core.security.rules¶
Module Contents¶
Functions¶
|
This catch-all rule returns the default permission rule. It says |
|
This permission rule matches all logged in identities. It requires |
|
HTTP errors may be viewed by anyone, regardeless of settings. |
|
Cronjobs are run anonymously from a thread and need to be excluded |
- core.security.rules.has_permission_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: object, permission: object) bool[source]¶
This catch-all rule returns the default permission rule. It says that the permission must be part of the anonymous rule.
Models with an ‘access’ property set to ‘secret’ are prohibited from being viewed by anonymous users.
- core.security.rules.has_permission_logged_in(app: onegov.core.framework.Framework, identity: onegov.core.types.HasRole, model: object, permission: object) bool[source]¶
This permission rule matches all logged in identities. It requires the identity to have a ‘role’ attribute. Said role attribute is used to determine if the given permission is part of the given role.
- core.security.rules.may_view_http_errors_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: webob.exc.HTTPException, permission: type[onegov.core.security.Public]) Literal[True][source]¶
HTTP errors may be viewed by anyone, regardeless of settings.
This is important, otherwise the HTTPForbidden/HTTPNotFound views will lead to an exception if the user does not have the
Publicpermission.
- core.security.rules.may_view_cronjobs_not_logged_in(app: onegov.core.framework.Framework, identity: None, model: onegov.core.cronjobs.Job[Any], permission: type[onegov.core.security.Public]) Literal[True][source]¶
Cronjobs are run anonymously from a thread and need to be excluded from the permission rules as a result.
