B `UA@sjddlmZddlmZmZddlmZmZmZm Z m Z m Z ddl m Z dZddZdd Zd d Zd d Zed dd.ddZGdddeZGdddeZGdddeZGdddZGdddZee GdddZdZdZd Zd!ZGd"d#d#ZeZ eee fZ!Gd$d%d%eZ"Gd&d'd'e"eZ#Gd(d)d)e"eZ$x d*D]Z%ee%d+j&e%d,qJWd-S)/) deprecated) implementer providedBy)IAuthenticationPolicyIAuthorizationPolicy ISecuredViewISecurityPolicyIViewIViewClassifier)get_current_registryZ__no_permission_required__cCs |jtS)N)registry queryUtilityr)requestrX/home/kop/projects/devel/pgwui/test_venv/lib/python3.7/site-packages/pyramid/security.py_get_security_policysrcKs$t|}|dkrgS|j||f|S)a Returns a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``) on this request's response. These headers are suitable for 'remembering' a set of credentials implied by the data passed as ``userid`` and ``*kw`` using the current :term:`security policy`. Common usage might look like so within the body of a view function (``response`` is assumed to be a :term:`WebOb` -style :term:`response` object computed previously by the view code): .. code-block:: python from pyramid.security import remember headers = remember(request, 'chrism', password='123', max_age='86400') response = request.response response.headerlist.extend(headers) return response If no :term:`security policy` is in use, this function will always return an empty sequence. If used, the composition and meaning of ``**kw`` must be agreed upon by the calling code and the effective security policy. .. versionchanged:: 1.6 Deprecated the ``principal`` argument in favor of ``userid`` to clarify its relationship to the security policy. .. versionchanged:: 1.10 Removed the deprecated ``principal`` argument. N)rremember)ruseridkwpolicyrrrrsrcKs"t|}|dkrgS|j|f|S)a Return a sequence of header tuples (e.g. ``[('Set-Cookie', 'foo=abc')]``) suitable for 'forgetting' the set of credentials possessed by the currently authenticated user. A common usage might look like so within the body of a view function (``response`` is assumed to be an :term:`WebOb` -style :term:`response` object computed previously by the view code): .. code-block:: python from pyramid.security import forget headers = forget(request) response.headerlist.extend(headers) return response If no :term:`security policy` is in use, this function will always return an empty sequence. N)rforget)rrrrrrr:srcCs6t}|t}|dkr*ddlm}|gS|||S)a .. deprecated:: 2.0 The new security policy has removed the concept of principals. See :ref:`upgrading_auth_20` for more information. Provided a ``context`` (a resource object), and a ``permission`` string, if an :term:`authorization policy` is in effect, return a sequence of :term:`principal` ids that possess the permission in the ``context``. If no authorization policy is in effect, this will return a sequence with the single value :mod:`pyramid.authorization.Everyone` (the special principal identifier representing all principals). .. note:: Even if an :term:`authorization policy` is in effect, some (exotic) authorization policies may not implement the required machinery for this function; those will cause a :exc:`NotImplementedError` exception to be raised when this function is invoked. Nr)Everyone)r r rpyramid.authorizationr principals_allowed_by_permission)context permissionregrrrrrrSs   rzThe new security policy has removed the concept of principals. See "Upgrading Authentication/Authorization" in "What's New in Pyramid 2.0" of the documentation for more information.cCsv|j}tgdd||fD}|jj|t|d}|dkrj|jj|t|d}|dkrZtdtd||fS|||S)aIf the view specified by ``context`` and ``name`` is protected by a :term:`permission`, check the permission associated with the view using the effective authentication/authorization policies and the ``request``. Return a boolean result. If no :term:`security policy` is in effect, or if the view is not protected by a permission, return ``True``. If no view can view found, an exception will be raised. .. versionchanged:: 1.4a4 An exception is raised if no view is found. cSsg|] }t|qSr)r).0xrrr sz,view_execution_permitted..)nameNzyNo registered view satisfies the constraints. It would not make sense to claim that this view "is" or "is not" permitted.z;Allowed: view name %r in context %r (no permission defined)) r r adapterslookuprr TypeErrorAllowedZ __permitted__)rrr!rprovidesviewrrrview_execution_permitted|s  r(c@s0eZdZddZeddZddZddZd S) PermitsResultcGst||j}||_||_|S)z Create a new instance. :param fmt: A format string explaining the reason for denial. :param args: Arguments are stored and used with the format string to generate the ``msg``. )int__new__boolvalsargs)clsr-r.instrrrr+s zPermitsResult.__new__cCs |j|jS)z2 A string indicating why the result was generated.)r-r.)selfrrrmsgszPermitsResult.msgcCs|jS)N)r2)r1rrr__str__szPermitsResult.__str__cCsd|jjt||jfS)Nz<%s instance at %s with msg %r>) __class____name__idr2)r1rrr__repr__szPermitsResult.__repr__N)r5 __module__ __qualname__r+propertyr2r3r7rrrrr)s r)c@seZdZdZdZdS)Denieda# An instance of ``Denied`` is returned when a security-related API or other :app:`Pyramid` code denies an action unrelated to an ACL check. It evaluates equal to all boolean false types. It has an attribute named ``msg`` describing the circumstances for the deny. rN)r5r8r9__doc__r,rrrrr;sr;c@seZdZdZdZdS)r%a$ An instance of ``Allowed`` is returned when a security-related API or other :app:`Pyramid` code allows an action unrelated to an ACL check. It evaluates equal to all boolean true types. It has an attribute named ``msg`` describing the circumstances for the allow. N)r5r8r9r<r,rrrrr%sr%c@s>eZdZdZeddZeddZeddZd d d ZdS) SecurityAPIMixinz< Mixin for Request class providing auth-related properties. cCst|}|dkrdS||S)z Return an opaque object identifying the current user or ``None`` if no user is authenticated or there is no :term:`security policy` in effect. N)ridentity)r1rrrrr?szSecurityAPIMixin.identitycCst|}|dkrdS||S)av Return the :term:`userid` of the currently authenticated user or ``None`` if there is no :term:`security policy` in effect or there is no currently authenticated user. .. versionchanged:: 2.0 This property delegates to the effective :term:`security policy`, ignoring old-style :term:`authentication policy`. N)rauthenticated_userid)r1rrrrr@s z%SecurityAPIMixin.authenticated_useridcCs |jdk S)zs   r>c@s<eZdZdZeddZeedZeddZeedZdS) AuthenticationAPIMixinz= Mixin for Request class providing compatibility properties. cCs<t|}|dkrdSt|tr2||}||S||S)a .. deprecated:: 2.0 ``unauthenticated_userid`` does not have an equivalent in the new security system. Use :attr:`.authenticated_userid` or :attr:`.identity` instead. See :ref:`upgrading_auth_20` for more information. Return an object which represents the *claimed* (not verified) user id of the credentials present in the request. ``None`` if there is no :term:`authentication policy` in effect or there is no user data associated with the current request. This differs from :attr:`~pyramid.request.Request.authenticated_userid`, because the effective authentication policy will not ensure that a record associated with the userid exists in persistent storage. N)r isinstanceLegacySecurityPolicy_get_authn_policyunauthenticated_useridr@)r1securityauthnrrrrHs   z-AuthenticationAPIMixin.unauthenticated_useridzThe new security policy has deprecated unauthenticated_userid. See "Upgrading Authentication/Authorization" in "What's New in Pyramid 2.0" of the documentation for more information.cCs@ddlm}t|}|dk r:t|tr:||}||S|gS)a .. deprecated:: 2.0 The new security policy has removed the concept of principals. See :ref:`upgrading_auth_20` for more information. Return the list of 'effective' :term:`principal` identifiers for the ``request``. If no :term:`authentication policy` is in effect, this will return a one-element list containing the :data:`pyramid.authorization.Everyone` principal. r)rN)rrrrErFrGeffective_principals)r1rrIrJrrrrK?s    z+AuthenticationAPIMixin.effective_principalszThe new security policy has deprecated effective_principals. See "Upgrading Authentication/Authorization" in "What's New in Pyramid 2.0" of the documentation for more information.N)r5r8r9r<r:rHrrKrrrrrDs  rDc@sHeZdZdZddZddZddZdd Zd d Zd d Z ddZ dS)rFz A :term:`security policy` which provides a backwards compatibility shim for the :term:`authentication policy` and the :term:`authorization policy`. cCs |jtS)N)r getUtilityr)r1rrrrrGgsz&LegacySecurityPolicy._get_authn_policycCs |jtS)N)r rLr)r1rrrr_get_authz_policyjsz&LegacySecurityPolicy._get_authz_policycCs ||S)N)r@)r1rrrrr?mszLegacySecurityPolicy.identitycCs||}||S)N)rGr@)r1rrJrrrr@ps z)LegacySecurityPolicy.authenticated_useridcKs||}|j||f|S)N)rGr)r1rrrrJrrrrts zLegacySecurityPolicy.remembercKs |r td||}||S)NzLLegacy authentication policies do not support keyword arguments for `forget`) ValueErrorrGr)r1rrrJrrrrxs  zLegacySecurityPolicy.forgetcCs,||}||}||}||||S)N)rGrMrKrB)r1rrrrJZauthz principalsrrrrBs   zLegacySecurityPolicy.permitsN) r5r8r9r<rGrMr?r@rrrBrrrrrF_s rFzsystem.Everyonezsystem.AuthenticatedAllowDenyc@s(eZdZdZddZddZddZdS) AllPermissionsListz9 Stand in 'permission list' to represent all permissions cCstdS)Nr)iter)r1rrr__iter__szAllPermissionsList.__iter__cCsdS)NTr)r1otherrrr __contains__szAllPermissionsList.__contains__cCs t||jS)N)rEr4)r1rUrrr__eq__szAllPermissionsList.__eq__N)r5r8r9r<rTrVrWrrrrrRsrRc@seZdZddZdS)ACLPermitsResultc Cs@d}t|||j|||||}||_||_||_||_||_|S)a Create a new instance. :param ace: The :term:`ACE` that matched, triggering the result. :param acl: The :term:`ACL` containing ``ace``. :param permission: The required :term:`permission`. :param principals: The list of :term:`principals ` provided. :param context: The :term:`context` providing the :term:`lineage` searched. zE%s permission %r via ACE %r in ACL %r on context %r for principals %r)r)r+r5raceaclrOr)r/rYrZrrOrfmtr0rrrr+s zACLPermitsResult.__new__N)r5r8r9r+rrrrrXsrXc@seZdZdZdS) ACLDenieda8 An instance of ``ACLDenied`` is a specialization of :class:`pyramid.security.Denied` that represents that a security check made explicitly against ACL was denied. It evaluates equal to all boolean false types. It also has the following attributes: ``acl``, ``ace``, ``permission``, ``principals``, and ``context``. These attributes indicate the security values involved in the request. Its ``__str__`` method prints a summary of these attributes for debugging purposes. The same summary is available as the ``msg`` attribute. N)r5r8r9r<rrrrr\s r\c@seZdZdZdS) ACLAlloweda: An instance of ``ACLAllowed`` is a specialization of :class:`pyramid.security.Allowed` that represents that a security check made explicitly against ACL was allowed. It evaluates equal to all boolean true types. It also has the following attributes: ``acl``, ``ace``, ``permission``, ``principals``, and ``context``. These attributes indicate the security values involved in the request. Its ``__str__`` method prints a summary of these attributes for debugging purposes. The same summary is available as the ``msg`` attribute. N)r5r8r9r<rrrrr]s r]) ALL_PERMISSIONSDENY_ALLr]r\rRrP AuthenticatedrQrzl"pyramid.security.{attr}" is deprecated in Pyramid 2.0. Adjust your import to "pyramid.authorization.{attr}")attrN)r)'Zzope.deprecationrZzope.interfacerrZpyramid.interfacesrrrrr r Zpyramid.threadlocalr ZNO_PERMISSION_REQUIREDrrrrr(r*r)r;r%r>rDrFrr`rPrQrRr^r_rXr\r]raformatrrrrsD   %! !  BG)