l.s.w.a.LaunchpadSecurityPolicy(ParanoidSecurityPolicy) : class documentation

Part of lp.services.webapp.authorization View In Hierarchy

No class docstring
Method __init__ Undocumented
Method checkPermission Check the permission, object, user against the launchpad
Method checkUnauthenticatedPermission Check the permission and object against the Launchpad
Method _checkRequiredAccessLevel Check that the principal has the level of access required.
Method _checkPrivacy If the object is private, check that the principal can access it.
Method _getPrincipalsAccessLevel Get the principal's access level for the given object.
Method _baseCheckPermission Check the permission, object, user against the launchpad
def __init__(self, *participations):
Undocumented
def _checkRequiredAccessLevel(self, access_level, permission, object):
Check that the principal has the level of access required.

Each permission specifies the level of access it requires (read or write) and all LaunchpadPrincipals have an access_level attribute. If the principal's access_level is not sufficient for that permission, returns False.

def _checkPrivacy(self, access_level, object):
If the object is private, check that the principal can access it.

If the object is private and the principal's access level doesn't give access to private objects, return False. Return True otherwise.

def _getPrincipalsAccessLevel(self, principal, object):
Get the principal's access level for the given object.

If the principal's scope is None or the object is within the principal's scope, the original access level is returned. Otherwise the access level is READ_PUBLIC.

def _baseCheckPermission(self, permission, object, cache_key, principal=None):
Check the permission, object, user against the launchpad
authorization policy.

If the object is a view, then consider the object to be the view's
context.

Workflow:
- If the principal is not None and its access level is not what is
  required by the permission, deny.
- If the object to authorize is private and the principal has no
  access to private objects, deny.
- If we have zope.Public, allow.  (But we shouldn't ever get this.)
- If we have launchpad.AnyPerson and the principal is an
  ILaunchpadPrincipal then allow.
- If the object has an IAuthorization named adapter, named
  after the permission, use that to check the permission.
- Otherwise, deny.
@block_implicit_flushes
def checkPermission(self, permission, object):
Check the permission, object, user against the launchpad authorization policy.
@block_implicit_flushes
def checkUnauthenticatedPermission(self, permission, object):
Check the permission and object against the Launchpad authorization policy for an unauthenticated principal.

This is similar to checkPermission, but can be used to check the baseline permissions that are available even without authentication.

API Documentation for Launchpad, generated by pydoctor at 2018-02-24 00:00:04.