New request.actor property, refs #811

2025-12-10 16:51:24 +01:00 · 2020-06-08 10:05:32 -07:00 · 2020-06-08 10:05:32 -07:00 · 177059284d
commit 177059284d
parent 2a8b39800f
8 changed files with 16 additions and 7 deletions
--- a/docs/authentication.rst
+++ b/docs/authentication.rst
@ -140,6 +140,8 @@ Plugins that wish to implement the same permissions scheme as canned queries can
    actor_matches_allow({"id": "root"}, {"id": "*"})
    # returns True

+The currently authenticated actor is made available to plugins as ``request.actor``.
+
 .. _PermissionsDebugView:

 Permissions Debug
--- a/docs/internals.rst
+++ b/docs/internals.rst
@ -42,6 +42,9 @@ The request object is passed to various plugin hooks. It represents an incoming
 ``.args`` - MultiParams
    An object representing the parsed querystring parameters, see below.

+``.actor`` - dictionary (str -> Any) or None
+    The currently authenticated actor (see :ref:`actors <authentication_actor>`), or ``None`` if the request is unauthenticated.
+
 The object also has one awaitable method:

 ``await request.post_vars()`` - dictionary
@ -122,7 +125,7 @@ await .permission_allowed(actor, action, resource_type=None, resource_identifier
 -----------------------------------------------------------------------------------------------------

 ``actor`` - dictionary
-    The authenticated actor. This is usually ``request.scope.get("actor")``.
+    The authenticated actor. This is usually ``request.actor``.

 ``action`` - string
    The name of the action that is being permission checked.