A few typos and syntax error fixes in the secure documentation.
This commit is contained in:
Ryan Petrello
@@ -107,38 +107,40 @@ More on ``secure``
|
|||||||
----------------
|
----------------
|
||||||
The ``secure`` method has several advanced uses that allow you to create robust security policies for your application.
|
The ``secure`` method has several advanced uses that allow you to create robust security policies for your application.
|
||||||
|
|
||||||
First, you can pass via a string the name of either a classmethod or an instance method of the controller to use as the ``check_permission`` method. Instance methods are particularly useful if you wish to authorize access to attriubutes of a particular model instance. Consider the following example of a basic virtual filesystem: ::
|
First, you can pass via a string the name of either a classmethod or an instance method of the controller to use as the
|
||||||
|
``check_permission`` method. Instance methods are particularly useful if you wish to authorize access to attributes
|
||||||
|
of a particular model instance. Consider the following example of a basic virtual filesystem::
|
||||||
|
|
||||||
from pecan import expose
|
from pecan import expose
|
||||||
from pecan.secure import secure
|
from pecan.secure import secure
|
||||||
|
|
||||||
from myapp.session import get_current_user
|
from myapp.session import get_current_user
|
||||||
from myapp.model import FileObject
|
from myapp.model import FileObject
|
||||||
|
|
||||||
class FileController(object):
|
class FileController(object):
|
||||||
def __init__(self, name):
|
def __init__(self, name):
|
||||||
self.file_object = FileObject(name)
|
self.file_object = FileObject(name)
|
||||||
|
|
||||||
def read_access(self):
|
def read_access(self):
|
||||||
self.file_object.read_access(get_current_user())
|
self.file_object.read_access(get_current_user())
|
||||||
|
|
||||||
def write_access(self):
|
def write_access(self):
|
||||||
self.file_object.write_access(get_current_user())
|
self.file_object.write_access(get_current_user())
|
||||||
|
|
||||||
@secure('write_access')
|
@secure('write_access')
|
||||||
@expose()
|
@expose()
|
||||||
def upload_file(self):
|
def upload_file(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@secure('read_access')
|
@secure('read_access')
|
||||||
@expose()
|
@expose()
|
||||||
def download_file(self):
|
def download_file(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
class RootController(object):
|
class RootController(object):
|
||||||
@expose()
|
@expose()
|
||||||
def _lookup(self, name, *remainder):
|
def _lookup(self, name, *remainder):
|
||||||
return FileController(name), *remainder
|
return FileController(name), remainder
|
||||||
|
|
||||||
|
|
||||||
The ``secure`` method also accepts a function instead of a string. When passing a function, make sure that the function is imported from another file or defined in the same file before the class definition -- otherwise you will likely get error during module import. ::
|
The ``secure`` method also accepts a function instead of a string. When passing a function, make sure that the function is imported from another file or defined in the same file before the class definition -- otherwise you will likely get error during module import. ::
|
||||||
@@ -155,12 +157,14 @@ The ``secure`` method also accepts a function instead of a string. When passing
|
|||||||
return 'Logged in'
|
return 'Logged in'
|
||||||
|
|
||||||
|
|
||||||
You can also use the ``secure`` method to change the behavior of a SecureController. Decorating a method or wrapping a subcontroller tells Pecan to use another security function other than the default controller method. This is useful for situations where you want a different level or type of security. ::
|
You can also use the ``secure`` method to change the behavior of a SecureController. Decorating a method or wrapping a subcontroller tells Pecan to use another security function other than the default controller method. This is useful for situations where you want a different level or type of security.
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
from pecan import expose
|
from pecan import expose
|
||||||
from pecan.secure import SecureController, secure
|
from pecan.secure import SecureController, secure
|
||||||
|
|
||||||
from myapp.auth import user_authenticated, api_autheniticated
|
from myapp.auth import user_authenticated, admin_user
|
||||||
|
|
||||||
class ApiController(object):
|
class ApiController(object):
|
||||||
pass
|
pass
|
||||||
@@ -170,7 +174,7 @@ You can also use the ``secure`` method to change the behavior of a SecureControl
|
|||||||
def check_permissions(cls):
|
def check_permissions(cls):
|
||||||
return user_authenticated()
|
return user_authenticated()
|
||||||
|
|
||||||
@classmethid
|
@classmethod
|
||||||
def check_api_permissions(cls):
|
def check_api_permissions(cls):
|
||||||
return admin_user()
|
return admin_user()
|
||||||
|
|
||||||
@@ -178,16 +182,16 @@ You can also use the ``secure`` method to change the behavior of a SecureControl
|
|||||||
def index(self):
|
def index(self):
|
||||||
return 'logged in user'
|
return 'logged in user'
|
||||||
|
|
||||||
api = secure(ApiController(), 'check_admin')
|
api = secure(ApiController(), 'check_api_permissions')
|
||||||
|
|
||||||
In the example above, pecan will *only* call ``check_api_permissions`` when a request is made for ``/api/``.
|
In the example above, pecan will *only* call ``admin_user`` when a request is made for ``/api/``.
|
||||||
|
|
||||||
Multiple Secure Controllers
|
Multiple Secure Controllers
|
||||||
---------------------------
|
---------------------------
|
||||||
Pecan allows you to have nested secure controllers. In the example below, when a request is made for ``/admin/index/``, Pecan first calls ``check_permissions`` on the RootController and then calls ``check_permissions`` on the AdminController. The ability to nest ``SsecureController`` instances allows you to protect controllers with an increasing level of protection. ::
|
Pecan allows you to have nested secure controllers. In the example below, when a request is made for ``/admin/index/``, Pecan first calls ``check_permissions`` on the RootController and then calls ``check_permissions`` on the AdminController. The ability to nest ``SsecureController`` instances allows you to protect controllers with an increasing level of protection. ::
|
||||||
|
|
||||||
from pecan import expose
|
from pecan import expose
|
||||||
from pecan.secure import SecureController, secure
|
from pecan.secure import SecureController
|
||||||
|
|
||||||
from myapp.auth import user_logged_in, is_admin
|
from myapp.auth import user_logged_in, is_admin
|
||||||
|
|
||||||
@@ -200,7 +204,7 @@ Pecan allows you to have nested secure controllers. In the example below, when a
|
|||||||
def index(self):
|
def index(self):
|
||||||
return 'admin dashboard'
|
return 'admin dashboard'
|
||||||
|
|
||||||
class RootController(SecureController():
|
class RootController(SecureController):
|
||||||
@classmethod
|
@classmethod
|
||||||
def check_permissions(cls):
|
def check_permissions(cls):
|
||||||
return user_logged_in
|
return user_logged_in
|
||||||
|
|||||||
Reference in New Issue
Block a user