Request flow¶
The publisher asks the PluggableAuthService to validate the user’s access to a given object:
groups.validate( request, auth, roles )
PluggableAuthService polls its authentication plugins in order, asking each in turn for a user:
for id, plugin in self.listAuthenticationPlugins(): try: user = plugin( request, auth ) except Unauthorized: self.dispatchChallenge( request ) else: user.setAuthenticationSource( id ) break else: user = self.createAnonymousUser()
PluggableAuthService allows each of its decorator plugins to annotate the user:
for id, plugin in self.listDecoratorPlugins(): known, schema, data = plugin( user ) if known: sheet = UserPropertySheet( id, schema, **data ) user.addPropertySheet( id, sheet )
PluggableAuthService allows each of its group plugins to assert groups for the user:
for id, plugin in self.listGroupPlugins(): groups = plugin( user ) user.addGroups( groups )
PluggableAuthService returns the annotated / group-ified user to the publisher.