支持Django中ACL、RBAC、ABAC等访问控制模型的自授权库
项目描述
Django Authorization
Django-authorization是一个Django框架的自授权库。
基于Casbin和Django-casbin(中间件,此插件轻量级),支持ACL、RBAC、ABAC等访问控制模型的自授权库。
安装和配置
pip install django-authorization
我们建议您首先配置策略的持久化存储适配器,例如
django-orm-adapter,将其集成到项目中后,继续配置django-authrization
# 1. Add the app to INSTALLED_APPS
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"dauthz.apps.DauthzConfig", # add this app to INSTALLED_APPS
]
# 2. Add configure of dauthz
DAUTHZ = {
# DEFAULT Dauthz enforcer
"DEFAULT": {
# Casbin model setting.
"MODEL": {
# Available Settings: "file", "text"
"CONFIG_TYPE": "file",
"CONFIG_FILE_PATH": Path(__file__).parent.joinpath("dauthz-model.conf"),
"CONFIG_TEXT": "",
},
# Casbin adapter .
"ADAPTER": {
"NAME": "casbin_adapter.adapter.Adapter",
# 'OPTION_1': '',
},
"LOG": {
# Changes whether Dauthz will log messages to the Logger.
"ENABLED": False,
},
},
}
为了更好地说明django-authorization的配置方法,我们基于django-authorization创建了一个django应用,您可以在django-authorization-example中查看
用法
一些重要概念
例如 .conf 文件、策略、子、对象、动作,请参考casbin网站
中间件用法
# Install middleware for django-authorization as required
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
"django.middleware.csrf.CsrfViewMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"dauthz.middlewares.request_middleware.RequestMiddleware", # add the middleware
]
您可以通过API自由设置中间件中的casbin执行器:set_enforcer_for_request_middleware(enforcer_name)和set_enforcer_for_enforcer_middleware(enforcer_name)
装饰器用法
请求装饰器将检查用户、路径、方法的授权状态
# use request decorator
@request_decorator
def some_view(request):
return HttpResponse("Hello World")
执行器装饰器将检查用户、对象、编辑的授权状态。例如
# use enforcer decorator
# sub: user in request obj: "artical" act: "edit"
@enforcer_decorator("artical", "edit")
def some_view(request):
return HttpResponse("Hello World")
命令行用法
命令行操作允许您直接在执行器的数据库上操作。有三组命令可用:策略命令、组命令和角色命令。
Add/Get policy, usage:
python manage.py policy [opt: --enforcer=<enforcer_name>] add <sub> <obj> <act>
python manage.py policy [opt: --enforcer=<enforcer_name>] get <sub> <obj> <act>
Add/Get role to user, usage:
python manage.py role [opt: --enforcer=<enforcer_name>] add <user> <role>
python manage.py role [opt: --enforcer=<enforcer_name>] get <user>
Add/Get group policy, usage:
python manage.py group [opt: --enforcer=<enforcer_name>] add <user> <role> [opt:<domain>]
python manage.py group [opt: --enforcer=<enforcer_name>] get <user> <role> [opt:<domain>]
后端使用
您可以将Pycasbin与Django认证系统集成。有关更多信息,请参阅tests/test_backend.py。要启用后端,您需要在settings.py中指定它。
AUTHENTICATION_BACKENDS = [
"dauthz.backends.CasbinBackend",
"django.contrib.auth.backends.ModelBackend",
]
请注意,由于Django权限系统的机制,您仍然需要使用pycasbin的add_policy()为具有权限的用户添加权限。
许可证
本项目采用Apache 2.0许可。
关闭
django_authorization-1.4.0.tar.gz的哈希
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 7ab9bf0ac908d27ea9365fbc2151f013fe70497253df411a35902bb3f48ba551 |
|
| MD5 | eab49d5faa35191cb13ab66762e275d2 |
|
| BLAKE2b-256 | 054ff57283c370748bf3a2602aeb3a3b8d26bad2083c20be41f10eb3ce6f4274 |
关闭
django_authorization-1.4.0-py3-none-any.whl的哈希
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | c1f1ff481d7b88306948e63ee79cc4257b82ab57ff5c5c1cc9c48f58112ad814 |
|
| MD5 | dc633cd2e0a6c8c87c57337529928243 |
|
| BLAKE2b-256 | b25d36a5070aef2e5848ed2c308467c98767f5b9e883220b2998130997786fd6 |
