Add support for Pyramid 2.x; new security policy

custom apps are still free to use pyramid 1.x new security policy is only used if config file says so
2024-04-16 09:48:29 -05:00 · 2024-04-16 09:48:29 -05:00 · 8b4b3de336
commit 8b4b3de336
parent 85d62a8e38
4 changed files with 91 additions and 14 deletions
--- a/tailbone/app.py
+++ b/tailbone/app.py
@ -2,7 +2,7 @@
 ################################################################################
 #
 #  Rattail -- Retail Software Framework
-#  Copyright © 2010-2023 Lance Edgar
+#  Copyright © 2010-2024 Lance Edgar
 #
 #  This file is part of Rattail.
 #
@ -133,8 +133,14 @@ def make_pyramid_config(settings, configure_csrf=True):
    config.registry['rattail_config'] = rattail_config

    # configure user authorization / authentication
-    config.set_authorization_policy(TailboneAuthorizationPolicy())
-    config.set_authentication_policy(SessionAuthenticationPolicy())
+    # TODO: security policy should become the default, for pyramid 2.x
+    if rattail_config.getbool('tailbone', 'pyramid.use_security_policy',
+                              usedb=False, default=False):
+        from tailbone.auth import TailboneSecurityPolicy
+        config.set_security_policy(TailboneSecurityPolicy())
+    else:
+        config.set_authorization_policy(TailboneAuthorizationPolicy())
+        config.set_authentication_policy(SessionAuthenticationPolicy())

    # maybe require CSRF token protection
    if configure_csrf: