Previously Chris McDonough wrote: > def remember(self, principal, token): > """ Return a set of headers suitable for 'remembering' the > principal on subsequent requests """ > > def forget(): > """ Return a set of headers suitable for 'forgetting' the > current user on subsequent requests"""
It would be nice if there was also a handy utility function to apply those headers to a response. I suspect that code is often repeated now. > class IAuthorizationPolicy(Interface): > """ An adapter on context """ > def permits(self, principals, permission): > """ Return True if any of the principals is allowed the > permission in the current context, else return False """ > > def principals_allowed_by_permission(self, permission): > """ Return a set of principal identifiers allowed by the permission > """ There are situations where principals_allowed_by_permission may not be possible, or at least very expensive. In LDAP/AD environments for example getting a list of all principles is often not doable. This should be reflected in the API somehow. Perhaps allow for principals_allowed_by_permission to return a value indicating it is not willing to support this? The same holds for the version in ISecurityPolicy. I wonder if we should also set the exceptions that can be thrown by those routines. Depending on the implementation that can be DB-API exceptions, LDAP exceptions, or anything else which would mean that people using this API will end up have to use a bare try/except. Wichert. -- Wichert Akkerman <wich...@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
