跳转到主要内容

支持Django中ACL、RBAC、ABAC等访问控制模型的自授权库

项目描述

Django Authorization

tests Coverage Status Version Download Discord

Django-authorization是一个Django框架的自授权库。

基于CasbinDjango-casbin(中间件,此插件轻量级),支持ACL、RBAC、ABAC等访问控制模型的自授权库。

image

安装和配置

pip install django-authorization

我们建议您首先配置策略的持久化存储适配器,例如

django-orm-adapter,将其集成到项目中后,继续配置django-authrization

# 1. Add the app to INSTALLED_APPS
INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "dauthz.apps.DauthzConfig",	# add this app to INSTALLED_APPS
]

# 2. Add configure of dauthz
DAUTHZ = {
    # DEFAULT Dauthz enforcer
    "DEFAULT": {
        # Casbin model setting.
        "MODEL": {
            # Available Settings: "file", "text"
            "CONFIG_TYPE": "file",
            "CONFIG_FILE_PATH": Path(__file__).parent.joinpath("dauthz-model.conf"),
            "CONFIG_TEXT": "",
        },
        # Casbin adapter .
        "ADAPTER": {
            "NAME": "casbin_adapter.adapter.Adapter",
            # 'OPTION_1': '',
        },
        "LOG": {
            # Changes whether Dauthz will log messages to the Logger.
            "ENABLED": False,
        },
    },
}

为了更好地说明django-authorization的配置方法,我们基于django-authorization创建了一个django应用,您可以在django-authorization-example中查看

用法

一些重要概念

例如 .conf 文件、策略、子、对象、动作,请参考casbin网站

中间件用法

# Install middleware for django-authorization as required
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "dauthz.middlewares.request_middleware.RequestMiddleware",	# add the middleware 
]

您可以通过API自由设置中间件中的casbin执行器:set_enforcer_for_request_middleware(enforcer_name)和set_enforcer_for_enforcer_middleware(enforcer_name)

装饰器用法

请求装饰器将检查用户、路径、方法的授权状态

# use request decorator
@request_decorator
def some_view(request):
    return HttpResponse("Hello World")

执行器装饰器将检查用户、对象、编辑的授权状态。例如

# use enforcer decorator
# sub: user in request obj: "artical" act: "edit"
@enforcer_decorator("artical", "edit")
def some_view(request):
    return HttpResponse("Hello World")

命令行用法

命令行操作允许您直接在执行器的数据库上操作。有三组命令可用:策略命令、组命令和角色命令。

Add/Get policy, usage: 
python manage.py policy [opt: --enforcer=<enforcer_name>] add <sub> <obj> <act>
python manage.py policy [opt: --enforcer=<enforcer_name>] get <sub> <obj> <act>

Add/Get role to user, usage: 
python manage.py role [opt: --enforcer=<enforcer_name>] add <user> <role>
python manage.py role [opt: --enforcer=<enforcer_name>] get <user>

Add/Get group policy, usage:
python manage.py group [opt: --enforcer=<enforcer_name>] add <user> <role> [opt:<domain>]
python manage.py group [opt: --enforcer=<enforcer_name>] get <user> <role> [opt:<domain>]

后端使用

您可以将Pycasbin与Django认证系统集成。有关更多信息,请参阅tests/test_backend.py。要启用后端,您需要在settings.py中指定它。

AUTHENTICATION_BACKENDS = [
    "dauthz.backends.CasbinBackend",
    "django.contrib.auth.backends.ModelBackend", 
    ]

请注意,由于Django权限系统的机制,您仍然需要使用pycasbin的add_policy()为具有权限的用户添加权限。

许可证

本项目采用Apache 2.0许可

由以下机构支持

AWS AWS 云计算和安全赞助商 Datadog Datadog 监控 Fastly Fastly CDN Google Google 下载分析 Microsoft Microsoft PSF 赞助商 Pingdom Pingdom 监控 Sentry Sentry 错误日志 StatusPage StatusPage 状态页面