Andriy Kornatskyy  committed ecbf1e3

Added authorization section to documentation

  • Participants
  • Parent commits f6167eb

Comments (0)

Files changed (3)

File demos/public/src/membership/web/

     def translation(self):
         return self.translations['membership']
-    @authorize(roles=['business'])
+    @authorize(roles=('business',))
     def get(self, registration=None):
         return self.render_response('membership/business-only.html')

File doc/modules.rst

+.. automodule:: wheezy.web.authorization
+   :members:

File doc/userguide.rst

             del self.principal
             return self.redirect_for('default')
+Authorization specify access rights to resources and provide access control 
+in particular to your application.
+You are able to request authorization by decorating your handler method with 
+    from wheezy.web import authorize
+    class MembersOnlyHandler(BaseHandler):
+        @authorize
+        def get(self, registration=None):
+            return response
+There is also a way to demand specific role::
+    class BusinessOnlyHandler(BaseHandler):
+        @authorize(roles=('business',))
+        def get(self, registration=None):
+            return response
+In case there are multiple roles specified in 
+:py:meth:`~wheezy.web.authorization.authorize` decorator than first match
+grant access. That means user is required to be at least in one role to pass
+this guard.
 Cross-site request forgery (CSRF or XSRF), also known as a one-click attack