• This repository has been archived on 03/Oct/2021
  • Stars
    star
    269
  • Rank 152,662 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 12 years ago
  • Updated almost 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A simple role based access control utility for Python.

Build Status Coverage Status PyPI Version Wheel Status

Simple RBAC

This is a simple role based access control utility in Python.

Quick Start

1. Install Simple RBAC

pip install simple-rbac

2. Create a Access Control List

import rbac.acl

acl = rbac.acl.Registry()

3. Register Roles and Resources

acl.add_role("member")
acl.add_role("student", ["member"])
acl.add_role("teacher", ["member"])
acl.add_role("junior-student", ["student"])

acl.add_resource("course")
acl.add_resource("senior-course", ["course"])

4. Add Rules

acl.allow("member", "view", "course")
acl.allow("student", "learn", "course")
acl.allow("teacher", "teach", "course")
acl.deny("junior-student", "learn", "senior-course")

5. Use It to Check Permission

if acl.is_allowed("student", "view", "course"):
    print("Students chould view courses.")
else:
    print("Students chould not view courses.")

if acl.is_allowed("junior-student", "learn", "senior-course"):
    print("Junior students chould learn senior courses.")
else:
    print("Junior students chould not learn senior courses.")

Custom Role and Resource Class

It’s not necessary to use string as role object and resource object like "Quick Start". You could define role class and resource class of yourself, such as a database mapped model in SQLAlchemy.

Whatever which role class and resource class you will use, it must implement __hash__ method and __eq__ method to be hashable.

Example

class Role(db.Model):
    """The role."""

    id = db.Column(db.Integer, primary_key=True)
    screen_name = db.Column(db.Unicode, nullable=False, unique=True)

    def __hash__(self):
        return hash("ROLE::%d" % self.id)

    def __eq__(self, other):
        return self.id == other.id


class Resource(db.Model):
    """The resource."""

    id = db.Column(db.Integer, primary_key=True)
    screen_name = db.Column(db.Unicode, nullable=False, unique=True)

    def __hash__(self):
        return hash("RESOURCE::%d" % self.id)

    def __eq__(self, other):
        return self.id == other.id

Of course, You could use the built-in hashable types too, such as tuple, namedtuple, frozenset and more.

Use the Identity Context Check Your Permission

Obviously, the work of checking permission is a cross-cutting concern. The module named rbac.context, our IdentityContext, provide some ways to make our work neater.

1. Create the Context Manager

acl = Registry()
context = IdentityContext(acl)

2. Set a Loader

The loader should load the roles of current user.

from myapp import get_current_user

@context.set_roles_loader
def second_load_roles():
    user = get_current_user()
    yield "everyone"
    for role in user.roles:
        yield str(role)

3. Protect Your Action

Now you could protect your action from unauthorized access. As you please, you could choose many ways to check the permission, including python decorator, python with statement or simple method calling.

Decorator
@context.check_permission("view", "article", message="can't view")
def article_page():
    return "your-article"
With Statement
def article_page():
    with context.check_permission("view", "article", message="can't view"):
        return "your-article"
Simple Method Calling
def article_page():
    context.check_permission("view", "article", message="can't view").check()
    return "your-article"
Exception Handler and Non-Zero Checking

Whatever which way you choosen, a exception rbac.context.PermissionDenied will be raised while a unauthorized access happening. The keyword arguments sent to the context.check_permission will be set into a attirbute named kwargs of the exception. You could get those data in your exception handler.

@context.check_permission("view", "article", message="can not view")
def article_page():
    return "your-article"

try:
    print article_page()
except PermissionDenied as exception:
    print "The access has been denied, you %s" % exception.kwargs['message']

If you don’t want to raise the exception but only check the access is allowed or not, you could use the checking like a boolean value.

if not context.check_permission("view", "article"):
    print "Oh! the access has been denied."

is_allowed = bool(context.check_permission("view", "article"))

More Repositories

1

rsocks

A SOCKS 4/5 reverse proxy server
Python
126
star
2

openvpn-status

Parse OpenVPN status logs in Python
Python
83
star
3

oh-my-zsh-seeker-theme

My favored oh-my-zsh theme.
47
star
4

oh-my-zsh-virtualenv-prompt

Yet another virtualenv prompt plugin of oh-my-zsh.
Shell
35
star
5

python-envcfg

For 12-factor apps - retrieve config from envvars.
Python
28
star
6

pyenv-up

Works with pyenv and virtualenv in a new shell.
Shell
23
star
7

flask-navigation

Build navigation bars in your Flask application.
Python
21
star
8

pytest-xpara

An extended parametrizing plugin of pytest.
Python
18
star
9

flask-docker

Using Docker client in your Flask application.
Python
18
star
10

python-tclip

The Python binding of tclip.
C++
13
star
11

python-orphanage

Let child processes suicide if they became orphans.
Python
12
star
12

html5lib-truncation

Truncating HTML with html5lib filter
Python
11
star
13

tinyscgi

[Homework] Yet another SCGI server.
C
10
star
14

docker-devpi

The Docker image of devpi with LDAP integration.
Python
10
star
15

emsfeed

The feed of China Express Mail Service tracking.
Python
8
star
16

macdict

CLI and library to look up dictionary in macOS.
Python
8
star
17

hare

Yet another front-end project boilerplate.
JavaScript
7
star
18

unfeed

[Inactive] The feed of unfeed sites.
Python
6
star
19

docker-tunnel

Using remote docker with SSH tunnel.
Python
5
star
20

introduce-to-coroutine

[Inactive]
Python
5
star
21

ledge

[Inactive] [Homework] A knownledge management platform.
Python
5
star
22

kickme

Kick me from Douban Group
Python
4
star
23

homebrew-premake

Install premake4 and premake5 both with Homebrew
Ruby
2
star
24

wikiquote

[Inactive] An utility to fetch daily wikiquote.
Python
2
star
25

tumblr-to-octopress

[OUTDATED]
Python
1
star
26

sphinx-kr-theme

The third-party package of Kenneth Reitz's krTheme.
Python
1
star
27

ailtdou

[INACTIVE] Email to Douban
Python
1
star
28

flask-git

[WIP]
1
star
29

homebrew-dsocks

Installing a patched DSOCKS with Homebrew
Ruby
1
star
30

homebrew-scripts

They are just scripts, but useful.
Ruby
1
star
31

homebrew-phantomjs

Installing the preview release of PhantomJS with Homebrew Cask
Ruby
1
star