core.security.rules

Functions

has_permission_not_logged_in(→ bool)

This catch-all rule returns the default permission rule. It says

has_permission_logged_in(→ bool)

This permission rule matches all logged in identities. It requires

may_view_http_errors_not_logged_in(→ Literal[True])

HTTP errors may be viewed by anyone, regardeless of settings.

may_view_cronjobs_not_logged_in(→ Literal[True])

Cronjobs are run anonymously from a thread and need to be excluded

Module Contents

core.security.rules.has_permission_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: object, permission: object) bool[source]

This catch-all rule returns the default permission rule. It says that the permission must be part of the anonymous rule.

Models with an ‘access’ property set to ‘secret’ are prohibited from being viewed by anonymous users.

core.security.rules.has_permission_logged_in(app: onegov.core.framework.Framework, identity: onegov.core.types.HasRole, model: object, permission: object) bool[source]

This permission rule matches all logged in identities. It requires the identity to have a ‘role’ attribute. Said role attribute is used to determine if the given permission is part of the given role.

core.security.rules.may_view_http_errors_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: webob.exc.HTTPException, permission: type[onegov.core.security.Public]) Literal[True][source]

HTTP errors may be viewed by anyone, regardeless of settings.

This is important, otherwise the HTTPForbidden/HTTPNotFound views will lead to an exception if the user does not have the Public permission.

core.security.rules.may_view_cronjobs_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: onegov.core.cronjobs.Job[Any], permission: type[onegov.core.security.Public]) Literal[True][source]

Cronjobs are run anonymously from a thread and need to be excluded from the permission rules as a result.