Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

brought demos up to date with pyramid 1.3

  • Loading branch information...
commit 193a3e60f241f10cd813de4fc99250f6da903744 1 parent ac8ac0d
@mmerickel authored
View
44 0.no_security/demo.py
@@ -65,7 +65,10 @@ def forbidden_view(request):
loc = request.route_url('login', _query=(('next', request.path),))
return HTTPFound(location=loc)
-@view_config(route_name='home', renderer='home.mako')
+@view_config(
+ route_name='home',
+ renderer='home.mako',
+)
def home_view(request):
login = authenticated_userid(request)
user = USERS.get(login)
@@ -75,7 +78,10 @@ def home_view(request):
'user_pages': [p for (t, p) in PAGES.iteritems() if p.owner == login],
}
-@view_config(route_name='login', renderer='login.mako')
+@view_config(
+ route_name='login',
+ renderer='login.mako',
+)
def login_view(request):
next = request.params.get('next') or request.route_url('home')
login = ''
@@ -97,19 +103,27 @@ def login_view(request):
'users': USERS,
}
-@view_config(route_name='logout')
+@view_config(
+ route_name='logout',
+)
def logout_view(request):
headers = forget(request)
loc = request.route_url('home')
return HTTPFound(location=loc, headers=headers)
-@view_config(route_name='users', renderer='users.mako')
+@view_config(
+ route_name='users',
+ renderer='users.mako',
+)
def users_view(request):
return {
'users': sorted(USERS.keys()),
}
-@view_config(route_name='user', renderer='user.mako')
+@view_config(
+ route_name='user',
+ renderer='user.mako',
+)
def user_view(request):
login = request.matchdict['login']
user = USERS.get(login)
@@ -123,13 +137,19 @@ def user_view(request):
'pages': pages,
}
-@view_config(route_name='pages', renderer='pages.mako')
+@view_config(
+ route_name='pages',
+ renderer='pages.mako',
+)
def pages_view(request):
return {
'pages': PAGES.values(),
}
-@view_config(route_name='page', renderer='page.mako')
+@view_config(
+ route_name='page',
+ renderer='page.mako',
+)
def page_view(request):
uri = request.matchdict['title']
page = PAGES.get(uri)
@@ -159,7 +179,10 @@ def validate_page(title, body):
'errors': errors,
}
-@view_config(route_name='create_page', renderer='edit_page.mako')
+@view_config(
+ route_name='create_page',
+ renderer='edit_page.mako',
+)
def create_page_view(request):
owner = authenticated_userid(request)
if owner is None:
@@ -188,7 +211,10 @@ def create_page_view(request):
'errors': errors,
}
-@view_config(route_name='edit_page', renderer='edit_page.mako')
+@view_config(
+ route_name='edit_page',
+ renderer='edit_page.mako',
+)
def edit_page_view(request):
uri = request.matchdict['title']
page = PAGES.get(uri)
View
59 1.group_security/demo.py
@@ -12,6 +12,7 @@
from pyramid.security import authenticated_userid
from pyramid.security import forget
from pyramid.security import remember
+from pyramid.view import forbidden_view_config
from pyramid.view import view_config
### DEFINE MODEL
@@ -74,7 +75,7 @@ def groupfinder(userid, request):
return ['g:%s' % g for g in user.groups]
### DEFINE VIEWS
-@view_config(context=HTTPForbidden)
+@forbidden_view_config()
def forbidden_view(request):
# do not allow a user to login if they are already logged in
if authenticated_userid(request):
@@ -83,7 +84,10 @@ def forbidden_view(request):
loc = request.route_url('login', _query=(('next', request.path),))
return HTTPFound(location=loc)
-@view_config(route_name='home', renderer='home.mako')
+@view_config(
+ route_name='home',
+ renderer='home.mako',
+)
def home_view(request):
login = authenticated_userid(request)
user = USERS.get(login)
@@ -93,7 +97,10 @@ def home_view(request):
'user_pages': [p for (t, p) in PAGES.iteritems() if p.owner == login],
}
-@view_config(route_name='login', renderer='login.mako')
+@view_config(
+ route_name='login',
+ renderer='login.mako',
+)
def login_view(request):
next = request.params.get('next') or request.route_url('home')
login = ''
@@ -115,24 +122,34 @@ def login_view(request):
'users': USERS,
}
-@view_config(route_name='logout')
+@view_config(
+ route_name='logout',
+)
def logout_view(request):
headers = forget(request)
loc = request.route_url('home')
return HTTPFound(location=loc, headers=headers)
-@view_config(route_name='users', permission='admin', renderer='users.mako')
+@view_config(
+ route_name='users',
+ permission='admin',
+ renderer='users.mako',
+)
def users_view(request):
return {
'users': sorted(USERS.keys()),
}
-@view_config(route_name='user', permission='admin', renderer='user.mako')
+@view_config(
+ route_name='user',
+ permission='admin',
+ renderer='user.mako',
+)
def user_view(request):
login = request.matchdict['login']
user = USERS.get(login)
if not user:
- return HTTPNotFound()
+ raise HTTPNotFound()
pages = [p for (t, p) in PAGES.iteritems() if p.owner == login]
@@ -141,18 +158,24 @@ def user_view(request):
'pages': pages,
}
-@view_config(route_name='pages', renderer='pages.mako')
+@view_config(
+ route_name='pages',
+ renderer='pages.mako',
+)
def pages_view(request):
return {
'pages': PAGES.values(),
}
-@view_config(route_name='page', renderer='page.mako')
+@view_config(
+ route_name='page',
+ renderer='page.mako',
+)
def page_view(request):
uri = request.matchdict['title']
page = PAGES.get(uri)
if not page:
- return HTTPNotFound()
+ raise HTTPNotFound()
return {
'page': page,
@@ -177,8 +200,11 @@ def validate_page(title, body):
'errors': errors,
}
-@view_config(route_name='create_page', permission='create',
- renderer='edit_page.mako')
+@view_config(
+ route_name='create_page',
+ permission='create',
+ renderer='edit_page.mako',
+)
def create_page_view(request):
owner = authenticated_userid(request)
@@ -205,13 +231,16 @@ def create_page_view(request):
'errors': errors,
}
-@view_config(route_name='edit_page', permission='edit',
- renderer='edit_page.mako')
+@view_config(
+ route_name='edit_page',
+ permission='edit',
+ renderer='edit_page.mako',
+)
def edit_page_view(request):
uri = request.matchdict['title']
page = PAGES.get(uri)
if not page:
- return HTTPNotFound()
+ raise HTTPNotFound()
errors = []
title = page.title
View
55 2.object_security/demo.py
@@ -12,6 +12,7 @@
from pyramid.security import Everyone
from pyramid.security import forget
from pyramid.security import remember
+from pyramid.view import forbidden_view_config
from pyramid.view import view_config
### DEFINE MODEL
@@ -114,7 +115,7 @@ def groupfinder(userid, request):
return ['g:%s' % g for g in user.groups]
### DEFINE VIEWS
-@view_config(context=HTTPForbidden)
+@forbidden_view_config()
def forbidden_view(request):
# do not allow a user to login if they are already logged in
if authenticated_userid(request):
@@ -123,7 +124,10 @@ def forbidden_view(request):
loc = request.route_url('login', _query=(('next', request.path),))
return HTTPFound(location=loc)
-@view_config(route_name='home', renderer='home.mako')
+@view_config(
+ route_name='home',
+ renderer='home.mako',
+)
def home_view(request):
login = authenticated_userid(request)
user = USERS.get(login)
@@ -133,7 +137,10 @@ def home_view(request):
'user_pages': [p for (t, p) in PAGES.iteritems() if p.owner == login],
}
-@view_config(route_name='login', renderer='login.mako')
+@view_config(
+ route_name='login',
+ renderer='login.mako',
+)
def login_view(request):
next = request.params.get('next') or request.route_url('home')
login = ''
@@ -155,19 +162,29 @@ def login_view(request):
'users': USERS,
}
-@view_config(route_name='logout')
+@view_config(
+ route_name='logout',
+)
def logout_view(request):
headers = forget(request)
loc = request.route_url('home')
return HTTPFound(location=loc, headers=headers)
-@view_config(route_name='users', permission='view', renderer='users.mako')
+@view_config(
+ route_name='users',
+ permission='view',
+ renderer='users.mako',
+)
def users_view(request):
return {
'users': sorted(USERS.keys()),
}
-@view_config(route_name='user', permission='view', renderer='user.mako')
+@view_config(
+ route_name='user',
+ permission='view',
+ renderer='user.mako',
+)
def user_view(request):
user = request.context
pages = [p for (t, p) in PAGES.iteritems() if p.owner == user.login]
@@ -177,13 +194,21 @@ def user_view(request):
'pages': pages,
}
-@view_config(route_name='pages', permission='view', renderer='pages.mako')
+@view_config(
+ route_name='pages',
+ permission='view',
+ renderer='pages.mako',
+)
def pages_view(request):
return {
'pages': PAGES.values(),
}
-@view_config(route_name='page', permission='view', renderer='page.mako')
+@view_config(
+ route_name='page',
+ permission='view',
+ renderer='page.mako',
+)
def page_view(request):
page = request.context
@@ -210,8 +235,11 @@ def validate_page(title, body):
'errors': errors,
}
-@view_config(route_name='create_page', permission='create',
- renderer='edit_page.mako')
+@view_config(
+ route_name='create_page',
+ permission='create',
+ renderer='edit_page.mako',
+)
def create_page_view(request):
owner = authenticated_userid(request)
@@ -238,8 +266,11 @@ def create_page_view(request):
'errors': errors,
}
-@view_config(route_name='edit_page', permission='edit',
- renderer='edit_page.mako')
+@view_config(
+ route_name='edit_page',
+ permission='edit',
+ renderer='edit_page.mako',
+)
def edit_page_view(request):
uri = request.matchdict['title']
page = request.context
View
32 docs/group_security.rst
@@ -37,7 +37,7 @@ From the :ref:`base_app`, the ``User`` object already has a list of
to its groups:
.. literalinclude:: ../1.group_security/demo.py
- :lines: 71-74
+ :lines: 72-75
The groups are prefixed with the "g:" to help distinguish them as
principals related to the user's groups.
@@ -55,11 +55,11 @@ unless they are an "editor" or an "admin".
.. code-block:: python
- [
- (Allow, Authenticated, 'create'),
- (Allow, 'g:editor', 'edit'),
- (Allow, 'g:admin', ALL_PERMISSIONS),
- ]
+ [
+ (Allow, Authenticated, 'create'),
+ (Allow, 'g:editor', 'edit'),
+ (Allow, 'g:admin', ALL_PERMISSIONS),
+ ]
Notice how the principals in the ACL match up with the principals
returned from the `groupfinder`. Pyramid's default authentication
@@ -90,8 +90,8 @@ be configured to use it as such. Root factories are explained in more
detail in :ref:`the_resource_tree`.
.. literalinclude:: ../1.group_security/demo.py
- :lines: 245-257
- :emphasize-lines: 248, 256
+ :lines: 274-286
+ :emphasize-lines: 277, 285
Securing the Views
==================
@@ -110,8 +110,8 @@ principal to the "create" permission. Now we can lock down the view
for ``'/create_page'`` to require the "create" permission.
.. literalinclude:: ../1.group_security/demo.py
- :lines: 180-183
- :emphasize-lines: 180
+ :lines: 203-209
+ :emphasize-lines: 205
Edit Page View
--------------
@@ -122,8 +122,8 @@ mapped these groups to the "edit" permission, so simply add it to the
view.
.. literalinclude:: ../1.group_security/demo.py
- :lines: 208-210
- :emphasize-lines: 208
+ :lines: 234-239
+ :emphasize-lines: 236
User Views
----------
@@ -137,14 +137,14 @@ Here we'll use the "admin" permission.
``'/users'``:
.. literalinclude:: ../1.group_security/demo.py
- :lines: 124-125
- :emphasize-lines: 124
+ :lines: 133-138
+ :emphasize-lines: 135
``'/user/{login}'``:
.. literalinclude:: ../1.group_security/demo.py
- :lines: 130-131
- :emphasize-lines: 130
+ :lines: 143-148
+ :emphasize-lines: 145
Simple Object-Level Authorization
=================================
View
8 docs/object_security.rst
@@ -163,7 +163,7 @@ per-instance of the object. The new ACL contains an entry for a
principal matching the ``login`` property of the object.
.. literalinclude:: ../2.object_security/demo.py
- :lines: 18-23
+ :lines: 19-24
Defining the Routes
~~~~~~~~~~~~~~~~~~~
@@ -173,7 +173,7 @@ routes to use the new ``UserFactory`` instead of the default ``Root``
factory.
.. literalinclude:: ../2.object_security/demo.py
- :lines: 294-296
+ :lines: 325-327
The ``'user'`` route also overrides the ``traverse`` parameter to
load the ``User`` object for that URL. The matched ``login`` in the
@@ -210,7 +210,7 @@ per-instance of the object. The new ACL contains an entry for a
principal matching the ``owner`` property of the object.
.. literalinclude:: ../2.object_security/demo.py
- :lines: 33-39
+ :lines: 34-40
Defining the Routes
~~~~~~~~~~~~~~~~~~~
@@ -220,7 +220,7 @@ routes to use the new ``PageFactory`` instead of the default ``Root``
factory.
.. literalinclude:: ../2.object_security/demo.py
- :lines: 298-303
+ :lines: 329-334
The ``'page'`` and ``'edit_page'`` routes also override the
``traverse`` parameter to load the ``Page`` object for that URL. The
Please sign in to comment.
Something went wrong with that request. Please try again.