Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
95 lines (61 sloc) 2.5 KB

:mod:`pyramid.security`

.. automodule:: pyramid.security

Authentication API Functions

.. autofunction:: forget

.. autofunction:: remember(request, userid, **kwargs)

Authorization API Functions

.. autofunction:: principals_allowed_by_permission

.. autofunction:: view_execution_permitted

Constants

.. attribute:: Everyone

    The special principal id named 'Everyone'.  This principal id is
    granted to all requests.  Its actual value is the string
    'system.Everyone'.

.. attribute:: Authenticated

    The special principal id named 'Authenticated'.  This principal id
    is granted to all requests which contain any other non-Everyone
    principal id (according to the :term:`authentication policy`).
    Its actual value is the string 'system.Authenticated'.

.. attribute:: ALL_PERMISSIONS

    An object that can be used as the ``permission`` member of an ACE
    which matches all permissions unconditionally.  For example, an
    ACE that uses ``ALL_PERMISSIONS`` might be composed like so:
    ``('Deny', 'system.Everyone', ALL_PERMISSIONS)``.

.. attribute:: DENY_ALL

    A convenience shorthand ACE that defines ``('Deny',
    'system.Everyone', ALL_PERMISSIONS)``.  This is often used as the
    last ACE in an ACL in systems that use an "inheriting" security
    policy, representing the concept "don't inherit any other ACEs".

.. attribute:: NO_PERMISSION_REQUIRED

        A special permission which indicates that the view should always
        be executable by entirely anonymous users, regardless of the
        default permission, bypassing any :term:`authorization policy`
        that may be in effect.  Its actual value is the string
        '__no_permission_required__'.

Return Values

.. attribute:: Allow

    The ACE "action" (the first element in an ACE e.g. ``(Allow, Everyone,
    'read')`` that means allow access.  A sequence of ACEs makes up an
    ACL.  It is a string, and its actual value is "Allow".

.. attribute:: Deny

    The ACE "action" (the first element in an ACE e.g. ``(Deny,
    'george', 'read')`` that means deny access.  A sequence of ACEs
    makes up an ACL.  It is a string, and its actual value is "Deny".

.. autoclass:: Denied
   :members: msg

   .. automethod:: __new__

.. autoclass:: Allowed
   :members: msg

   .. automethod:: __new__

.. autoclass:: ACLDenied
   :members: msg

   .. automethod:: __new__

.. autoclass:: ACLAllowed
   :members: msg

   .. automethod:: __new__

You can’t perform that action at this time.