pyramid.security
¶
Authentication API Functions¶
Authorization API Functions¶
Constants¶
-
Everyone
¶ The special principal id named ‘Everyone’. This principal id is granted to all requests. Its actual value is the string ‘system.Everyone’.
-
Authenticated
¶ The special principal id named ‘Authenticated’. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the authentication policy). Its actual value is the string ‘system.Authenticated’.
-
ALL_PERMISSIONS
¶ An object that can be used as the
permission
member of an ACE which matches all permissions unconditionally. For example, an ACE that usesALL_PERMISSIONS
might be composed like so:('Deny', 'system.Everyone', ALL_PERMISSIONS)
.
-
DENY_ALL
¶ A convenience shorthand ACE that defines
('Deny', 'system.Everyone', ALL_PERMISSIONS)
. This is often used as the last ACE in an ACL in systems that use an “inheriting” security policy, representing the concept “don’t inherit any other ACEs”.
-
NO_PERMISSION_REQUIRED
¶ A special permission which indicates that the view should always be executable by entirely anonymous users, regardless of the default permission, bypassing any authorization policy that may be in effect. Its actual value is the string ‘__no_permission_required__’.
Return Values¶
-
Allow
¶ The ACE “action” (the first element in an ACE e.g.
(Allow, Everyone, 'read')
that means allow access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Allow”.
-
Deny
¶ The ACE “action” (the first element in an ACE e.g.
(Deny, 'george', 'read')
that means deny access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Deny”.