Merge "Update usage documentation"
This commit is contained in:
commit
5bd5f34b59
|
@ -52,6 +52,11 @@ benefits.
|
||||||
policies used are registered. The signature of Enforcer.authorize matches
|
policies used are registered. The signature of Enforcer.authorize matches
|
||||||
Enforcer.enforce.
|
Enforcer.enforce.
|
||||||
|
|
||||||
|
* Projects can register policies as `DocumentedRuleDefault` objects, which
|
||||||
|
require a method and path of the corresponding policy. This helps policy
|
||||||
|
readers understand which path maps to a particular policy ultimately
|
||||||
|
providing better documentation.
|
||||||
|
|
||||||
* A sample policy file can be generated based on the registered policies
|
* A sample policy file can be generated based on the registered policies
|
||||||
rather than needing to manually maintain one.
|
rather than needing to manually maintain one.
|
||||||
|
|
||||||
|
@ -83,6 +88,27 @@ How to register
|
||||||
'rule:admin_required',
|
'rule:admin_required',
|
||||||
description='helpful text'))
|
description='helpful text'))
|
||||||
|
|
||||||
|
To provide more information about the policy, use the `DocumentedRuleDefault`
|
||||||
|
class::
|
||||||
|
|
||||||
|
enforcer.register_default(
|
||||||
|
policy.DocumentedRuleDefault(
|
||||||
|
'identity:create_region',
|
||||||
|
'rule:admin_required',
|
||||||
|
'helpful text',
|
||||||
|
[{'path': '/regions/{region_id}', 'method': 'POST'}]
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
The `DocumentedRuleDefault` class inherits from the `RuleDefault`
|
||||||
|
implementation, but it must be supplied with the `description` attribute in
|
||||||
|
order to be used. In addition, the `DocumentedRuleDefault` class requires a new
|
||||||
|
`operations` attributes that is a list of dictionaries. Each dictionary must
|
||||||
|
have a `path` and a `method` key. The `path` should map to the path used to
|
||||||
|
interact with the resource the policy protects. The `method` should be the HTTP
|
||||||
|
verb corresponding to the `path`. The list of `operations` can be supplied with
|
||||||
|
multiple dictionaries if the policy is used to protect multiple paths.
|
||||||
|
|
||||||
Sample file generation
|
Sample file generation
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue