The inner-workings of repoze.what¶
Overview
repoze.what doesn’t provide WSGI middleware per se. Instead, it
configures and re-uses repoze.who‘s.
Middleware-related components are defined in the repoze.what.middleware
module. It contains one function to configure repoze.who with support
for repoze.what and the repoze.who metadata provider that loads
authorization-related data in the repoze.who identity and the
repoze.what credentials dictionaries.
Warning
In repoze.what v2, the userid, groups and permissions will only
be loaded in the repoze.what credentials dictionary
(environ['repoze.what.credentials']). So you are encouraged not to
access this data from the repoze.who identity – if you do so,
you will have to update your code when you want to upgrade to v2.
WSGI environment variables¶
repoze.what defines and uses the following WSGI environment variables:
repoze.what.credentials: It contains authorization-related data about the current user (it’s similar torepoze.who‘sidentity). It is a dictionary made up of the following items:userid(the user name of the current user, if not anonymous; copied fromenviron['repoze.who.identity']['repoze.who.userid']inrepoze.whatv1.X),groups(tuple of groups to which the currrent user belongs) andpermissions(tuple of permissions granted to such groups).Warning
Do not access this dictionary directly, use a predicate checker instead. This variable is internal and the disposal or availability of its items may change at any time.
repoze.what.adapters: It contains the available source adapters, if any. It’s a dictionary made up of the following items:groups(dictionary of group adapters) andpermissions(dictionary of permission adapters).
Warning
Because repoze.what 1.X works as a repoze.who metadata
provider, the variables above are defined if and only if the current user
is not anonymous. This limitation will not exist in repoze.what v2,
since it will have its own middleware.
