On 4/25/10 5:25 PM, Wichert Akkerman wrote:
> On 2010-4-24 19:49, Chris McDonough wrote:
>> Even better, just leave the authentication policy registrations out of ZCML
>> altogether and always pass the authentication and authorization policies to
>> Configurator constructor instead:
>> config = Configurator(authentication_policy=..., authorization_policy=...)
> FWIW several times it would have been useful for me if there was an API
> to set the auth policies after creating the configurator instead of
> having to specify them at construction time. A common scenerio is that I
> have a function which does the application setup which calls various
> other functions to configure specific parts such as i18n/l18n, URLs,
> etc. by calling them with the Configurator instance as parameter. At the
> moment the API does not allow that for auth policies.
There's a relationship between the authentication policy and authorization
policy (authorization depends on authentication) that makes writing a good
docstring for this API a bit tortured. For example:
def set_security_policies(self, authentication, authorization=None):
Add a pair of *security policy* (authentication and
authorization policy) objects to the configuration.
``authentication`` must be an instance of an
:term:`authentication policy`. This argument is required.
If ``authorization`` is provided, it must be an instance of an
:term:`authorization policy`. This argument is optional. If
an ``authorization`` argument is not passed or it is ``None``,
will be used as the authorization policy.
.. warning:: This API is destructive, not additive. In
particular, it will always register a new authorization
policy (which will override any existing authorization
policy) even if the ``authorization`` argument is ``None``.
will override both the ``authentication_policy`` and
``authorization_policy`` previously passed as constructor
arguments. It will also override any authentication and
authorization policies picked up via
if authorization is None:
authorization = ACLAuthorizationPolicy() # default
if authorization and not authentication:
'If "authorization" is passed a value, '
'the "authentication" argument must also be '
'passed a value; authorization requires authentication.')
Anybody have a better idea?
Repoze-dev mailing list