librbac


Namelibrbac JSON
Version 2.1.0 PyPI version JSON
download
home_pagehttps://stash.bars-open.ru/projects/EDUEO/repos/librbac/
SummaryОбщая библиотека контроля доступа для микросервисов
upload_time2024-01-29 12:49:34
maintainer
docs_urlNone
authorBARS Group
requires_python
license
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # Общая библиотека контроля доступа для микросервисов

## Подключение
settings.py:

```python
INSTALLED_APPS = [
    # другие приложение
    'testapp.core',
    'librbac',                         # для management команд rbac
    'librbac.contrib.migrations',      # для поддержки миграций
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oidc_auth.authentication.JSONWebTokenAuthentication',
    ),
}

OIDC_AUTH = {
    # URL сервиса аутентификации, необходимо указать своё значение
    'OIDC_ENDPOINT': 'http://testserver/oauth',
    
    # функция преобразующая токен в объект пользователя. Указать как есть.
    'OIDC_RESOLVE_USER_FUNCTION': 'librbac.oidc.auth.get_user_from_token',
    
    # Заголовок в котором хранится токен. Указать как есть.
    'JWT_AUTH_HEADER_PREFIX': 'Bearer',

    # The Claims Options can now be defined by a static string.
    # ref: https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation
    # The old OIDC_AUDIENCES option is removed in favor of this new option.
    # `aud` is only required, when you set it as an essential claim.
    'OIDC_CLAIMS_OPTIONS': {
        'iss': {
            'essential': True,
        }
    },
}

RBAC_BACKEND = 'librbac.backends.remote.RemoteBackend'
"""Путь до бэкенда RBAC"""


RBAC_PERMISSION_TOPIC = 'test.rbac.permission'
"""Наименование топика в который публикуются события связанные с разрешениями."""
```    


testapp/__init__.py:
```python
from typing import TYPE_CHECKING

from explicit.contrib.messagebus.event_registry import Registry


if TYPE_CHECKING:
    from explicit.messagebus.messagebus import MessageBus  # noqa


default_app_config = f'{__package__}.apps.AppConfig'


bus: 'MessageBus'

event_registry = Registry()
```



testapp/apps.py:
```python
from django.apps.config import AppConfig as AppConfigBase

from librbac.events import PermissionPushed
from librbac.utils.management import is_in_management_command


class AppConfig(AppConfigBase):

    name = __package__

    def _bootstrap(self):
        """Предоставление общей шины ядра."""
        from explicit.messagebus.messagebus import MessageBus
        from testapp import core
        from .unit_of_work import UnitOfWork
        uow = UnitOfWork()
        dependencies = dict(uow=uow)
        messagebus = MessageBus(**dependencies)
        core.bus = messagebus

    def _register_event_handlers(self):
        ...

    def _configure_rbac(self):
        from librbac import config
        from librbac.manager import rbac
        from testapp import core
        from testapp.core import event_registry as registry
        from testapp.core.adapters import messaging

        class Config(config.IConfig):
            bus = core.bus
            adapter = messaging.adapter
            event_registry = registry

        config.rbac_config = Config()

        # не пушим разрешения в шину при старте. Этим занимается management команда.
        rbac.init()


    def ready(self):
        self._bootstrap()
        self._register_events()
        self._configure_rbac()
```

testapp/permissions.py
```python
from librbac.types import Permission
from librbac.types import PermissionGroup


PERM_NAMESPACE_TEST = 'test'

PERM_RESOURCE__PERSON = 'person'
PERM__PERSON__READ = Permission(
    # (namespace, resource, action, scope)
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'read'
)
PERM__PERSON__WRITE = Permission(
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'write'
)
# Описание разрешений
# -----------------------------------------------------------------------------
permissions = (
    (PERM__PERSON__READ, 'Просмотр ФЛ'),
    (PERM__PERSON__WRITE, 'Редактирование ФЛ'),
)

dependencies = {
    PERM__PERSON__WRITE: {
        PERM__PERSON__READ,
    },
}
# -----------------------------------------------------------------------------
# Описание связей разделов и групп разрешений
partitions = {
    'Администрирование': (
        PermissionGroup(PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON),
    ),
}
# -----------------------------------------------------------------------------
```


testapp/views.py
```python
from rest_framework.viewsets import ModelViewSet

from librbac.drf.viewsets import RBACMixin

from .permissions import PERM__PERSON__READ
from .permissions import PERM__PERSON__WRITE


class PersonViewSet(RBACMixin, ModelViewSet):
    
    # сопоставление действий с разрешениями
    perm_map = dict(
        create=(PERM__PERSON__WRITE,),
        partial_update=(PERM__PERSON__WRITE,),
        destroy=(PERM__PERSON__WRITE,),
        retrieve=(PERM__PERSON__READ,),
        list=(PERM__PERSON__READ,),
    )

    ...
```

## Миграции разрешений
[Описание](./src/librbac/contrib/migrations/README.md) в модуле миграций

## Запуск тестов
    $ tox

            

Raw data

            {
    "_id": null,
    "home_page": "https://stash.bars-open.ru/projects/EDUEO/repos/librbac/",
    "name": "librbac",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "",
    "maintainer_email": "",
    "keywords": "",
    "author": "BARS Group",
    "author_email": "education_dev@bars-open.ru",
    "download_url": "https://files.pythonhosted.org/packages/f0/65/f8a965e7ca3da994ea2e6cb313b48afe859c26b08181078af4b0ddafb07b/librbac-2.1.0.tar.gz",
    "platform": null,
    "description": "# \u041e\u0431\u0449\u0430\u044f \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432\n\n## \u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\nsettings.py:\n\n```python\nINSTALLED_APPS = [\n    # \u0434\u0440\u0443\u0433\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435\n    'testapp.core',\n    'librbac',                         # \u0434\u043b\u044f management \u043a\u043e\u043c\u0430\u043d\u0434 rbac\n    'librbac.contrib.migrations',      # \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u043c\u0438\u0433\u0440\u0430\u0446\u0438\u0439\n]\n\nREST_FRAMEWORK = {\n    'DEFAULT_AUTHENTICATION_CLASSES': (\n        'oidc_auth.authentication.JSONWebTokenAuthentication',\n    ),\n}\n\nOIDC_AUTH = {\n    # URL \u0441\u0435\u0440\u0432\u0438\u0441\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u0441\u0432\u043e\u0451 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\n    'OIDC_ENDPOINT': 'http://testserver/oauth',\n    \n    # \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u044e\u0449\u0430\u044f \u0442\u043e\u043a\u0435\u043d \u0432 \u043e\u0431\u044a\u0435\u043a\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0423\u043a\u0430\u0437\u0430\u0442\u044c \u043a\u0430\u043a \u0435\u0441\u0442\u044c.\n    'OIDC_RESOLVE_USER_FUNCTION': 'librbac.oidc.auth.get_user_from_token',\n    \n    # \u0417\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0442\u043e\u043a\u0435\u043d. \u0423\u043a\u0430\u0437\u0430\u0442\u044c \u043a\u0430\u043a \u0435\u0441\u0442\u044c.\n    'JWT_AUTH_HEADER_PREFIX': 'Bearer',\n\n    # The Claims Options can now be defined by a static string.\n    # ref: https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation\n    # The old OIDC_AUDIENCES option is removed in favor of this new option.\n    # `aud` is only required, when you set it as an essential claim.\n    'OIDC_CLAIMS_OPTIONS': {\n        'iss': {\n            'essential': True,\n        }\n    },\n}\n\nRBAC_BACKEND = 'librbac.backends.remote.RemoteBackend'\n\"\"\"\u041f\u0443\u0442\u044c \u0434\u043e \u0431\u044d\u043a\u0435\u043d\u0434\u0430 RBAC\"\"\"\n\n\nRBAC_PERMISSION_TOPIC = 'test.rbac.permission'\n\"\"\"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0442\u043e\u043f\u0438\u043a\u0430 \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0443\u0431\u043b\u0438\u043a\u0443\u044e\u0442\u0441\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438.\"\"\"\n```    \n\n\ntestapp/__init__.py:\n```python\nfrom typing import TYPE_CHECKING\n\nfrom explicit.contrib.messagebus.event_registry import Registry\n\n\nif TYPE_CHECKING:\n    from explicit.messagebus.messagebus import MessageBus  # noqa\n\n\ndefault_app_config = f'{__package__}.apps.AppConfig'\n\n\nbus: 'MessageBus'\n\nevent_registry = Registry()\n```\n\n\n\ntestapp/apps.py:\n```python\nfrom django.apps.config import AppConfig as AppConfigBase\n\nfrom librbac.events import PermissionPushed\nfrom librbac.utils.management import is_in_management_command\n\n\nclass AppConfig(AppConfigBase):\n\n    name = __package__\n\n    def _bootstrap(self):\n        \"\"\"\u041f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0431\u0449\u0435\u0439 \u0448\u0438\u043d\u044b \u044f\u0434\u0440\u0430.\"\"\"\n        from explicit.messagebus.messagebus import MessageBus\n        from testapp import core\n        from .unit_of_work import UnitOfWork\n        uow = UnitOfWork()\n        dependencies = dict(uow=uow)\n        messagebus = MessageBus(**dependencies)\n        core.bus = messagebus\n\n    def _register_event_handlers(self):\n        ...\n\n    def _configure_rbac(self):\n        from librbac import config\n        from librbac.manager import rbac\n        from testapp import core\n        from testapp.core import event_registry as registry\n        from testapp.core.adapters import messaging\n\n        class Config(config.IConfig):\n            bus = core.bus\n            adapter = messaging.adapter\n            event_registry = registry\n\n        config.rbac_config = Config()\n\n        # \u043d\u0435 \u043f\u0443\u0448\u0438\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0432 \u0448\u0438\u043d\u0443 \u043f\u0440\u0438 \u0441\u0442\u0430\u0440\u0442\u0435. \u042d\u0442\u0438\u043c \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f management \u043a\u043e\u043c\u0430\u043d\u0434\u0430.\n        rbac.init()\n\n\n    def ready(self):\n        self._bootstrap()\n        self._register_events()\n        self._configure_rbac()\n```\n\ntestapp/permissions.py\n```python\nfrom librbac.types import Permission\nfrom librbac.types import PermissionGroup\n\n\nPERM_NAMESPACE_TEST = 'test'\n\nPERM_RESOURCE__PERSON = 'person'\nPERM__PERSON__READ = Permission(\n    # (namespace, resource, action, scope)\n    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'read'\n)\nPERM__PERSON__WRITE = Permission(\n    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'write'\n)\n# \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439\n# -----------------------------------------------------------------------------\npermissions = (\n    (PERM__PERSON__READ, '\u041f\u0440\u043e\u0441\u043c\u043e\u0442\u0440 \u0424\u041b'),\n    (PERM__PERSON__WRITE, '\u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0424\u041b'),\n)\n\ndependencies = {\n    PERM__PERSON__WRITE: {\n        PERM__PERSON__READ,\n    },\n}\n# -----------------------------------------------------------------------------\n# \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u0432\u044f\u0437\u0435\u0439 \u0440\u0430\u0437\u0434\u0435\u043b\u043e\u0432 \u0438 \u0433\u0440\u0443\u043f\u043f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439\npartitions = {\n    '\u0410\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435': (\n        PermissionGroup(PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON),\n    ),\n}\n# -----------------------------------------------------------------------------\n```\n\n\ntestapp/views.py\n```python\nfrom rest_framework.viewsets import ModelViewSet\n\nfrom librbac.drf.viewsets import RBACMixin\n\nfrom .permissions import PERM__PERSON__READ\nfrom .permissions import PERM__PERSON__WRITE\n\n\nclass PersonViewSet(RBACMixin, ModelViewSet):\n    \n    # \u0441\u043e\u043f\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u0441 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c\u0438\n    perm_map = dict(\n        create=(PERM__PERSON__WRITE,),\n        partial_update=(PERM__PERSON__WRITE,),\n        destroy=(PERM__PERSON__WRITE,),\n        retrieve=(PERM__PERSON__READ,),\n        list=(PERM__PERSON__READ,),\n    )\n\n    ...\n```\n\n## \u041c\u0438\u0433\u0440\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439\n[\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435](./src/librbac/contrib/migrations/README.md) \u0432 \u043c\u043e\u0434\u0443\u043b\u0435 \u043c\u0438\u0433\u0440\u0430\u0446\u0438\u0439\n\n## \u0417\u0430\u043f\u0443\u0441\u043a \u0442\u0435\u0441\u0442\u043e\u0432\n    $ tox\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "\u041e\u0431\u0449\u0430\u044f \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432",
    "version": "2.1.0",
    "project_urls": {
        "Homepage": "https://stash.bars-open.ru/projects/EDUEO/repos/librbac/"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "6fd9eee4d94bfaf18d0bad87a747163a2999823eea61e8853cef8ffaae682382",
                "md5": "50a1c75c3925f12c0f9e1c3bc2a6d766",
                "sha256": "3b9738129096c4e3303191154e3c786ee3298940a9ea4cabbdba52e8907f7e50"
            },
            "downloads": -1,
            "filename": "librbac-2.1.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "50a1c75c3925f12c0f9e1c3bc2a6d766",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": null,
            "size": 30794,
            "upload_time": "2024-01-29T12:49:32",
            "upload_time_iso_8601": "2024-01-29T12:49:32.366962Z",
            "url": "https://files.pythonhosted.org/packages/6f/d9/eee4d94bfaf18d0bad87a747163a2999823eea61e8853cef8ffaae682382/librbac-2.1.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "f065f8a965e7ca3da994ea2e6cb313b48afe859c26b08181078af4b0ddafb07b",
                "md5": "0c9512c117d0b46483e1d928226a457c",
                "sha256": "a94723a799232f3ebd1bbb405cffbc4179dbedd5db9ecb24c691106517aefcdd"
            },
            "downloads": -1,
            "filename": "librbac-2.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "0c9512c117d0b46483e1d928226a457c",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 22933,
            "upload_time": "2024-01-29T12:49:34",
            "upload_time_iso_8601": "2024-01-29T12:49:34.284991Z",
            "url": "https://files.pythonhosted.org/packages/f0/65/f8a965e7ca3da994ea2e6cb313b48afe859c26b08181078af4b0ddafb07b/librbac-2.1.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-01-29 12:49:34",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "librbac"
}
        
Elapsed time: 0.16260s