improve code docstring

eadwinCode · eadwinCode · commit 39300bdbcdae · 2025-01-05T14:05:02.000+01:00
diff --git a/docs/security/authorization/claims-based.md b/docs/security/authorization/claims-based.md
@@ -13,7 +13,6 @@ from ellar.common import Controller, get
 
 @Controller("/articles")
 @Authorize()
-@AuthenticationRequired()
 class ArticleController:
     @get("/create")
     @CheckPolicies(ClaimsPolicy("article", "create"))
@@ -47,7 +46,6 @@ Claims can have single or multiple values:
 ```python
 @Controller("/content")
 @Authorize()
-@AuthenticationRequired()
 class ContentController:
     @get("/premium")
     @CheckPolicies(ClaimsPolicy("subscription", "premium"))  # Single claim value
@@ -67,7 +65,6 @@ You can combine multiple claims policies using logical operators:
 ```python
 @Controller("/advanced")
 @Authorize()
-@AuthenticationRequired()
 class AdvancedController:
     @get("/editor")
     @CheckPolicies(
@@ -101,7 +98,6 @@ Here's a comprehensive example showing claims-based authorization in an e-commer
 ```python
 @Controller("/store")
 @Authorize()
-@AuthenticationRequired()
 class StoreController:
     @get("/products")
     @CheckPolicies(ClaimsPolicy("store", "view_products"))
diff --git a/docs/security/authorization/combining-policies.md b/docs/security/authorization/combining-policies.md
@@ -77,7 +77,6 @@ from .custom_policies import AgeRequirementPolicy, TeamMemberPolicy
 
 @Controller("/mixed")
 @Authorize()
-@AuthenticationRequired()
 class MixedPolicyController:
     @get("/content")
     @CheckPolicies(
@@ -106,7 +105,6 @@ Here are some practical examples of policy combinations:
 ```python
 @Controller("/cms")
 @Authorize()
-@AuthenticationRequired()
 class CMSController:
     @get("/articles/{id}/edit")
     @CheckPolicies(
@@ -132,7 +130,6 @@ class CMSController:
 ```python
 @Controller("/store")
 @Authorize()
-@AuthenticationRequired()
 class StoreController:
     @get("/products/{id}/manage")
     @CheckPolicies(
diff --git a/docs/security/authorization/custom-policies.md b/docs/security/authorization/custom-policies.md
@@ -37,7 +37,6 @@ from ellar.common import Controller, get
 
 @Controller("/content")
 @Authorize()
-@AuthenticationRequired()
 class ContentController:
     @get("/adult")
     @CheckPolicies(AgeRequirementPolicy[21])  # Requires age >= 21
diff --git a/docs/security/authorization/policies.md b/docs/security/authorization/policies.md
@@ -29,7 +29,6 @@ from ellar.common import Controller, get
 
 @Controller("/content")
 @Authorize()
-@AuthenticationRequired()
 class ContentController:
     @get("/adult")
     @CheckPolicies(AdultOnlyPolicy)
@@ -67,7 +66,6 @@ class PremiumUserPolicy(Policy):
 
 @Controller("/premium")
 @Authorize()
-@AuthenticationRequired()
 class PremiumController:
     @get("/content")
     @CheckPolicies(PremiumUserPolicy)
diff --git a/docs/security/authorization/role-based.md b/docs/security/authorization/role-based.md
@@ -13,7 +13,6 @@ from ellar.common import Controller, get
 
 @Controller("/admin")
 @Authorize()
-@AuthenticationRequired()
 class AdminController:
     @get("/dashboard")
     @CheckPolicies(RolePolicy("admin"))
@@ -46,7 +45,6 @@ You can require multiple roles in different ways:
 ```python
 @Controller("/organization")
 @Authorize()
-@AuthenticationRequired()
 class OrganizationController:
     @get("/finance")
     @CheckPolicies(RolePolicy("admin") | RolePolicy("finance"))  # Requires either role
@@ -78,7 +76,6 @@ Here's an example showing how to handle access for users with different departme
 ```python
 @Controller("/departments")
 @Authorize()
-@AuthenticationRequired()
 class DepartmentController:
     @get("/it")
     @CheckPolicies(RolePolicy("it_staff") | RolePolicy("it_manager"))
diff --git a/ellar/auth/decorators.py b/ellar/auth/decorators.py
@@ -11,10 +11,28 @@
 
 def CheckPolicies(*policies: t.Union[str, PolicyType]) -> t.Callable:
     """
-    ========= CONTROLLER AND ROUTE FUNCTION DECORATOR ==============
-    Decorates a controller or a route function with specific policy requirements
-    :param policies:
-    :return:
+    Applies policy requirements to a controller or route function.
+
+    This decorator allows you to specify one or more policies that must be satisfied
+    for the user to access the decorated endpoint. Policies can be either string
+    identifiers or PolicyType objects.
+
+    Example:
+        ```python
+        @Controller()
+        class UserController:
+            @CheckPolicies('admin', RequireRole('manager'))
+            def get_sensitive_data(self):
+                return {'data': 'sensitive information'}
+        ```
+
+    Args:
+        *policies: Variable number of policy requirements. Can be strings or PolicyType objects.
+            - String policies are resolved using the policy provider
+            - PolicyType objects are evaluated directly
+
+    Returns:
+        A decorator function that applies the policy requirements.
     """
 
     def _decorator(target: t.Callable) -> t.Union[t.Callable, t.Any]:
@@ -26,9 +44,25 @@ def _decorator(target: t.Callable) -> t.Union[t.Callable, t.Any]:
 
 def Authorize() -> t.Callable:
     """
-    ========= CONTROLLER AND ROUTE FUNCTION DECORATOR ==============
-    Decorates a controller class or route function with  `AuthorizationInterceptor`
-    :return:
+    Enables authorization checks for a controller or route function.
+
+    This decorator adds the AuthorizationInterceptor which performs two main checks:
+    1. Verifies that the user is authenticated
+    2. Validates any policy requirements specified using @CheckPolicies
+
+    Example:
+        ```python
+        @Controller()
+        @Authorize()  # Enable authorization for all routes in controller
+        class SecureController:
+            @get('/')
+            @CheckPolicies('admin')  # Require admin policy
+            def secure_endpoint(self):
+                return {'message': 'secure data'}
+        ```
+
+    Returns:
+        A decorator function that enables authorization checks.
     """
 
     return set_meta(constants.ROUTE_INTERCEPTORS, [AuthorizationInterceptor])
@@ -39,13 +73,34 @@ def AuthenticationRequired(
     openapi_scope: t.Optional[t.List] = None,
 ) -> t.Callable:
     """
-    ========= CONTROLLER AND ROUTE FUNCTION DECORATOR ==============
-
-    Decorates a controller class or route function with  `IsAuthenticatedGuard`
-
-    @param authentication_scheme: authentication_scheme - Based on the authentication scheme class name or openapi_name used.
-    @param openapi_scope: OpenAPi scope
-    @return: Callable
+    Requires authentication for accessing a controller or route function.
+
+    This decorator adds the AuthenticatedRequiredGuard which ensures that requests
+    are authenticated before they can access the protected resource.
+
+    Example:
+        ```python
+        @Controller()
+        class UserController:
+            @get('/profile')
+            @AuthenticationRequired('jwt')  # Require JWT authentication
+            def get_profile(self):
+                return {'user': 'data'}
+
+            @get('/public')
+            @AuthenticationRequired(openapi_scope=['read:public'])
+            def public_data(self):
+                return {'public': 'data'}
+        ```
+
+    Args:
+        authentication_scheme: Optional name of the authentication scheme to use.
+            This should match the scheme name defined in your authentication setup.
+        openapi_scope: Optional list of OpenAPI security scopes required for the endpoint.
+            These scopes will be reflected in the OpenAPI documentation.
+
+    Returns:
+        A decorator function that enforces authentication requirements.
     """
     if callable(authentication_scheme):
         return set_meta(constants.GUARDS_KEY, [AuthenticatedRequiredGuard(None, [])])(
@@ -60,9 +115,28 @@ def AuthenticationRequired(
 
 def SkipAuth() -> t.Callable:
     """
-    ========= CONTROLLER AND ROUTE FUNCTION DECORATOR ==============
-    Decorates a Class or Route Function with SKIP_AUTH attribute that is checked by `AuthenticationRequiredGuard`
-    @return: Callable
+    Marks a controller or route function to skip authentication checks.
+
+    This decorator is useful when you have a controller with @AuthenticationRequired
+    but want to exclude specific routes from the authentication requirement.
+
+    Example:
+        ```python
+        @Controller()
+        @AuthenticationRequired()  # Require auth for all routes
+        class UserController:
+            @get('/private')
+            def private_data(self):  # This requires auth
+                return {'private': 'data'}
+
+            @get('/public')
+            @SkipAuth()  # This endpoint skips auth
+            def public_data(self):
+                return {'public': 'data'}
+        ```
+
+    Returns:
+        A decorator function that marks the endpoint to skip authentication.
     """
 
     return set_meta(
diff --git a/ellar/auth/guards/auth_required.py b/ellar/auth/guards/auth_required.py
@@ -9,6 +9,10 @@
 
 
 class AuthenticatedRequiredGuard(GuardCanActivate):
+    """
+    This guard will check if the user is authenticated and also allow you to define the authentication scheme and openapi scope.
+    """
+
     status_code = starlette.status.HTTP_401_UNAUTHORIZED
 
     def __init__(
