-
Notifications
You must be signed in to change notification settings - Fork 887
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Request.is_authenticated and is_authenticated predicate #3598
Add Request.is_authenticated and is_authenticated predicate #3598
Conversation
@merwok fyi, thanks for the offer to update What's New, but it is easier to do a single copy-pasta job at release time. See https://github.com/Pylons/pyramid/blob/master/RELEASING.txt#L49-L58 for process. |
This comment has been minimized.
This comment has been minimized.
They have the same view weighting but because they are properly mutually exclusive, the correct one will be selected for each request. This configuration will work. There could definitely be issues with effective_principals because you could setup configurations that were not mutually exclusive. For example |
This comment has been minimized.
This comment has been minimized.
28b4471
to
363b54c
Compare
docs/narr/viewconfig.rst
Outdated
specified and is ``True``, the request must be for an authenticated user, | ||
as determined by the :term:`security policy` in use. If it is specified and | ||
``False``, the associated view callable will match only if the request does | ||
not have an authenticated user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it is specified and its value is ``True``, only a request from an
authenticated user, as determined by the :term:`security policy`
in use, will satisfy this predicate.
If it is specified and its value is ``False``, only a request from
a user who is not authenticated will satisfy this predicate.
The is_authenticated
predicate is applicable to both routes and views, and this version makes it copy-pasteable into route config. I like less maintenance!
Also I don't think it is correct to say that a "view callable will match", but maybe "predicate will match" or "predicate is satisfied". I took a shot at it, but maybe @mmerickel can wordsmith it better. Whatever is correct in Pyramid terminology.
The sentences should be merged into one paragraph. I put them separately for easier comprehension.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, that should have been the view config will match
! (not correct to say the view callable will be invoked
, there are other predicates) (edit: but the other predicate docs do say that 🙁)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have kept the doc as it was (not copy-pastable between route and view doc), to follow the existing style.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the predicate docs are suboptimal. There's an open issue that describes the current state, identifies the problems, and offers suggestions to improve the situation. I'd appreciate input on the best direction forward, then I'll create a PR for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’m not sure about my wording the view config will match
, it seems a little imprecise.
(the route will match
feels correct, if a little dry — maybe route definition
?)
I agree now that the predicate will match
is simple, correct and reusable so I will edit the new docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great. No major changes, just a few little things.
cf34271
to
46c8308
Compare
46c8308
to
70a23ba
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work, thank you @merwok. I'm gonna wait for @stevepiercy since he also marked the PR for changes, but things look good to me.
Oh also let me validate the whole thing with a tiny app! (can only trust unit tests so far) |
I have added a bunch of routes and views to a minimal app and it looks good. Pythondef hello_world(request):
return Response("Hello World!")
def hello_member(request):
return Response("For members only.")
def hello_stranger(request):
return Response("You are not authenticated :)")
def includeme(config):
config.add_route("members-only", "/cool-zone", is_authenticated=True)
config.add_view(hello_member, route_name="members-only")
config.add_route("home", "/home")
config.add_route("welcome", "/home", is_authenticated=False)
config.add_view(hello_member, route_name="home")
config.add_view(hello_stranger, route_name="welcome")
config.add_route("history", "/history")
config.add_view(hello_stranger, route_name="history")
config.add_view(hello_member, route_name="history", is_authenticated=True)
config.add_route("profile", "/profile")
config.add_view(hello_stranger, route_name="profile", is_authenticated=False)
config.add_view(hello_member, route_name="profile", is_authenticated=True) proutes
pviews
I saw the expected text when opening the URLs with and without security policy (a simple class with 7 lines that permits everything)! I also deleted the original IsAuthenticated predicate in my project, installed this Pyramid branch and my tests all pass. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm OK with the changes as is, but would like both @merwok and @mmerickel thoughts on my comments about multiple predicates.
Co-Authored-By: Steve Piercy
@mmerickel this is ready! |
\o/ this is great, thank you @merwok! |
Fixes #1602