# HG changeset patch
# User Thierry Florac <thierry.florac@onf.fr>
# Date 1499855658 -7200
# Node ID ddcb2ea9392bbfedc82845f6354c7def4dea3a7a
# Parent  ee5bacdecac6cdd251cd98a006159e260f4569c1
Added debug output to "effective_principals" method, and added "context" to effective_principals method call of security policy

diff -r ee5bacdecac6 -r ddcb2ea9392b src/pyams_security/utility.py
--- a/src/pyams_security/utility.py	Wed Jul 12 12:32:29 2017 +0200
+++ b/src/pyams_security/utility.py	Wed Jul 12 12:34:18 2017 +0200
@@ -27,7 +27,7 @@
 # import packages
 from pyams_security.principal import UnknownPrincipal, MissingPrincipal
 from pyams_utils.registry import query_utility
-from pyams_utils.request import check_request
+from pyams_utils.request import check_request, request_property
 from pyams_utils.wsgi import wsgi_environ_cache
 from pyramid.authentication import AuthTktCookieHelper
 from pyramid.decorator import reify
@@ -145,13 +145,14 @@
                 principals |= set(plugin.get_all_principals(principal))
         return principals
 
-    def effective_principals(self, principal_id, request=None):
+    def effective_principals(self, principal_id, request=None, context=None):
         # add principals extracted from security plug-ins
         principals = self._get_plugins_principals(principal_id)
         # add context roles granted to principal
-        if request is None:
-            request = check_request()
-        context = request.context
+        if context is None:
+            if request is None:
+                request = check_request()
+            context = request.context
         if context is not None:
             for parent in lineage(context):
                 protection = IProtectedObject(parent, None)
@@ -268,8 +269,11 @@
         if manager is not None:
             return manager.authenticated_userid(request)
 
-    @wsgi_environ_cache('pyams_security.effective_principals')
-    def effective_principals(self, request):
+    @request_property(key=None)
+    def effective_principals(self, request, context=None):
+        logger.debug(">>> getting principals for principal {0} ({1}) on {2!r}".format(request.principal.title,
+                                                                                      request.principal.id,
+                                                                                      context or request.context))
         principals = {Everyone}
         principal_id = self.unauthenticated_userid(request)
         if principal_id:
@@ -278,8 +282,8 @@
             principals.add(principal_id)
             manager = self._get_security_manager(request)
             if manager is not None:
-                principals |= set(manager.effective_principals(principal_id))
-        logger.debug('principals = {0}'.format(str(sorted(principals))))
+                principals |= set(manager.effective_principals(principal_id, request, context))
+        logger.debug('<<< principals = {0}'.format(str(sorted(principals))))
         return principals
 
     def remember(self, request, principal, **kw):