowed_by_permission |
|
27 |
|
a1a9fb
|
28 |
.. autofunction:: view_execution_permitted |
CM |
29 |
|
041897
|
30 |
Constants |
312804
|
31 |
--------- |
041897
|
32 |
|
CM |
33 |
.. attribute:: Everyone |
921713
|
34 |
|
CM |
35 |
The special principal id named 'Everyone'. This principal id is |
|
36 |
granted to all requests. Its actual value is the string |
|
37 |
'system.Everyone'. |
|
38 |
|
041897
|
39 |
.. attribute:: Authenticated |
921713
|
40 |
|
CM |
41 |
The special principal id named 'Authenticated'. This principal id |
|
42 |
is granted to all requests which contain any other non-Everyone |
a1a9fb
|
43 |
principal id (according to the :term:`authentication policy`). |
CM |
44 |
Its actual value is the string 'system.Authenticated'. |
921713
|
45 |
|
226b49
|
46 |
.. attribute:: ALL_PERMISSIONS |
CM |
47 |
|
|
48 |
An object that can be used as the ``permission`` member of an ACE |
|
49 |
which matches all permissions unconditionally. For example, an |
|
50 |
ACE that uses ``ALL_PERMISSIONS`` might be composed like so: |
|
51 |
``('Deny', 'system.Everyone', ALL_PERMISSIONS)``. |
|
52 |
|
|
53 |
.. attribute:: DENY_ALL |
|
54 |
|
|
55 |
A convenience shorthand ACE that defines ``('Deny', |
|
56 |
'system.Everyone', ALL_PERMISSIONS)``. This is often used as the |
|
57 |
last ACE in an ACL in systems that use an "inheriting" security |
|
58 |
policy, representing the concept "don't inherit any other ACEs". |
|
59 |
|
feceff
|
60 |
.. attribute:: NO_PERMISSION_REQUIRED |
MM |
61 |
|
041897
|
62 |
Return Values |
312804
|
63 |
------------- |
041897
|
64 |
|
CM |
65 |
.. attribute:: Allow |
921713
|
66 |
|
CM |
67 |
The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone, |
|
68 |
'read')`` that means allow access. A sequence of ACEs makes up an |
|
69 |
ACL. It is a string, and it's actual value is "Allow". |
|
70 |
|
041897
|
71 |
.. attribute:: Deny |
921713
|
72 |
|
CM |
73 |
The ACE "action" (the first element in an ACE e.g. ``(Deny, |
|
74 |
'george', 'read')`` that means deny access. A sequence of ACEs |
|
75 |
makes up an ACL. It is a string, and it's actual value is "Deny". |
|
76 |
|
041897
|
77 |
.. autoclass:: ACLDenied |
CM |
78 |
:members: |
17ce57
|
79 |
|
041897
|
80 |
.. autoclass:: ACLAllowed |
CM |
81 |
:members: |
17ce57
|
82 |
|
041897
|
83 |
.. autoclass:: Denied |
CM |
84 |
:members: |
921713
|
85 |
|
041897
|
86 |
.. autoclass:: Allowed |
CM |
87 |
:members: |
|
88 |
|