{"id":13625584,"url":"https://github.com/pycasbin/django-casbin","last_synced_at":"2025-08-21T10:08:37.663Z","repository":{"id":34246731,"uuid":"165791345","full_name":"pycasbin/django-casbin","owner":"pycasbin","description":"Authorization middleware for Django based on PyCasbin","archived":false,"fork":false,"pushed_at":"2023-09-05T02:30:20.000Z","size":20,"stargazers_count":98,"open_issues_count":0,"forks_count":15,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-08T14:42:58.742Z","etag":null,"topics":["abac","acl","authorization","casbin","django","django-auth","django-middleware","middleware","permission","pycasbin","python","rbac"],"latest_commit_sha":null,"homepage":"https://github.com/casbin/pycasbin","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pycasbin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-15T05:34:09.000Z","updated_at":"2024-10-05T15:09:41.000Z","dependencies_parsed_at":"2024-01-14T07:18:59.835Z","dependency_job_id":null,"html_url":"https://github.com/pycasbin/django-casbin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fdjango-casbin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fdjango-casbin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fdjango-casbin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pycasbin%2Fdjango-casbin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pycasbin","download_url":"https://codeload.github.com/pycasbin/django-casbin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229740051,"owners_count":18116882,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["abac","acl","authorization","casbin","django","django-auth","django-middleware","middleware","permission","pycasbin","python","rbac"],"created_at":"2024-08-01T21:01:57.974Z","updated_at":"2024-12-14T18:29:01.486Z","avatar_url":"https://github.com/pycasbin.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# django-casbin\r\n\r\n[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord\u0026label=discord\u0026color=5865F2)](https://discord.gg/S5UjpzGZjN)\r\n\r\n**News**: 🔥🔥🔥 How to use it with `Django` ? Try [Django Authorization \u003e\u003e\u003e](https://github.com/pycasbin/django-authorization), an authorization library for `Django` framework.\r\n\r\ndjango-casbin is an authorization middleware for [Django](https://www.djangoproject.com/), it's based on [PyCasbin](https://github.com/casbin/pycasbin).\r\n\r\n## Installation\r\n\r\n```\r\npip install casbin\r\n```\r\n\r\n## Simple Example\r\n\r\nThis repo is just a working Django app that shows the usage of django-casbin. To use it in your existing Django app, you need:\r\n\r\n- Add the middleware to your Django app's ``settings.py``:\r\n\r\n```python\r\nMIDDLEWARE = [\r\n    'django.middleware.security.SecurityMiddleware',\r\n    'django.contrib.sessions.middleware.SessionMiddleware',\r\n    'django.middleware.common.CommonMiddleware',\r\n    'django.middleware.csrf.CsrfViewMiddleware',\r\n    'django.contrib.auth.middleware.AuthenticationMiddleware',\r\n    'django.contrib.messages.middleware.MessageMiddleware',\r\n    'django.middleware.clickjacking.XFrameOptionsMiddleware',\r\n    'casbin_middleware.middleware.CasbinMiddleware', # Add this line, must after AuthenticationMiddleware.\r\n]\r\n```\r\n\r\n- Copy ``casbin_middleware`` folder to your Django's top folder, modify ``casbin_middleware/middleware.py`` if you need:\r\n\r\n```python\r\nimport casbin\r\n\r\ndef __init__(self, get_response):\r\n    self.get_response = get_response\r\n    # load the casbin model and policy from files.\r\n    # change the 2nd arg to use a database.\r\n    self.enforcer = casbin.Enforcer(\"casbin_middleware/authz_model.conf\", \"casbin_middleware/authz_policy.csv\")\r\n\r\ndef check_permission(self, request):\r\n    # change the user, path, method as you need.\r\n    user = request.user.username\r\n    if request.user.is_anonymous:\r\n        user = 'anonymous'\r\n    path = request.path\r\n    method = request.method\r\n    return self.enforcer.enforce(user, path, method)\r\n```\r\n\r\n- The default policy ``authz_policy.csv`` is:\r\n\r\n```csv\r\np, anonymous, /, GET\r\np, admin, *, *\r\ng, alice, admin\r\n```\r\n\r\nIt means ``anonymous`` user can only access homepage ``/``. Admin users like alice can access any pages. Currently all accesses are regarded as ``anonymous``. Add your authentication to let a user log in.\r\n\r\n## Documentation\r\n\r\nThe authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform what ``action`` on what ``object``. In this plugin, the meanings are:\r\n\r\n1. ``subject``: the logged-in user name\r\n2. ``object``: the URL path for the web resource like \"dataset1/item1\"\r\n3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like \"read-file\", \"write-blog\"\r\n\r\nFor how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).\r\n\r\n## Getting Help\r\n\r\n- [Casbin](https://casbin.org)\r\n\r\n## License\r\n\r\nThis project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycasbin%2Fdjango-casbin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpycasbin%2Fdjango-casbin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpycasbin%2Fdjango-casbin/lists"}