Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/yourlabs/django-rules-light

Maintenance only
https://github.com/yourlabs/django-rules-light

Last synced: about 1 month ago
JSON representation

Maintenance only

Host: GitHub
URL: https://github.com/yourlabs/django-rules-light
Owner: yourlabs
Created: 2012-11-24T16:52:49.000Z (over 11 years ago)
Default Branch: master
Last Pushed: 2024-04-17T04:50:36.000Z (2 months ago)
Last Synced: 2024-05-17T13:41:15.180Z (about 1 month ago)
Language: Python
Homepage: http://django-rules-light.rtfd.org
Size: 253 KB
Stars: 68
Watchers: 6
Forks: 9
Open Issues: 2
Metadata Files:
- Readme: README.rst
- Changelog: CHANGELOG

Lists

awesome-django-security - Django Rules Light - rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models. (Libs / Other)
awesome-django-security - Django Rules Light - rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models. (Libs / Other)
starred-awesome - django-rules-light - A fresh approach to security in Django. Conceptually, a simple rule registry dictionnary to manage callbacks. In addition, allows logging of malicious uses, provide a middleware, a class decorator, rule autodiscovery, templatetags, debug views ... and other features to make it enjoyable. Status: production / stable. (Python)

README

        .. image:: https://secure.travis-ci.org/yourlabs/django-rules-light.png?branch=master

    :target: http://travis-ci.org/yourlabs/django-rules-light

.. image:: https://img.shields.io/pypi/dm/django-rules-light.svg

    :target: https://crate.io/packages/django-rules-light

.. image:: https://img.shields.io/pypi/v/django-rules-light.svg   

    :target: https://crate.io/packages/django-rules-light

This is a simple alternative to django-rules. Its core difference is that

it does not rely on models. Instead, it uses a registry which can be

modified at runtime.

One of its goals is to enable developers of external apps to make rules,

depend on it, while allowing a project to override rules.

Example ``your_app/rules_light_registry.py``:

.. code-block:: python

    # Everybody can read a blog post (for now!):

    rules_light.registry['blog.post.read'] = True

    # Require authentication to create a blog post, using a shortcut:

    rules_light.registry['blog.post.create'] = rules_light.is_authenticated

    # But others shouldn't mess with my posts !

    def is_staff_or_mine(user, rule, obj):

        return user.is_staff or obj.author == user

    rules_light.registry['blog.post.update'] = is_staff_or_mine

    rules_light.registry['blog.post.delete'] = is_staff_or_mine

Example ``your_app/views.py``:

.. code-block:: python

    @rules_light.class_decorator

    class PostDetailView(generic.DetailView):

        model = Post

    @rules_light.class_decorator

    class PostCreateView(generic.CreateView):

        model = Post

    @rules_light.class_decorator

    class PostUpdateView(generic.UpdateView):

        model = Post

    @rules_light.class_decorator

    class PostDeleteView(generic.DeleteView):

        model = Post

You might want to read the `tutorial

`_ for

more.

What's the catch ?

------------------

The catch is that this approach does not offer any feature to get secure

querysets.

This means you have to:

- think about security when making querysets,

- `override

  `_

  eventual external app ListViews,

Requirements

------------

- Python 2.7+ (Python 3 supported)

- Django 1.8+

Quick Install

-------------

- Install module: ``pip install django-rules-light``,

- Add to ``settings.INSTALLED_APPS``: ``rules_light``,

- Add in ``settings.MIDDLEWARE_CLASSES`` (or ``settings.MIDDLEWARE`` for Django 1.10+): ``rules_light.middleware.Middleware``,

You might want to read the `tutorial

`_.

There is also a lot of documentation, from the core to the tools, including

pointers to debug, log and test your security.

Contributing

------------

Run tests with the `tox

`_ command. Documented patches passing all

tests have a better chance to get merged in. See `community guidelines

`_ for details.

Resources

---------

To ask questions or just get informed about package updates, you could

subscribe to the mailing list.

- `Mailing list graciously hosted

  `_ by `Google

  `_

- `Git graciously hosted

  `_ by `GitHub

  `_,

- `Documentation graciously hosted

  `_ by `RTFD

  `_,

- `Package graciously hosted

  `_ by `PyPi

  `_,

- `Continuous integration graciously hosted

  `_ by `Travis-ci

  `_