Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/officialpycasbin/flask-authz
Flask authorization middleware based on PyCasbin
https://github.com/officialpycasbin/flask-authz
abac acl auth authorization casbin flask middleware plugin py pycasbin python pythonweb rbac web
Last synced: about 11 hours ago
JSON representation
Flask authorization middleware based on PyCasbin
- Host: GitHub
- URL: https://github.com/officialpycasbin/flask-authz
- Owner: officialpycasbin
- License: apache-2.0
- Created: 2024-11-12T02:43:48.000Z (about 1 month ago)
- Default Branch: master
- Last Pushed: 2024-11-12T02:54:06.000Z (about 1 month ago)
- Last Synced: 2024-12-20T05:22:47.025Z (3 days ago)
- Topics: abac, acl, auth, authorization, casbin, flask, middleware, plugin, py, pycasbin, python, pythonweb, rbac, web
- Language: Python
- Homepage: https://github.com/casbin/pycasbin
- Size: 102 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# flask-authz
[![GitHub Action](https://github.com/officialpycasbin/flask-authz/workflows/build/badge.svg?branch=master)](https://github.com/officialpycasbin/flask-authz/actions)
[![Coverage Status](https://coveralls.io/repos/github/officialpycasbin/flask-authz/badge.svg)](https://coveralls.io/github/officialpycasbin/flask-authz)
[![Version](https://img.shields.io/pypi/v/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![PyPI - Wheel](https://img.shields.io/pypi/wheel/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Pyversions](https://img.shields.io/pypi/pyversions/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Download](https://img.shields.io/pypi/dm/flask-authz.svg)](https://pypi.org/project/flask-authz/)
[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord&label=discord&color=5865F2)](https://discord.gg/S5UjpzGZjN)flask-authz is an authorization middleware for [Flask](http://flask.pocoo.org/), it's based on [PyCasbin](https://github.com/casbin/pycasbin).
## Installation
```
pip install flask-authz
```
Or clone the repo:
```
$ git clone https://github.com/officialpycasbin/flask-authz.git
$ python setup.py install
```Module Usage:
```python
from flask import Flask
from flask_authz import CasbinEnforcer
from casbin.persist.adapters import FileAdapterapp = Flask(__name__)
# Set up Casbin model config
app.config['CASBIN_MODEL'] = 'casbinmodel.conf'
# Set headers where owner for enforcement policy should be located
app.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}
# Add User Audit Logging with user name associated to log
# i.e. `[2020-11-10 12:55:06,060] ERROR in casbin_enforcer: Unauthorized attempt: method: GET resource: /api/v1/item by user: [email protected]`
app.config['CASBIN_USER_NAME_HEADERS'] = {'X-User'}
# Set up Casbin Adapter
adapter = FileAdapter('rbac_policy.csv')
casbin_enforcer = CasbinEnforcer(app, adapter)@app.route('/', methods=['GET'])
@casbin_enforcer.enforcer
def get_root():
return jsonify({'message': 'If you see this you have access'})@app.route('/manager', methods=['POST'])
@casbin_enforcer.enforcer
@casbin_enforcer.manager
def make_casbin_change(manager):
# Manager is an casbin.enforcer.Enforcer object to make changes to Casbin
return jsonify({'message': 'If you see this you have access'})
```
Example Config
This example file can be found in `tests/casbin_files`
```ini
[request_definition]
r = sub, obj, act[policy_definition]
p = sub, obj, act[role_definition]
g = _, _[policy_effect]
e = some(where (p.eft == allow))[matchers]
m = (p.sub == "*" || g(r.sub, p.sub)) && r.obj == p.obj && (p.act == "*" || r.act == p.act)
```
Example Policy
This example file can be found in `tests/casbin_files`
```csv
p, alice, /dataset1/*, GET
p, alice, /dataset1/resource1, POST
p, bob, /dataset2/resource1, *
p, bob, /dataset2/resource2, GET
p, bob, /dataset2/folder1/*, POST
p, dataset1_admin, /dataset1/*, *
p, *, /login, *p, anonymous, /, GET
g, cathy, dataset1_admin
```Development
------------#### Run unit tests
1. Fork/Clone repository
2. Install flask-authz dependencies, and run `pytest`
```python
pip install -r dev_requirements.txt
pip install -r requirements.txt
pytest
```#### Setup pre-commit checks
```python
pre-commit install
```#### update requirements with pip-tools
```bash
# update requirements.txt
pip-compile --no-annotate --no-header --rebuild requirements.in
# sync venv
pip-sync
```#### Manually Bump Version
```
bumpversion major # major release
or
bumpversion minor # minor release
or
bumpversion patch # hotfix release
```## Documentation
The authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform what ``action`` on what ``object``. In this plugin, the meanings are:
1. ``subject``: the logged-in user name
2. ``object``: the URL path for the web resource like "dataset1/item1"
3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"For how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).
## Getting Help
- [Casbin](https://casbin.org)
## License
This project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.