# graphql-authz
[](https://github.com/pycasbin/graphql-authz/actions/workflows/build.yml)
[](https://coveralls.io/github/pycasbin/graphql-authz)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://discord.gg/S5UjpzGZjN)
GraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).
This package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the
capability to limit access to each GraphQL resource with the authorization middleware.
## Installation
Install the package using pip.
```shell
pip install casbin-graphql-authz
```
Get Started
--------
Limit the access to each GraphQL resource with a policy. For example,
given this policy for an [RBAC](https://casbin.org/docs/rbac/) model:
```csv
p, authorized_user, hello, query
```
Authorization can be enforced using:
```python3
import casbin
from authz.middleware import enforcer_middleware
from graphql import (
graphql_sync,
GraphQLSchema,
GraphQLObjectType,
GraphQLField,
GraphQLString,
)
schema = GraphQLSchema(
query=GraphQLObjectType(
name="RootQueryType",
fields={
"hello": GraphQLField(
GraphQLString,
resolve=lambda obj, info: "world")
}))
enforcer = casbin.Enforcer("model_file.conf", "policy_file.csv")
authorization_middleware = enforcer_middleware(enforcer)
query = """{ hello }"""
# Authorized user ("authorized_user") has access to data
response = graphql_sync(
schema,
query,
middleware=[authorization_middleware],
context_value={"role": "authorized_user"}
)
assert response.data == {"hello": "world"}
# Unauthorized users ("unauthorized_user") are rejected
response = graphql_sync(
schema,
query,
middleware=[authorization_middleware],
context_value={"role": "unauthorized_user"}
)
assert response.errors[0].message == "unauthorized_user can not query hello"
```
For more interesting scenarios see `tests` folder.
## Credits
Implementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).
Authorization enforcement is based on [Casbin](https://casbin.org/) authorization library.
Raw data
{
"_id": null,
"home_page": "https://github.com/pycasbin/graphql-authz",
"name": "casbin-graphql-authz",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": "casbin, GraphQL, GraphQL middleware, rbac, access control, abac, acl, permission",
"author": "Ezequiel Grondona",
"author_email": "ezequiel.grondona@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/f9/62/7252b29f6c495a695923e569d8ec3fbec405f75a268c1d9f0e42d9fae5d7/casbin-graphql-authz-1.1.0.tar.gz",
"platform": null,
"description": "# graphql-authz\n\n[](https://github.com/pycasbin/graphql-authz/actions/workflows/build.yml)\n[](https://coveralls.io/github/pycasbin/graphql-authz)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://discord.gg/S5UjpzGZjN)\n\nGraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).\n\nThis package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the\ncapability to limit access to each GraphQL resource with the authorization middleware.\n\n## Installation\n\nInstall the package using pip.\n\n```shell\npip install casbin-graphql-authz\n```\n\nGet Started\n--------\n\nLimit the access to each GraphQL resource with a policy. For example,\ngiven this policy for an [RBAC](https://casbin.org/docs/rbac/) model:\n\n```csv\np, authorized_user, hello, query\n```\n\nAuthorization can be enforced using:\n\n```python3\nimport casbin\nfrom authz.middleware import enforcer_middleware\n\nfrom graphql import (\n graphql_sync,\n GraphQLSchema,\n GraphQLObjectType,\n GraphQLField,\n GraphQLString,\n)\n\n\nschema = GraphQLSchema(\n query=GraphQLObjectType(\n name=\"RootQueryType\",\n fields={\n \"hello\": GraphQLField(\n GraphQLString,\n resolve=lambda obj, info: \"world\")\n }))\n\nenforcer = casbin.Enforcer(\"model_file.conf\", \"policy_file.csv\")\nauthorization_middleware = enforcer_middleware(enforcer)\n\nquery = \"\"\"{ hello }\"\"\"\n\n# Authorized user (\"authorized_user\") has access to data\nresponse = graphql_sync(\n schema,\n query,\n middleware=[authorization_middleware],\n context_value={\"role\": \"authorized_user\"}\n)\nassert response.data == {\"hello\": \"world\"}\n\n# Unauthorized users (\"unauthorized_user\") are rejected\nresponse = graphql_sync(\n schema,\n query,\n middleware=[authorization_middleware],\n context_value={\"role\": \"unauthorized_user\"}\n)\nassert response.errors[0].message == \"unauthorized_user can not query hello\"\n```\n\nFor more interesting scenarios see `tests` folder.\n\n## Credits\n\nImplementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).\n\nAuthorization enforcement is based on [Casbin](https://casbin.org/) authorization library.\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "graphql-authz is an casbin authorization middleware for GraphQL",
"version": "1.1.0",
"project_urls": {
"Homepage": "https://github.com/pycasbin/graphql-authz"
},
"split_keywords": [
"casbin",
" graphql",
" graphql middleware",
" rbac",
" access control",
" abac",
" acl",
" permission"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "41fffea98c7b349e568ff9b3b2bb4d424028af23d1f61aadd7e50be0047e7027",
"md5": "d0bf44c14c079fe8936f6e8c814d724c",
"sha256": "bb34f8fca0eef000e615c5041c304714f4d0a0ab177c28521f2febd2e7def890"
},
"downloads": -1,
"filename": "casbin_graphql_authz-1.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d0bf44c14c079fe8936f6e8c814d724c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 9522,
"upload_time": "2024-03-29T13:32:34",
"upload_time_iso_8601": "2024-03-29T13:32:34.042686Z",
"url": "https://files.pythonhosted.org/packages/41/ff/fea98c7b349e568ff9b3b2bb4d424028af23d1f61aadd7e50be0047e7027/casbin_graphql_authz-1.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "f9627252b29f6c495a695923e569d8ec3fbec405f75a268c1d9f0e42d9fae5d7",
"md5": "bd5273d8f565db7ed14903f371d39c2b",
"sha256": "3890579bb65822f48134ce06be773af1d3ac4f78cf3f56be947d708288f86be8"
},
"downloads": -1,
"filename": "casbin-graphql-authz-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "bd5273d8f565db7ed14903f371d39c2b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 8504,
"upload_time": "2024-03-29T13:32:35",
"upload_time_iso_8601": "2024-03-29T13:32:35.663941Z",
"url": "https://files.pythonhosted.org/packages/f9/62/7252b29f6c495a695923e569d8ec3fbec405f75a268c1d9f0e42d9fae5d7/casbin-graphql-authz-1.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-29 13:32:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pycasbin",
"github_project": "graphql-authz",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "casbin-graphql-authz"
}
JSON
