# graphql-authz
[](https://github.com/officialpycasbin/graphql-authz/actions/workflows/build.yml)
[](https://coveralls.io/github/officialpycasbin/graphql-authz)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://pypi.org/project/casbin-graphql-authz/)
[](https://discord.gg/S5UjpzGZjN)
GraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).
This package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the
capability to limit access to each GraphQL resource with the authorization middleware.
## Installation
Install the package using pip.
```shell
pip install casbin-graphql-authz
```
Get Started
--------
Limit the access to each GraphQL resource with a policy. For example,
given this policy for an [RBAC](https://casbin.org/docs/rbac/) model:
```csv
p, authorized_user, hello, query
```
Authorization can be enforced using:
```python3
import casbin
from authz.middleware import enforcer_middleware
from graphql import (
graphql_sync,
GraphQLSchema,
GraphQLObjectType,
GraphQLField,
GraphQLString,
)
schema = GraphQLSchema(
query=GraphQLObjectType(
name="RootQueryType",
fields={
"hello": GraphQLField(
GraphQLString,
resolve=lambda obj, info: "world")
}))
enforcer = casbin.Enforcer("model_file.conf", "policy_file.csv")
authorization_middleware = enforcer_middleware(enforcer)
query = """{ hello }"""
# Authorized user ("authorized_user") has access to data
response = graphql_sync(
schema,
query,
middleware=[authorization_middleware],
context_value={"role": "authorized_user"}
)
assert response.data == {"hello": "world"}
# Unauthorized users ("unauthorized_user") are rejected
response = graphql_sync(
schema,
query,
middleware=[authorization_middleware],
context_value={"role": "unauthorized_user"}
)
assert response.errors[0].message == "unauthorized_user can not query hello"
```
For more interesting scenarios see `tests` folder.
## Credits
Implementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).
Authorization enforcement is based on [Casbin](https://casbin.org/) authorization library.
Raw data
{
"_id": null,
"home_page": "https://github.com/officialpycasbin/graphql-authz",
"name": "casbin-graphql-authz",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": "casbin, GraphQL, GraphQL middleware, rbac, access control, abac, acl, permission",
"author": "Ezequiel Grondona",
"author_email": "ezequiel.grondona@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/a9/73/368737882b7a771884d85bc30a0eb0202871eb31069960a885313751b50b/casbin_graphql_authz-1.2.0.tar.gz",
"platform": null,
"description": "# graphql-authz\n\n[](https://github.com/officialpycasbin/graphql-authz/actions/workflows/build.yml)\n[](https://coveralls.io/github/officialpycasbin/graphql-authz)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://pypi.org/project/casbin-graphql-authz/)\n[](https://discord.gg/S5UjpzGZjN)\n\nGraphQL-Authz is a Python port of [GraphQL-Authz](https://github.com/node-casbin/graphql-authz), the [Casbin](https://casbin.org/) authorization middleware implementation in [Node.js](https://nodejs.org/en/).\n\nThis package should be used with [GraphQL-core 3](https://github.com/graphql-python/graphql-core), providing the\ncapability to limit access to each GraphQL resource with the authorization middleware.\n\n## Installation\n\nInstall the package using pip.\n\n```shell\npip install casbin-graphql-authz\n```\n\nGet Started\n--------\n\nLimit the access to each GraphQL resource with a policy. For example,\ngiven this policy for an [RBAC](https://casbin.org/docs/rbac/) model:\n\n```csv\np, authorized_user, hello, query\n```\n\nAuthorization can be enforced using:\n\n```python3\nimport casbin\nfrom authz.middleware import enforcer_middleware\n\nfrom graphql import (\n graphql_sync,\n GraphQLSchema,\n GraphQLObjectType,\n GraphQLField,\n GraphQLString,\n)\n\n\nschema = GraphQLSchema(\n query=GraphQLObjectType(\n name=\"RootQueryType\",\n fields={\n \"hello\": GraphQLField(\n GraphQLString,\n resolve=lambda obj, info: \"world\")\n }))\n\nenforcer = casbin.Enforcer(\"model_file.conf\", \"policy_file.csv\")\nauthorization_middleware = enforcer_middleware(enforcer)\n\nquery = \"\"\"{ hello }\"\"\"\n\n# Authorized user (\"authorized_user\") has access to data\nresponse = graphql_sync(\n schema,\n query,\n middleware=[authorization_middleware],\n context_value={\"role\": \"authorized_user\"}\n)\nassert response.data == {\"hello\": \"world\"}\n\n# Unauthorized users (\"unauthorized_user\") are rejected\nresponse = graphql_sync(\n schema,\n query,\n middleware=[authorization_middleware],\n context_value={\"role\": \"unauthorized_user\"}\n)\nassert response.errors[0].message == \"unauthorized_user can not query hello\"\n```\n\nFor more interesting scenarios see `tests` folder.\n\n## Credits\n\nImplementation was heavily inspired by the [Node.js](https://nodejs.org/en/) middleware [GraphQL-Authz](https://github.com/node-casbin/graphql-authz).\n\nAuthorization enforcement is based on [Casbin](https://casbin.org/) authorization library.\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "graphql-authz is an casbin authorization middleware for GraphQL",
"version": "1.2.0",
"project_urls": {
"Homepage": "https://github.com/officialpycasbin/graphql-authz"
},
"split_keywords": [
"casbin",
" graphql",
" graphql middleware",
" rbac",
" access control",
" abac",
" acl",
" permission"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "06de0ddf7e0c5ac478eb5c2673a70b0e91044fd7f79e7c4448cc6a666f6e8da0",
"md5": "33f43f9530a3aa099a2493c47f5ac750",
"sha256": "26cfea8757bdd063e3cca1557f995116bb8f079038b8a0ff49b4134b8d985172"
},
"downloads": -1,
"filename": "casbin_graphql_authz-1.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "33f43f9530a3aa099a2493c47f5ac750",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 9529,
"upload_time": "2024-11-12T00:53:13",
"upload_time_iso_8601": "2024-11-12T00:53:13.462764Z",
"url": "https://files.pythonhosted.org/packages/06/de/0ddf7e0c5ac478eb5c2673a70b0e91044fd7f79e7c4448cc6a666f6e8da0/casbin_graphql_authz-1.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a973368737882b7a771884d85bc30a0eb0202871eb31069960a885313751b50b",
"md5": "e6f2c4f03a640d9f783cd50f217f0fb3",
"sha256": "ea5fa0019852c24d499e00a91d9f60dade21b4006c7493c5223672f6f43ac8bc"
},
"downloads": -1,
"filename": "casbin_graphql_authz-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "e6f2c4f03a640d9f783cd50f217f0fb3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 8513,
"upload_time": "2024-11-12T00:53:14",
"upload_time_iso_8601": "2024-11-12T00:53:14.459125Z",
"url": "https://files.pythonhosted.org/packages/a9/73/368737882b7a771884d85bc30a0eb0202871eb31069960a885313751b50b/casbin_graphql_authz-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-12 00:53:14",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "officialpycasbin",
"github_project": "graphql-authz",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "graphql-core",
"specs": []
}
],
"lcname": "casbin-graphql-authz"
}
JSON
