基于Casbin的Flask授权中间件,支持ACL、RBAC、ABAC

导航

验证详情

这些详细信息已由PyPI验证
维护者
Avatar for casbin from gravatar.com casbin Avatar for dfresh613 from gravatar.com dfresh613 Avatar for hsluoyz from gravatar.com hsluoyz Avatar for jessecooper from gravatar.com jessecooper Avatar for sciencelogic from gravatar.com sciencelogic

未验证详情

这些详细信息尚未由PyPI验证
项目链接
元数据
  • 许可证: Apache软件许可证 (Apache 2.0)
  • 作者: ['Yang Luo', 'Sciencelogic']
  • 标签 flask, pycasbin, casbin, auth, authz, acl, rbac, abac, 访问控制, 授权, 权限
  • 要求: Python >=3.5
分类器

项目描述

flask-authz

GitHub Action Coverage Status Version PyPI - Wheel Pyversions Download Discord

flask-authz 是 Flask 的授权中间件,它基于 PyCasbin

安装

pip install flask-authz

或者克隆仓库

$ git clone https://github.com/pycasbin/flask-authz.git
$ python setup.py install

模块使用

from flask import Flask
from flask_authz import CasbinEnforcer
from casbin.persist.adapters import FileAdapter

app = Flask(__name__)
# Set up Casbin model config
app.config['CASBIN_MODEL'] = 'casbinmodel.conf'
# Set headers where owner for enforcement policy should be located
app.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}
# Add User Audit Logging with user name associated to log
# i.e. `[2020-11-10 12:55:06,060] ERROR in casbin_enforcer: Unauthorized attempt: method: GET resource: /api/v1/item by user: janedoe@example.com`
app.config['CASBIN_USER_NAME_HEADERS'] = {'X-User'}
# Set up Casbin Adapter
adapter = FileAdapter('rbac_policy.csv')
casbin_enforcer = CasbinEnforcer(app, adapter)

@app.route('/', methods=['GET'])
@casbin_enforcer.enforcer
def get_root():
    return jsonify({'message': 'If you see this you have access'})

@app.route('/manager', methods=['POST'])
@casbin_enforcer.enforcer
@casbin_enforcer.manager
def make_casbin_change(manager):
    # Manager is an casbin.enforcer.Enforcer object to make changes to Casbin
    return jsonify({'message': 'If you see this you have access'})

示例配置 此示例文件可在 tests/casbin_files 中找到

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = (p.sub == "*" || g(r.sub, p.sub)) && r.obj == p.obj && (p.act == "*" || r.act == p.act)

示例策略 此示例文件可在 tests/casbin_files 中找到

p, alice, /dataset1/*, GET
p, alice, /dataset1/resource1, POST
p, bob, /dataset2/resource1, *
p, bob, /dataset2/resource2, GET
p, bob, /dataset2/folder1/*, POST
p, dataset1_admin, /dataset1/*, *
p, *, /login, *

p, anonymous, /, GET

g, cathy, dataset1_admin

开发

运行单元测试

  1. 分支/克隆仓库
  2. 安装 flask-authz 依赖,并运行 pytest
pip install -r dev_requirements.txt
pip install -r requirements.txt
pytest

设置 pre-commit 检查

pre-commit install

使用 pip-tools 更新 requirements

# update requirements.txt
pip-compile --no-annotate --no-header --rebuild requirements.in
# sync venv
pip-sync

手动升级版本

bumpversion major  # major release
or
bumpversion minor  # minor release
or
bumpversion patch  # hotfix release

文档

授权根据 {subject, object, action} 来确定请求,这意味着 subject 可以对 object 执行什么 action。在这个插件中,意义如下

  1. subject: 登录用户名
  2. object: 网络资源的 URL 路径,如 "dataset1/item1"
  3. action: HTTP 方法,如 GET、POST、PUT、DELETE,或者您定义的高级操作,如 "read-file"、"write-blog"

有关如何编写授权策略和其他详细信息的说明,请参阅 Casbin 的文档

获取帮助

许可证

本项目采用 Apache 2.0 许可协议。请参阅 LICENSE 文件以获取完整的许可协议文本。

项目详情

验证详情

这些详细信息已由PyPI验证
维护者
Avatar for casbin from gravatar.com casbin Avatar for dfresh613 from gravatar.com dfresh613 Avatar for hsluoyz from gravatar.com hsluoyz Avatar for jessecooper from gravatar.com jessecooper Avatar for sciencelogic from gravatar.com sciencelogic

未验证详情

这些详细信息尚未由PyPI验证
项目链接
元数据
  • 许可证: Apache软件许可证 (Apache 2.0)
  • 作者: ['Yang Luo', 'Sciencelogic']
  • 标签 flask, pycasbin, casbin, auth, authz, acl, rbac, abac, 访问控制, 授权, 权限
  • 要求: Python >=3.5
分类器

发行历史 发行通知 | RSS 源

此版本

2.6.0

2.5.1

2.5.0

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.0.0

0.0.1

下载文件

下载适用于您平台的文件。如果您不确定要选择哪个,请了解更多关于 安装包 的信息。

源分布

flask-authz-2.6.0.tar.gz (13.7 kB 查看哈希)

上传时间

构建分布

flask_authz-2.6.0-py2.py3-none-any.whl (12.9 kB 查看哈希)

上传时间 Python 2 Python 3

支持者