Fork me on GitHub

GlossaryΒΆ

authentication policy
The API which determines the current principal (or principals) associated with a request.
authorization policy
The API which determines whether or not the principals associated with the request can perform an action associated with a permission.
context
A resource in the resource tree that is found during traversal. A context resource often has security information attached to it.
group
An alias for principal which is more commonly used in the context of group-level security.
permission
A string or unicode object that represents an action being taken against a context resource. A permission is associated with a view by the developer. Example permissions might be “read”, “edit”, or “view_blog_entries”.
principal
A principal is a string or unicode object representing a userid or a group id. It is provided by an authentication policy. For example, if a user had the user id “bob”, and Bob was part of two groups named “group foo” and “group bar”, the request might have information attached to it that would indicate that Bob was represented by three principals: “bob”, “group foo” and “group bar”.
Pyramid
A web framework.
request
An object that represents an HTTP request.
resource
An object representing a node in the resource tree of an application.
resource tree
A nested set of dictionary-like objects, each of which is a resource. The act of traversal uses the resource tree to find a context resource.
root factory
The “root factory” is called on every request sent to the application. The root factory returns the traversal root of an application. It is possible to define a default root factory, as well as factories per-route when using URL Dispatch.
router
The WSGI application created when you start a Pyramid application. The router intercepts requests, invokes traversal and/or URL dispatch, calls view functions, and returns responses to the WSGI server on behalf of your Pyramid application.
traversal
The act of descending “up” a tree of resource objects from a root resource in order to find a context resource.
WSGI
Web Server Gateway Interface. This is a Python standard for connecting web applications to web servers, similar to the concept of Java Servlets. Pyramid requires that your application be served as a WSGI application.

Previous topic

Object-Level Security

Next topic

Full Application