Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mara/mara-acl

Default ACL implementation for Mara
https://github.com/mara/mara-acl

acl backend flask mara python ui

Last synced: 3 days ago
JSON representation

Default ACL implementation for Mara

Host: GitHub
URL: https://github.com/mara/mara-acl
Owner: mara
License: mit
Created: 2017-03-10T23:52:51.000Z (over 7 years ago)
Default Branch: main
Last Pushed: 2023-11-21T15:22:37.000Z (11 months ago)
Last Synced: 2024-09-25T21:46:44.870Z (8 days ago)
Topics: acl, backend, flask, mara, python, ui
Language: Python
Size: 1.87 MB
Stars: 2
Watchers: 4
Forks: 3
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

# Mara ACL

[![mara-acl](https://github.com/mara/mara-acl/actions/workflows/build.yaml/badge.svg)](https://github.com/mara/mara-page/actions/workflows/build.yaml)
[![PyPI - License](https://img.shields.io/pypi/l/mara-acl.svg)](https://github.com/mara/mara-acl/blob/main/LICENSE)
[![PyPI version](https://badge.fury.io/py/mara-acl.svg)](https://badge.fury.io/py/mara-acl)
[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://communityinviter.com/apps/mara-users/public-invite)

Default ACL implementation for mara with the following design choices:

- Authentication of users is handled externally, e.g. through a [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy).
An upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
- Each user is assigned a single role.
- Permissions are not based on urls, but on application-defined "resources".
Thus, checking of permissions needs to be done in the application.

The ACL provides a single UI for both user and permission management.
Users can be added / removed and their roles can be changed like this:
![User management](https://github.com/mara/mara-acl/raw/main/docs/_static/users-and-roles.gif)

New roles are created by moving a user to a new role.

Permissions can be set for

- an individual user or a whole role,
- an individual resource, a group of resources or "All" resources.

Individual users inherit permissions from their role, and permissions on higher levels overwrite permissions on lower levels:
![User management](https://github.com/mara/mara-acl/raw/main/docs/_static/permissions.gif)

Each new user that is authenticated is automatically created
with a default role in the acl:
![User management](https://github.com/mara/mara-acl/raw/main/docs/_static/automatic-user-creation.png)

This behavior can be switched off (so that only invited users can join). See [config.py](https://github.com/mara/mara-acl/blob/main/mara_acl/config.py) for details.

Please have a look at the mara example application for how to integrate this ACL implementation.

## Links

* Documentation: https://mara-acl.readthedocs.io/
* Changes: https://mara-acl.readthedocs.io/en/stable/changes.html
* PyPI Releases: https://pypi.org/project/mara-acl/
* Source Code: https://github.com/mara/mara-acl
* Issue Tracker: https://github.com/mara/mara-acl/issues/