From f4a9232eef3497b31117efffe83ff27b8a417401 Mon Sep 17 00:00:00 2001 From: Andrew Svetlov Date: Thu, 26 Nov 2015 14:09:01 +0200 Subject: [PATCH] Add couple sentences to the doc --- docs/example.rst | 2 +- docs/usage.rst | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/example.rst b/docs/example.rst index eb88231..9a29c8d 100644 --- a/docs/example.rst +++ b/docs/example.rst @@ -43,7 +43,7 @@ How to Make a Simple Server With Authorization def init(loop): # set up identity and auth auth_policy = DictionaryAuthorizationPolicy({'me': ('view_user',), - 'you': ('view_user', + 'you': ('view_user', 'edit_user',)}) identity_policy = CookieIdentityPolicy() auth = authorization_middleware(auth_policy, identity_policy) diff --git a/docs/usage.rst b/docs/usage.rst index 62d9ccf..471e879 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -8,17 +8,28 @@ .. currentmodule:: aiohttp_security .. highlight:: python -The library is build on top of two policies: :term:`authentication` -and :term:`authorization` and public API. -API is policy agnostic, all client code should not call policy code -directly but use API only. +First of all, what is *aiohttp_security* about? + +It is a set of public API functions and standard for implementation details. + +API is implementation agnostic, all client code should not call policy +code (see below) directly but use API only. Via API application can remember/forget user in local session (:func:`remember`/:func:`forget`), retrieve :term:`userid` (:func:`authorized_userid`) and check :term:`permission` for remembered user (:func:`permits`). +The library internals are built on top of two policies: +:term:`authentication` and :term:`authorization`. There are abstract +base classes for both concepts as well as several implementations +shipped with the library. End user is free to build own implemetations +if needed. + +Public API +========== + Authentication ==============