# Django Identity and Access Management
Roles and access management for django apps
## Quick Setup
```shell
pip install django-iam
```
Make sure you have a custom user model setup and in `settings.py` you have
```python
AUTH_USER_MODEL = 'users.User' # Point to your custom user model
```
Add `iam` to your `INSTALLED_APPS`
```python
# settings.py
INSTALLED_APPS = [
'django.contrib.admin',
..., # django apps
'iam',
..., # Your apps
]
AUTHENTICATION_BACKENDS = [
...,
'rules.permissions.ObjectPermissionBackend',
'django.contrib.auth.backends.ModelBackend',
...
]
```
Create a profile for the role, e.g.
```python
# app/models.py
from django.db import models
from iam.factories import AbstractProfileFactory
from iam.contrib.utils import get_profile_cls_verbose_name_plural
class SomeRoleProfile(
AbstractProfileFactory.as_abstract_model(related_name='blog_author_profile'),
models.Model
):
# user = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.PROTECT) # comes from AbstractProfileFactory
class Meta:
# Adds a little 👤 emoji to the name in admin, to make it clear this is a profile model
verbose_name_plural = get_profile_cls_verbose_name_plural('BlogAdminProfile')
```
In your app, create a `rules.py`:
```python
# app/rules.py
import rules
from iam.utils import lazy_get_predicate
# refer to https://github.com/dfunckt/django-rules#permissions-in-the-admin for why this is here
rules.add_perm('some_app', rules.is_staff)
is_some_role = lazy_get_predicate('some_app.SomeRole')
```
In your model that you are planning to set access to:
```python
# app/models.py
from rules.contrib.models import RulesModel
from some_app.rules import is_some_role
class SomeModel(
RulesModel
):
name = models.CharField(max_length=100)
class Meta:
rules_permissions = {
'add': is_some_role,
'view': is_some_role,
'change': is_some_role,
'delete': is_some_role,
}
```
As the last step, enable your user model to work with IAM and roles by having it inherit `IAMUserMixin`:
```python
# users/models.py
from iam.mixins import IAMUserMixin
class User(
IAMUserMixin,
...,
AbstractUser
):
...
```
Now only users that have a `SomeRoleProfile` profile can access `SomeModel`.
For more examples, check out `example/blog`.
## Rationale
This package aims to improve upon the built-in Django authorization and permissions system, by making the system fully
programmatic and not rely on database objects like the built-in `Group` and `Permission` models. We believe access
governance in applications and projects should be evident form the code, and should not rely on database states and
migrations. An instance of an app deployed on a server should not have a different access governance structure than
another instance somewhere else (which can be the case using the Django built-in authorization system).
The excellent library [`django-rules`](https://github.com/dfunckt/django-rules) drastically improves upon the Django
permission system by enabling developers to create rule based systems similar to decision trees, without the need for
the database to be involved. It also allows devs to create object level permissions, something which the built-in
permission system doesn't allow.
`django-iam` builds on `django-rules` by introducing the concept of Roles and Profiles. In IAM each user is assigned one
or many roles, which determine their access to certain objects or paths in the application. Each Role has an associated
`Profile` which is a database model/object with a 1-1 relationship to the `User` model. A user has a Role if their User
account has the associated profile in an active state. Please check the [Quick Setup](#quick-setup) section for an
example on how to set IAM up in your Django project.
## Main tools
### registry
### AbstractProfileFactory (`iam.factories.AbstractProfileFactory`)
### `lazy_get_predicate`
### Deactivating profiles
### predicates
### `HasOwnerFactory`
### Override permissions
## Optional tools and utilities (`iam.contrib`)
### `ProfileAdmin`
### `AutoOwnerAdminMixin`
### Admin roles
### `AbstractIAMUser`
### `IAMUserAdmin`
### `get_profile_class_verbose_name_plural`
## Development and Testing
### IDE Setup
Add the `example` directory to the `PYTHONPATH` in your IDE to avoid seeing import warnings in the `tests` modules. If
you are using PyCharm, this is already set up.
### Running the Tests
Install requirements
```
pip install -r requirements.txt
```
For local environment
```
pytest
```
For all supported environments
```
tox
```
Raw data
{
"_id": null,
"home_page": "https://github.com/kaoslabsinc/django-iam",
"name": "django-iam",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "django,iam,users,auth,authorization,kaos",
"author": "Kaos Labs Inc.",
"author_email": "keyvan@keyvanm.com",
"download_url": "https://files.pythonhosted.org/packages/53/d4/1786094c830cefee00d421ca3c18d06446a0291130eefdad3417c1c87c33/django-iam-0.3.0.tar.gz",
"platform": null,
"description": "# Django Identity and Access Management\n\nRoles and access management for django apps\n\n## Quick Setup\n\n```shell\npip install django-iam\n```\n\nMake sure you have a custom user model setup and in `settings.py` you have\n\n```python\nAUTH_USER_MODEL = 'users.User' # Point to your custom user model\n```\n\nAdd `iam` to your `INSTALLED_APPS`\n\n```python\n# settings.py\nINSTALLED_APPS = [\n 'django.contrib.admin',\n ..., # django apps\n 'iam',\n ..., # Your apps\n]\n\nAUTHENTICATION_BACKENDS = [\n ...,\n 'rules.permissions.ObjectPermissionBackend',\n 'django.contrib.auth.backends.ModelBackend',\n ...\n]\n```\n\nCreate a profile for the role, e.g.\n\n```python\n# app/models.py\nfrom django.db import models\nfrom iam.factories import AbstractProfileFactory\nfrom iam.contrib.utils import get_profile_cls_verbose_name_plural\n\n\nclass SomeRoleProfile(\n AbstractProfileFactory.as_abstract_model(related_name='blog_author_profile'),\n models.Model\n):\n # user = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.PROTECT) # comes from AbstractProfileFactory\n\n class Meta:\n # Adds a little \ud83d\udc64 emoji to the name in admin, to make it clear this is a profile model\n verbose_name_plural = get_profile_cls_verbose_name_plural('BlogAdminProfile')\n```\n\nIn your app, create a `rules.py`:\n\n```python\n# app/rules.py\nimport rules\nfrom iam.utils import lazy_get_predicate\n\n# refer to https://github.com/dfunckt/django-rules#permissions-in-the-admin for why this is here\nrules.add_perm('some_app', rules.is_staff)\n\nis_some_role = lazy_get_predicate('some_app.SomeRole')\n```\n\nIn your model that you are planning to set access to:\n\n```python\n# app/models.py\nfrom rules.contrib.models import RulesModel\nfrom some_app.rules import is_some_role\n\n\nclass SomeModel(\n RulesModel\n):\n name = models.CharField(max_length=100)\n\n class Meta:\n rules_permissions = {\n 'add': is_some_role,\n 'view': is_some_role,\n 'change': is_some_role,\n 'delete': is_some_role,\n }\n```\n\nAs the last step, enable your user model to work with IAM and roles by having it inherit `IAMUserMixin`:\n\n```python\n# users/models.py\nfrom iam.mixins import IAMUserMixin\n\n\nclass User(\n IAMUserMixin,\n ...,\n AbstractUser\n):\n ...\n```\n\nNow only users that have a `SomeRoleProfile` profile can access `SomeModel`.\n\nFor more examples, check out `example/blog`.\n\n## Rationale\n\nThis package aims to improve upon the built-in Django authorization and permissions system, by making the system fully\nprogrammatic and not rely on database objects like the built-in `Group` and `Permission` models. We believe access\ngovernance in applications and projects should be evident form the code, and should not rely on database states and\nmigrations. An instance of an app deployed on a server should not have a different access governance structure than\nanother instance somewhere else (which can be the case using the Django built-in authorization system).\n\nThe excellent library [`django-rules`](https://github.com/dfunckt/django-rules) drastically improves upon the Django\npermission system by enabling developers to create rule based systems similar to decision trees, without the need for\nthe database to be involved. It also allows devs to create object level permissions, something which the built-in\npermission system doesn't allow.\n\n`django-iam` builds on `django-rules` by introducing the concept of Roles and Profiles. In IAM each user is assigned one\nor many roles, which determine their access to certain objects or paths in the application. Each Role has an associated\n`Profile` which is a database model/object with a 1-1 relationship to the `User` model. A user has a Role if their User\naccount has the associated profile in an active state. Please check the [Quick Setup](#quick-setup) section for an\nexample on how to set IAM up in your Django project.\n\n## Main tools\n\n### registry\n\n### AbstractProfileFactory (`iam.factories.AbstractProfileFactory`)\n\n### `lazy_get_predicate`\n\n### Deactivating profiles\n\n### predicates\n\n### `HasOwnerFactory`\n\n### Override permissions\n\n## Optional tools and utilities (`iam.contrib`)\n\n### `ProfileAdmin`\n\n### `AutoOwnerAdminMixin`\n\n### Admin roles\n\n### `AbstractIAMUser`\n\n### `IAMUserAdmin`\n\n### `get_profile_class_verbose_name_plural`\n\n## Development and Testing\n\n### IDE Setup\n\nAdd the `example` directory to the `PYTHONPATH` in your IDE to avoid seeing import warnings in the `tests` modules. If\nyou are using PyCharm, this is already set up.\n\n### Running the Tests\n\nInstall requirements\n\n```\npip install -r requirements.txt\n```\n\nFor local environment\n\n```\npytest\n```\n\nFor all supported environments\n\n```\ntox\n```\n\n\n",
"bugtrack_url": null,
"license": "BSD-3-Clause",
"summary": "Roles and access management for django apps",
"version": "0.3.0",
"split_keywords": [
"django",
"iam",
"users",
"auth",
"authorization",
"kaos"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6ccb9223eedc848b1f82cab1772b58ea1fefffa07d880bbb7227e9281c336973",
"md5": "4a9fd54568648b7eb733fe4468f494af",
"sha256": "0fceed738fe10058ea8b5c9c8615a485b92467dd9324b13e8e8851efa3dba693"
},
"downloads": -1,
"filename": "django_iam-0.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4a9fd54568648b7eb733fe4468f494af",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 15162,
"upload_time": "2022-05-02T22:10:54",
"upload_time_iso_8601": "2022-05-02T22:10:54.216856Z",
"url": "https://files.pythonhosted.org/packages/6c/cb/9223eedc848b1f82cab1772b58ea1fefffa07d880bbb7227e9281c336973/django_iam-0.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "53d41786094c830cefee00d421ca3c18d06446a0291130eefdad3417c1c87c33",
"md5": "8b9112299926df9f194a86add1a153fc",
"sha256": "c453d651a2e8cebd676a58399b65ec08484fd3330f397cfc7b9e082780b6cc77"
},
"downloads": -1,
"filename": "django-iam-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "8b9112299926df9f194a86add1a153fc",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 10921,
"upload_time": "2022-05-02T22:10:55",
"upload_time_iso_8601": "2022-05-02T22:10:55.675706Z",
"url": "https://files.pythonhosted.org/packages/53/d4/1786094c830cefee00d421ca3c18d06446a0291130eefdad3417c1c87c33/django-iam-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-05-02 22:10:55",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "kaoslabsinc",
"github_project": "django-iam",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "django-iam"
}