The inner-workings of repoze.what

Overview

repoze.what doesn’t provide WSGI middleware per se. Instead, it configures and re-uses repoze.who‘s.

Middleware-related components are defined in the repoze.what.middleware module. It contains one function to configure repoze.who with support for repoze.what and the repoze.who metadata provider that loads authorization-related data in the repoze.who identity and the repoze.what credentials dictionaries.

Warning

In repoze.what v2, the userid, groups and permissions will only be loaded in the repoze.what credentials dictionary (environ['repoze.what.credentials']). So you are encouraged not to access this data from the repoze.who identity – if you do so, you will have to update your code when you want to upgrade to v2.

WSGI environment variables

repoze.what defines and uses the following WSGI environment variables:

• repoze.what.credentials: It contains authorization-related data about the current user (it’s similar to repoze.who‘s identity). It is a dictionary made up of the following items: userid (the user name of the current user, if not anonymous; copied from environ['repoze.who.identity']['repoze.who.userid'] in repoze.what v1.X), groups (tuple of groups to which the currrent user belongs) and permissions (tuple of permissions granted to such groups).

  Warning

  Do not access this dictionary directly, use a predicate checker instead. This variable is internal and the disposal or availability of its items may change at any time.

• repoze.what.adapters: It contains the available source adapters, if any. It’s a dictionary made up of the following items: groups (dictionary of group adapters) and permissions (dictionary of permission adapters).

Warning

Because repoze.what 1.X works as a repoze.who metadata provider, the variables above are defined if and only if the current user is not anonymous. This limitation will not exist in repoze.what v2, since it will have its own middleware.