pyramid.security

Authentication API Functions

Authorization API Functions

Constants

Everyone

The special principal id named ‘Everyone’. This principal id is granted to all requests. Its actual value is the string ‘system.Everyone’.

Authenticated

The special principal id named ‘Authenticated’. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the authentication policy). Its actual value is the string ‘system.Authenticated’.

ALL_PERMISSIONS

An object that can be used as the permission member of an ACE which matches all permissions unconditionally. For example, an ACE that uses ALL_PERMISSIONS might be composed like so: ('Deny', 'system.Everyone', ALL_PERMISSIONS).

DENY_ALL

A convenience shorthand ACE that defines ('Deny', 'system.Everyone', ALL_PERMISSIONS). This is often used as the last ACE in an ACL in systems that use an “inheriting” security policy, representing the concept “don’t inherit any other ACEs”.

NO_PERMISSION_REQUIRED

A special permission which indicates that the view should always be executable by entirely anonymous users, regardless of the default permission, bypassing any authorization policy that may be in effect. Its actual value is the string ‘__no_permission_required__’.

Return Values

Allow

The ACE “action” (the first element in an ACE e.g. (Allow, Everyone, 'read') that means allow access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Allow”.

Deny

The ACE “action” (the first element in an ACE e.g. (Deny, 'george', 'read') that means deny access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Deny”.