tet.security.authorization module

Custom authorization policy with request access for Tet applications.

This module provides an authorization policy interface that includes the request object, allowing authorization decisions based on request data. It is included automatically when using the security.authorization feature.

The standard Pyramid authorization policy only receives context, principals, and permission. This module wraps policies implementing INewAuthorizationPolicy to also provide the request.

Example

Implementing a custom authorization policy:

from zope.interface import implementer
from tet.security.authorization import INewAuthorizationPolicy

@implementer(INewAuthorizationPolicy)
class MyAuthorizationPolicy:
    def permits(self, request, context, principals, permission):
        # Access request data for authorization decisions
        if request.matched_route.name == "admin":
            return "admin" in principals
        return permission in principals

    def principals_allowed_by_permission(self, request, context, permission):
        raise NotImplementedError()

Using the policy:

from tet.config import application_factory

@application_factory(included_features=["security.authorization"])
def main(config):
    config.set_authorization_policy(MyAuthorizationPolicy())
    config.scan()