Previously Chris McDonough wrote:
> def remember(self, principal, token):
> """ Return a set of headers suitable for 'remembering' the
> principal on subsequent requests """
> def forget():
> """ Return a set of headers suitable for 'forgetting' the
> current user on subsequent requests"""
It would be nice if there was also a handy utility function to apply
those headers to a response. I suspect that code is often repeated now.
> class IAuthorizationPolicy(Interface):
> """ An adapter on context """
> def permits(self, principals, permission):
> """ Return True if any of the principals is allowed the
> permission in the current context, else return False """
> def principals_allowed_by_permission(self, permission):
> """ Return a set of principal identifiers allowed by the permission
There are situations where principals_allowed_by_permission may not be
possible, or at least very expensive. In LDAP/AD environments for
example getting a list of all principles is often not doable. This
should be reflected in the API somehow. Perhaps allow for
principals_allowed_by_permission to return a value indicating it is not
willing to support this?
The same holds for the version in ISecurityPolicy.
I wonder if we should also set the exceptions that can be thrown by
those routines. Depending on the implementation that can be DB-API
exceptions, LDAP exceptions, or anything else which would mean that
people using this API will end up have to use a bare try/except.
Wichert Akkerman <wich...@wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Repoze-dev mailing list