flask-authz


Nameflask-authz JSON
Version 2.6.0 PyPI version JSON
download
home_pagehttps://github.com/pycasbin/flask-authz
SummaryAn authorization middleware for Flask that supports ACL, RBAC, ABAC, based on Casbin
upload_time2024-03-29 10:18:29
maintainerNone
docs_urlNone
author['Yang Luo', 'Sciencelogic']
requires_python>=3.5
licenseApache 2.0
keywords flask pycasbin casbin auth authz acl rbac abac access control authorization permission
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            # flask-authz

[![GitHub Action](https://github.com/pycasbin/flask-authz/workflows/build/badge.svg?branch=master)](https://github.com/pycasbin/flask-authz/actions)
[![Coverage Status](https://coveralls.io/repos/github/pycasbin/flask-authz/badge.svg)](https://coveralls.io/github/pycasbin/flask-authz)
[![Version](https://img.shields.io/pypi/v/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![PyPI - Wheel](https://img.shields.io/pypi/wheel/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Pyversions](https://img.shields.io/pypi/pyversions/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Download](https://img.shields.io/pypi/dm/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord&label=discord&color=5865F2)](https://discord.gg/S5UjpzGZjN)

flask-authz is an authorization middleware for [Flask](http://flask.pocoo.org/), it's based on [PyCasbin](https://github.com/casbin/pycasbin).

## Installation

```
pip install flask-authz
```
Or clone the repo:
```
$ git clone https://github.com/pycasbin/flask-authz.git
$ python setup.py install
```

Module Usage:
```python
from flask import Flask
from flask_authz import CasbinEnforcer
from casbin.persist.adapters import FileAdapter

app = Flask(__name__)
# Set up Casbin model config
app.config['CASBIN_MODEL'] = 'casbinmodel.conf'
# Set headers where owner for enforcement policy should be located
app.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}
# Add User Audit Logging with user name associated to log
# i.e. `[2020-11-10 12:55:06,060] ERROR in casbin_enforcer: Unauthorized attempt: method: GET resource: /api/v1/item by user: janedoe@example.com`
app.config['CASBIN_USER_NAME_HEADERS'] = {'X-User'}
# Set up Casbin Adapter
adapter = FileAdapter('rbac_policy.csv')
casbin_enforcer = CasbinEnforcer(app, adapter)

@app.route('/', methods=['GET'])
@casbin_enforcer.enforcer
def get_root():
    return jsonify({'message': 'If you see this you have access'})

@app.route('/manager', methods=['POST'])
@casbin_enforcer.enforcer
@casbin_enforcer.manager
def make_casbin_change(manager):
    # Manager is an casbin.enforcer.Enforcer object to make changes to Casbin
    return jsonify({'message': 'If you see this you have access'})
```
Example Config
This example file can be found in `tests/casbin_files`
```ini
[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (p.sub == "*" || g(r.sub, p.sub)) && r.obj == p.obj && (p.act == "*" || r.act == p.act)
```
Example Policy
This example file can be found in `tests/casbin_files`
```csv
p, alice, /dataset1/*, GET
p, alice, /dataset1/resource1, POST
p, bob, /dataset2/resource1, *
p, bob, /dataset2/resource2, GET
p, bob, /dataset2/folder1/*, POST
p, dataset1_admin, /dataset1/*, *
p, *, /login, *

p, anonymous, /, GET

g, cathy, dataset1_admin
```

Development
------------

#### Run unit tests
1. Fork/Clone repository
2. Install flask-authz dependencies, and run `pytest`
```python
pip install -r dev_requirements.txt
pip install -r requirements.txt
pytest
```

#### Setup pre-commit checks
```python
pre-commit install
```


#### update requirements with pip-tools
```bash
# update requirements.txt
pip-compile --no-annotate --no-header --rebuild requirements.in
# sync venv
pip-sync
```

#### Manually Bump Version
```
bumpversion major  # major release
or
bumpversion minor  # minor release
or
bumpversion patch  # hotfix release
```

## Documentation

The authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform what ``action`` on what ``object``. In this plugin, the meanings are:

1. ``subject``: the logged-in user name
2. ``object``: the URL path for the web resource like "dataset1/item1"
3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).

## Getting Help

- [Casbin](https://casbin.org)

## License

This project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/pycasbin/flask-authz",
    "name": "flask-authz",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.5",
    "maintainer_email": null,
    "keywords": "flask, pycasbin, casbin, auth, authz, acl, rbac, abac, access control, authorization, permission",
    "author": "['Yang Luo', 'Sciencelogic']",
    "author_email": "hsluoyz@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/e1/6e/bda2f22b014f66dabec1368e452769c207d8de7e265e51b964129ba10cf0/flask-authz-2.6.0.tar.gz",
    "platform": null,
    "description": "# flask-authz\n\n[![GitHub Action](https://github.com/pycasbin/flask-authz/workflows/build/badge.svg?branch=master)](https://github.com/pycasbin/flask-authz/actions)\n[![Coverage Status](https://coveralls.io/repos/github/pycasbin/flask-authz/badge.svg)](https://coveralls.io/github/pycasbin/flask-authz)\n[![Version](https://img.shields.io/pypi/v/flask-authz.svg)](https://pypi.org/project/flask-authz/)\n[![PyPI - Wheel](https://img.shields.io/pypi/wheel/flask-authz.svg)](https://pypi.org/project/flask-authz/)\n[![Pyversions](https://img.shields.io/pypi/pyversions/flask-authz.svg)](https://pypi.org/project/flask-authz/)\n[![Download](https://img.shields.io/pypi/dm/flask-authz.svg)](https://pypi.org/project/flask-authz/)\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord&label=discord&color=5865F2)](https://discord.gg/S5UjpzGZjN)\n\nflask-authz is an authorization middleware for [Flask](http://flask.pocoo.org/), it's based on [PyCasbin](https://github.com/casbin/pycasbin).\n\n## Installation\n\n```\npip install flask-authz\n```\nOr clone the repo:\n```\n$ git clone https://github.com/pycasbin/flask-authz.git\n$ python setup.py install\n```\n\nModule Usage:\n```python\nfrom flask import Flask\nfrom flask_authz import CasbinEnforcer\nfrom casbin.persist.adapters import FileAdapter\n\napp = Flask(__name__)\n# Set up Casbin model config\napp.config['CASBIN_MODEL'] = 'casbinmodel.conf'\n# Set headers where owner for enforcement policy should be located\napp.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}\n# Add User Audit Logging with user name associated to log\n# i.e. `[2020-11-10 12:55:06,060] ERROR in casbin_enforcer: Unauthorized attempt: method: GET resource: /api/v1/item by user: janedoe@example.com`\napp.config['CASBIN_USER_NAME_HEADERS'] = {'X-User'}\n# Set up Casbin Adapter\nadapter = FileAdapter('rbac_policy.csv')\ncasbin_enforcer = CasbinEnforcer(app, adapter)\n\n@app.route('/', methods=['GET'])\n@casbin_enforcer.enforcer\ndef get_root():\n    return jsonify({'message': 'If you see this you have access'})\n\n@app.route('/manager', methods=['POST'])\n@casbin_enforcer.enforcer\n@casbin_enforcer.manager\ndef make_casbin_change(manager):\n    # Manager is an casbin.enforcer.Enforcer object to make changes to Casbin\n    return jsonify({'message': 'If you see this you have access'})\n```\nExample Config\nThis example file can be found in `tests/casbin_files`\n```ini\n[request_definition]\nr = sub, obj, act\n\n[policy_definition]\np = sub, obj, act\n\n[role_definition]\ng = _, _\n\n[policy_effect]\ne = some(where (p.eft == allow))\n\n[matchers]\nm = (p.sub == \"*\" || g(r.sub, p.sub)) && r.obj == p.obj && (p.act == \"*\" || r.act == p.act)\n```\nExample Policy\nThis example file can be found in `tests/casbin_files`\n```csv\np, alice, /dataset1/*, GET\np, alice, /dataset1/resource1, POST\np, bob, /dataset2/resource1, *\np, bob, /dataset2/resource2, GET\np, bob, /dataset2/folder1/*, POST\np, dataset1_admin, /dataset1/*, *\np, *, /login, *\n\np, anonymous, /, GET\n\ng, cathy, dataset1_admin\n```\n\nDevelopment\n------------\n\n#### Run unit tests\n1. Fork/Clone repository\n2. Install flask-authz dependencies, and run `pytest`\n```python\npip install -r dev_requirements.txt\npip install -r requirements.txt\npytest\n```\n\n#### Setup pre-commit checks\n```python\npre-commit install\n```\n\n\n#### update requirements with pip-tools\n```bash\n# update requirements.txt\npip-compile --no-annotate --no-header --rebuild requirements.in\n# sync venv\npip-sync\n```\n\n#### Manually Bump Version\n```\nbumpversion major  # major release\nor\nbumpversion minor  # minor release\nor\nbumpversion patch  # hotfix release\n```\n\n## Documentation\n\nThe authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform what ``action`` on what ``object``. In this plugin, the meanings are:\n\n1. ``subject``: the logged-in user name\n2. ``object``: the URL path for the web resource like \"dataset1/item1\"\n3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like \"read-file\", \"write-blog\"\n\nFor how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).\n\n## Getting Help\n\n- [Casbin](https://casbin.org)\n\n## License\n\nThis project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.\n\n",
    "bugtrack_url": null,
    "license": "Apache 2.0",
    "summary": "An authorization middleware for Flask that supports ACL, RBAC, ABAC, based on Casbin",
    "version": "2.6.0",
    "project_urls": {
        "Download": "https://github.com/pycasbin/flask-authz/tarball/v2.6.0",
        "Homepage": "https://github.com/pycasbin/flask-authz"
    },
    "split_keywords": [
        "flask",
        " pycasbin",
        " casbin",
        " auth",
        " authz",
        " acl",
        " rbac",
        " abac",
        " access control",
        " authorization",
        " permission"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ca09445fbaab0bdbe7b5fce554219981c31f74f1c812ec555f844951e47de058",
                "md5": "14efd9423cc1f09339cdb35bcc7179fc",
                "sha256": "575cd0c99d49c7c5945601b84f56d48c2f94fa639351315f0598b5af5282a3c4"
            },
            "downloads": -1,
            "filename": "flask_authz-2.6.0-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "14efd9423cc1f09339cdb35bcc7179fc",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": ">=3.5",
            "size": 12905,
            "upload_time": "2024-03-29T10:18:28",
            "upload_time_iso_8601": "2024-03-29T10:18:28.139771Z",
            "url": "https://files.pythonhosted.org/packages/ca/09/445fbaab0bdbe7b5fce554219981c31f74f1c812ec555f844951e47de058/flask_authz-2.6.0-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e16ebda2f22b014f66dabec1368e452769c207d8de7e265e51b964129ba10cf0",
                "md5": "f09cb68f2e03aba8b35d697596e2fbd8",
                "sha256": "9d55275634a64b421f54932370455946819cf48d794b0327360594731e02a46f"
            },
            "downloads": -1,
            "filename": "flask-authz-2.6.0.tar.gz",
            "has_sig": false,
            "md5_digest": "f09cb68f2e03aba8b35d697596e2fbd8",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.5",
            "size": 13728,
            "upload_time": "2024-03-29T10:18:29",
            "upload_time_iso_8601": "2024-03-29T10:18:29.940823Z",
            "url": "https://files.pythonhosted.org/packages/e1/6e/bda2f22b014f66dabec1368e452769c207d8de7e265e51b964129ba10cf0/flask-authz-2.6.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-03-29 10:18:29",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "pycasbin",
    "github_project": "flask-authz",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "requirements": [],
    "lcname": "flask-authz"
}
        
Elapsed time: 0.22854s