{"id":20035819,"url":"https://github.com/officialpycasbin/flask-authz","last_synced_at":"2025-10-06T09:30:20.044Z","repository":{"id":262365462,"uuid":"887015588","full_name":"officialpycasbin/flask-authz","owner":"officialpycasbin","description":"Flask authorization middleware based on PyCasbin","archived":false,"fork":false,"pushed_at":"2024-11-12T02:54:06.000Z","size":104,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-01-17T13:55:28.844Z","etag":null,"topics":["abac","acl","auth","authorization","casbin","flask","middleware","plugin","py","pycasbin","python","pythonweb","rbac","web"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/pycasbin","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/officialpycasbin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-12T02:43:48.000Z","updated_at":"2024-11-12T02:54:09.000Z","dependencies_parsed_at":"2024-11-12T03:29:42.092Z","dependency_job_id":"fbcacbf2-8ff1-4bfe-94df-89f1fe84d64e","html_url":"https://github.com/officialpycasbin/flask-authz","commit_stats":null,"previous_names":["officialpycasbin/flask-authz"],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fflask-authz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fflask-authz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fflask-authz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/officialpycasbin%2Fflask-authz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/officialpycasbin","download_url":"https://codeload.github.com/officialpycasbin/flask-authz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235515427,"owners_count":19002481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","auth","authorization","casbin","flask","middleware","plugin","py","pycasbin","python","pythonweb","rbac","web"],"created_at":"2024-11-13T10:09:22.313Z","updated_at":"2025-10-06T09:30:20.036Z","avatar_url":"https://github.com/officialpycasbin.png","language":"Python","readme":"# flask-authz\r\n\r\n[![build](https://github.com/officialpycasbin/flask-authz/actions/workflows/build.yml/badge.svg)](https://github.com/officialpycasbin/flask-authz/actions/workflows/build.yml)\r\n[![Coverage Status](https://coveralls.io/repos/github/officialpycasbin/flask-authz/badge.svg)](https://coveralls.io/github/officialpycasbin/flask-authz)\r\n[![Version](https://img.shields.io/pypi/v/flask-authz.svg)](https://pypi.org/project/flask-authz/)\r\n[![PyPI - Wheel](https://img.shields.io/pypi/wheel/flask-authz.svg)](https://pypi.org/project/flask-authz/)\r\n[![Pyversions](https://img.shields.io/pypi/pyversions/flask-authz.svg)](https://pypi.org/project/flask-authz/)\r\n[![Download](https://static.pepy.tech/badge/flask-authz)](https://pypi.org/project/flask-authz/)\r\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\r\n\r\nflask-authz is an authorization middleware for [Flask](http://flask.pocoo.org/), it's based on [PyCasbin](https://github.com/casbin/pycasbin).\r\n\r\n## Installation\r\n\r\n```\r\npip install flask-authz\r\n```\r\nOr clone the repo:\r\n```\r\n$ git clone https://github.com/officialpycasbin/flask-authz.git\r\n$ python setup.py install\r\n```\r\n\r\nModule Usage:\r\n```python\r\nfrom flask import Flask\r\nfrom flask_authz import CasbinEnforcer\r\nfrom casbin.persist.adapters import FileAdapter\r\n\r\napp = Flask(__name__)\r\n# Set up Casbin model config\r\napp.config['CASBIN_MODEL'] = 'casbinmodel.conf'\r\n# Set headers where owner for enforcement policy should be located\r\napp.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}\r\n# Add User Audit Logging with user name associated to log\r\n# i.e. `[2020-11-10 12:55:06,060] ERROR in casbin_enforcer: Unauthorized attempt: method: GET resource: /api/v1/item by user: janedoe@example.com`\r\napp.config['CASBIN_USER_NAME_HEADERS'] = {'X-User'}\r\n# Set up Casbin Adapter\r\nadapter = FileAdapter('rbac_policy.csv')\r\ncasbin_enforcer = CasbinEnforcer(app, adapter)\r\n\r\n@app.route('/', methods=['GET'])\r\n@casbin_enforcer.enforcer\r\ndef get_root():\r\n    return jsonify({'message': 'If you see this you have access'})\r\n\r\n@app.route('/manager', methods=['POST'])\r\n@casbin_enforcer.enforcer\r\n@casbin_enforcer.manager\r\ndef make_casbin_change(manager):\r\n    # Manager is an casbin.enforcer.Enforcer object to make changes to Casbin\r\n    return jsonify({'message': 'If you see this you have access'})\r\n```\r\nExample Config\r\nThis example file can be found in `tests/casbin_files`\r\n```ini\r\n[request_definition]\r\nr = sub, obj, act\r\n\r\n[policy_definition]\r\np = sub, obj, act\r\n\r\n[role_definition]\r\ng = _, _\r\n\r\n[policy_effect]\r\ne = some(where (p.eft == allow))\r\n\r\n[matchers]\r\nm = (p.sub == \"*\" || g(r.sub, p.sub)) \u0026\u0026 r.obj == p.obj \u0026\u0026 (p.act == \"*\" || r.act == p.act)\r\n```\r\nExample Policy\r\nThis example file can be found in `tests/casbin_files`\r\n```csv\r\np, alice, /dataset1/*, GET\r\np, alice, /dataset1/resource1, POST\r\np, bob, /dataset2/resource1, *\r\np, bob, /dataset2/resource2, GET\r\np, bob, /dataset2/folder1/*, POST\r\np, dataset1_admin, /dataset1/*, *\r\np, *, /login, *\r\n\r\np, anonymous, /, GET\r\n\r\ng, cathy, dataset1_admin\r\n```\r\n\r\nDevelopment\r\n------------\r\n\r\n#### Run unit tests\r\n1. Fork/Clone repository\r\n2. Install flask-authz dependencies, and run `pytest`\r\n```python\r\npip install -r dev_requirements.txt\r\npip install -r requirements.txt\r\npytest\r\n```\r\n\r\n#### Setup pre-commit checks\r\n```python\r\npre-commit install\r\n```\r\n\r\n\r\n#### update requirements with pip-tools\r\n```bash\r\n# update requirements.txt\r\npip-compile --no-annotate --no-header --rebuild requirements.in\r\n# sync venv\r\npip-sync\r\n```\r\n\r\n#### Manually Bump Version\r\n```\r\nbumpversion major  # major release\r\nor\r\nbumpversion minor  # minor release\r\nor\r\nbumpversion patch  # hotfix release\r\n```\r\n\r\n## Documentation\r\n\r\nThe authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform what ``action`` on what ``object``. In this plugin, the meanings are:\r\n\r\n1. ``subject``: the logged-in user name\r\n2. ``object``: the URL path for the web resource like \"dataset1/item1\"\r\n3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like \"read-file\", \"write-blog\"\r\n\r\nFor how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).\r\n\r\n## Getting Help\r\n\r\n- [Casbin](https://casbin.org)\r\n\r\n## License\r\n\r\nThis project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.\r\n\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fofficialpycasbin%2Fflask-authz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fofficialpycasbin%2Fflask-authz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fofficialpycasbin%2Fflask-authz/lists"}