On 4/25/10 5:25 PM, Wichert Akkerman wrote:
> On 2010-4-24 19:49, Chris McDonough wrote:
>> Even better, just leave the authentication policy registrations out of ZCML
>> altogether and always pass the authentication and authorization policies to 
>> the
>> Configurator constructor instead:
>> config = Configurator(authentication_policy=..., authorization_policy=...)
> FWIW several times it would have been useful for me if there was an API
> to set the auth policies after creating the configurator instead of
> having to specify them at construction time. A common scenerio is that I
> have a function which does the application setup which calls various
> other functions to configure specific parts such as i18n/l18n, URLs,
> etc. by calling them with the Configurator instance as parameter. At the
> moment the API does not allow that for auth policies.

There's a relationship between the authentication policy and authorization 
policy (authorization depends on authentication) that makes writing a good 
docstring for this API a bit tortured. For example:

     def set_security_policies(self, authentication, authorization=None):

         Add a pair of *security policy* (authentication and
         authorization policy) objects to the configuration.

         ``authentication`` must be an instance of an
         :term:`authentication policy`.  This argument is required.

         If ``authorization`` is provided, it must be an instance of an
         :term:`authorization policy`.  This argument is optional.  If
         an ``authorization`` argument is not passed or it is ``None``,
         an :class:`repoze.bfg.authorization.ACLAuthorizationPolicy`
         will be used as the authorization policy.

         .. warning:: This API is destructive, not additive. In
            particular, it will always register a new authorization
            policy (which will override any existing authorization
            policy) even if the ``authorization`` argument is ``None``.

         will override both the ``authentication_policy`` and
         ``authorization_policy`` previously passed as constructor
         arguments.  It will also override any authentication and
         authorization policies picked up via
         if authorization is None:
             authorization = ACLAuthorizationPolicy() # default
         if authorization and not authentication:
             raise ConfigurationError(
                 'If "authorization" is passed a value, '
                 'the "authentication" argument must also be '
                 'passed a value; authorization requires authentication.')

Anybody have a better idea?

- C
Repoze-dev mailing list

Reply via email to