https://github.com/pycasbin/tornado-authz

Use Casbin in Tornado, Casbin is a powerful and efficient open-source access control library.
https://github.com/pycasbin/tornado-authz

abac acl auth authorization casbin middleware py pycasbin python rbac tornado

Last synced: 4 months ago
JSON representation

Use Casbin in Tornado, Casbin is a powerful and efficient open-source access control library.

• Host: GitHub
• URL: https://github.com/pycasbin/tornado-authz
• Owner: pycasbin
• License: apache-2.0
• Created: 2024-04-26T01:55:07.000Z (about 1 year ago)
• Default Branch: master
• Last Pushed: 2024-05-11T16:13:45.000Z (about 1 year ago)
• Last Synced: 2025-03-01T21:42:09.245Z (5 months ago)
• Topics: abac, acl, auth, authorization, casbin, middleware, py, pycasbin, python, rbac, tornado
• Language: Python
• Homepage: https://github.com/casbin/pycasbin
• Size: 9.77 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# tornado-authz

[![Discord](https://img.shields.io/discord/1022748306096537660?logo=discord&label=discord&color=5865F2)](https://discord.gg/S5UjpzGZjN)

## Installation

Clone this repo

```bash

git clone https://github.com/pycasbin/tornado-authz

```

## Simple Example

```python

import asyncio

import tornado

from casbin import Enforcer

from tornado_authz import CasbinMiddleware

# Create a CasbinMiddleware instance with the enforcer

enforcer = Enforcer("../examples/authz_model.conf", "../examples/authz_policy.csv")

middleware = CasbinMiddleware(enforcer)

class BaseHandler(tornado.web.RequestHandler):

    def get_current_user(self):

        user = None

        if self.get_secure_cookie("user"):

            user = self.get_secure_cookie("user").decode('utf-8')

        return user

    def prepare(self):

        # Check the permission for the current request

        middleware(self)

class MainHandler(BaseHandler):

    def get(self):

        self.write("Main Page")

class LoginHandler(BaseHandler):

    def get(self):

        self.write(''

                   'Name: '

                   ''

                   '')

    def post(self):

        self.set_secure_cookie("user", self.get_argument("name"))

        self.redirect("/dataset1/")

class DatasetHandler(BaseHandler):

    def get(self):

        self.write("You must be alice to see this.")

def make_app():

    return tornado.web.Application([

        (r"/", MainHandler),

        (r"/login", LoginHandler),

        (r"/dataset1/.*", DatasetHandler),

    ], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")

async def main():

    app = make_app()

    app.listen(8888)

    await asyncio.Event().wait()

if __name__ == "__main__":

    asyncio.run(main())

```

## Documentation

The authorization determines a request based on ``{subject, object, action}``, which means what ``subject`` can perform

what ``action`` on what ``object``. In this plugin, the meanings are:

1. ``subject``: the logged-in username

2. ``object``: the URL path for the web resource like `dataset1/item1`

3. ``action``: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to [the Casbin's documentation](https://casbin.org).

## Getting Help

- [Casbin](https://casbin.org)

## License

This project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.