{ "info": { "author": "Dan Baneman", "author_email": "hidden@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 3", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "Simple RBAC\n===========\n\nThis is a simple role based access control utility in Python.\n\nQuick Start\n-----------\n\n1. Install Simple RBAC\n~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n pip install simple-rbac\n\n2. Create a Access Control List\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n import rbac.acl\n\n acl = rbac.acl.Registry()\n\n3. Register Roles and Resources\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n acl.add_role(\"member\")\n acl.add_role(\"student\", [\"member\"])\n acl.add_role(\"teacher\", [\"member\"])\n acl.add_role(\"junior-student\", [\"student\"])\n\n acl.add_resource(\"course\")\n acl.add_resource(\"senior-course\", [\"course\"])\n\n4. Add Rules\n~~~~~~~~~~~~\n\n::\n\n acl.allow(\"member\", \"view\", \"course\")\n acl.allow(\"student\", \"learn\", \"course\")\n acl.allow(\"teacher\", \"teach\", \"course\")\n acl.deny(\"junior-student\", \"learn\", \"senior-course\")\n\n5. Use It to Check Permission\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n if acl.is_allowed(\"student\", \"view\", \"course\"):\n print(\"Students chould view courses.\")\n else:\n print(\"Students chould not view courses.\")\n\n if acl.is_allowed(\"junior-student\", \"learn\", \"senior-course\"):\n print(\"Junior students chould learn senior courses.\")\n else:\n print(\"Junior students chould not learn senior courses.\")\n\nCustom Role and Resource Class\n------------------------------\n\nIt\u2019s not necessary to use string as role object and resource object like\n\"Quick Start\". You could define role class and resource class of\nyourself, such as a database mapped model in SQLAlchemy.\n\nWhatever which role class and resource class you will use, it must\nimplement ``__hash__`` method and ``__eq__`` method to be `hashable`_.\n\nExample\n~~~~~~~\n\n::\n\n class Role(db.Model):\n \"\"\"The role.\"\"\"\n\n id = db.Column(db.Integer, primary_key=True)\n screen_name = db.Column(db.Unicode, nullable=False, unique=True)\n\n def __hash__(self):\n return hash(\"ROLE::%d\" % self.id)\n\n def __eq__(self, other):\n return self.id == other.id\n\n\n class Resource(db.Model):\n \"\"\"The resource.\"\"\"\n\n id = db.Column(db.Integer, primary_key=True)\n screen_name = db.Column(db.Unicode, nullable=False, unique=True)\n\n def __hash__(self):\n return hash(\"RESOURCE::%d\" % self.id)\n\n def __eq__(self, other):\n return self.id == other.id\n\nOf course, You could use the built-in hashable types too, such as tuple,\nnamedtuple, frozenset and more.\n\nUse the Identity Context Check Your Permission\n----------------------------------------------\n\nObviously, the work of checking permission is a cross-cutting concern.\nThe module named ``rbac.context``, our ``IdentityContext``, provide some\nways to make our work neater.\n\n1. Create the Context Manager\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n::\n\n acl = Registry()\n context = IdentityContext(acl)\n\n2. Set a Loader\n~~~~~~~~~~~~~~~\n\nThe loader should load the roles of current user.\n\n::\n\n from myapp import get_current_user\n\n @context.set_roles_loader\n def second_load_roles():\n user = get_current_user()\n yield \"everyone\"\n for role in user.roles:\n yield str(role)\n\n3. Protect Your Action\n~~~~~~~~~~~~~~~~~~~~~~\n\nNow you could protect your action from unauthorized access. As you\nplease, you could choose many ways to check the permission, including\npython ``decorator``, python ``with statement`` or simple method\ncalling.\n\nDecorator\n^^^^^^^^^\n\n::\n\n @context.check_permission(\"view\", \"article\", message=\"can't view\")\n def article_page():\n return \"your-article\"\n\nWith Statement\n^^^^^^^^^^^^^^\n\n::\n\n def article_page():\n with context.check_permission(\"view\", \"article\", message=\"can't view\"):\n return \"your-article\"\n\nSimple Method Calling\n^^^^^^^^^^^^^^^^^^^^^\n\n::\n\n def article_page():\n context.check_permission(\"view\", \"article\", message=\"can't view\").check()\n return \"your-article\"\n\nException Handler and Non-Zero Checking\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nWhatever which way you choosen, a exception\n``rbac.context.PermissionDenied`` will be raised while a unauthorized\naccess happening. The keyword arguments sent to the\n``context.check_permission`` will be set into a attirbute named\n``kwargs`` of the exception. You could get those data in your exception\nhandler.\n\n::\n\n @context.check_permission(\"view\", \"article\", message=\"can not view\")\n def article_page():\n return \"your-article\"\n\n try:\n print article_page()\n except PermissionDenied as exception:\n print \"The access has been denied, you %s\" % exception.kwargs['message']\n\nIf you don\u2019t want to raise the exception but only check the access is\nallowed or not, you could use the checking like a boolean value.\n\n::\n\n if not context.check_permission(\"view\", \"article\"):\n print \"Oh! the access has been denied.\"\n\n is_allowed = bool(context.check_permission(\"view\", \"article\"))\n\n.. _hashable: http://docs.python.org/glossary.html#term-hashable", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/dbaneman/simple-rbac", "keywords": "rbac permission acl access-control", "license": "MIT License", "maintainer": null, "maintainer_email": null, "name": "simple-rbac-dgb", "package_url": "https://pypi.org/project/simple-rbac-dgb/", "platform": "any", "project_url": "https://pypi.org/project/simple-rbac-dgb/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/dbaneman/simple-rbac" }, "release_url": "https://pypi.org/project/simple-rbac-dgb/0.1.1/", "requires_dist": null, "requires_python": null, "summary": "A simple role based access control utility, forked for heavier use of assertions.", "version": "0.1.1" }, "last_serial": 1627763, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "ce73b86d0e5676b7615b94897807e811", "sha256": "ceb20122f5ae30fad1b0483514b46b2726cf9602bd1bf667083acc5413b91414" }, "downloads": -1, "filename": "simple-rbac-dgb-0.1.0.tar.gz", "has_sig": false, "md5_digest": "ce73b86d0e5676b7615b94897807e811", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7094, "upload_time": "2015-07-01T23:42:09", "url": "https://files.pythonhosted.org/packages/e7/15/750889a551ec1985b2b891ce900162e44aacc52dd3953a95ad65804f80ec/simple-rbac-dgb-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "dc8945c833340ffa8a17e7a8d1dd1ad4", "sha256": "098d7a4adf298c41e0e1cfbe0def268210bc30dd00ea345daef393e546b3d9ce" }, "downloads": -1, "filename": "simple-rbac-dgb-0.1.1.tar.gz", "has_sig": false, "md5_digest": "dc8945c833340ffa8a17e7a8d1dd1ad4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7096, "upload_time": "2015-07-10T13:37:11", "url": "https://files.pythonhosted.org/packages/0a/eb/6a4320475dada702b6555d8eb6f3eb289ac2c49a8cddccdece96d8cb4db6/simple-rbac-dgb-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "dc8945c833340ffa8a17e7a8d1dd1ad4", "sha256": "098d7a4adf298c41e0e1cfbe0def268210bc30dd00ea345daef393e546b3d9ce" }, "downloads": -1, "filename": "simple-rbac-dgb-0.1.1.tar.gz", "has_sig": false, "md5_digest": "dc8945c833340ffa8a17e7a8d1dd1ad4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7096, "upload_time": "2015-07-10T13:37:11", "url": "https://files.pythonhosted.org/packages/0a/eb/6a4320475dada702b6555d8eb6f3eb289ac2c49a8cddccdece96d8cb4db6/simple-rbac-dgb-0.1.1.tar.gz" } ] }