Commits

Andriy Kornatskyy  committed ecbf1e3

Added authorization section to documentation

  • Participants
  • Parent commits f6167eb

Comments (0)

Files changed (3)

File demos/public/src/membership/web/views.py

     def translation(self):
         return self.translations['membership']
 
-    @authorize(roles=['business'])
+    @authorize(roles=('business',))
     def get(self, registration=None):
         return self.render_response('membership/business-only.html')

File doc/modules.rst

 Modules
 =======
 
+wheezy.web.authorization
+------------------------
+
+.. automodule:: wheezy.web.authorization
+   :members:
+
 wheezy.web.caching
 ------------------
 

File doc/userguide.rst

             del self.principal
             return self.redirect_for('default')
 
+Authorization
+^^^^^^^^^^^^^
+
+Authorization specify access rights to resources and provide access control 
+in particular to your application.
+
+You are able to request authorization by decorating your handler method with 
+:py:meth:`~wheezy.web.authorization.authorize`::
+
+    from wheezy.web import authorize
+    
+    class MembersOnlyHandler(BaseHandler):
+
+        @authorize
+        def get(self, registration=None):
+            return response
+
+There is also a way to demand specific role::
+
+    class BusinessOnlyHandler(BaseHandler):
+
+        @authorize(roles=('business',))
+        def get(self, registration=None):
+            return response
+
+In case there are multiple roles specified in 
+:py:meth:`~wheezy.web.authorization.authorize` decorator than first match
+grant access. That means user is required to be at least in one role to pass
+this guard.
+
 XSRF/Resubmission
 ^^^^^^^^^^^^^^^^^
 Cross-site request forgery (CSRF or XSRF), also known as a one-click attack