Skip to main content

DStore Security using Access Control Lists

Project description

https://img.shields.io/coveralls/MarkLark/dstore-acl.svg https://img.shields.io/travis/MarkLark/dstore-acl/master.svg https://img.shields.io/pypi/v/dstore-acl.svg https://img.shields.io/pypi/pyversions/dstore-acl.svg

DStore-ACL is a Security Layer for DStore.

Installing

DStore-ACL is available from the PyPi repository.

This means that all you have to do to install DStore-ACL is run the following in a console:

$ pip install dstore-acl

Minimal Example

from dstore import MemoryStore, Model, var, mod
from dstore_acl import ACL, Role, UserRole, AccessDenied


class UserAccount( Model ):
    _namespace = "users.account"
    _vars = [
        var.RowID,
        var.String( "name", 32, mods = [ mod.NotNull() ])
    ]
    _acl_rules = dict(
        add_own       = dict( default = True ),
        add_others    = dict( default = True ),
        read_own      = dict( allow = [ "admin", "member" ] ),
        read_others   = dict( allow = [ "admin" ] ),
        update_own    = dict( allow = [ "admin", "member" ] ),
        delete_own    = dict( allow = [ "admin" ] ),
        delete_others = dict( allow = [ "admin" ] ),
        empty         = dict( allow = [ "admin" ])
    )


class Car( Model ):
    _namespace = "cars.make"
    _vars = [
        var.RowID,
        var.String( "manufacturer", 32, mods = [ mod.NotNull() ] ),
        var.String( "make", 32, mods = [ mod.NotNull() ] ),
        var.Number( "year", mods = [ mod.NotNull(), mod.Min( 1950 ), mod.Max( 2017 ) ] ),
    ]
    _acl_rules = dict(
        add    = dict( allow = [ "admin" ]),
        read   = dict( default = True ),
        update = dict( allow = [ "admin" ]),
        delete = dict( allow = [ "admin" ]),
        empty  = dict( allow = [ "admin" ])
    )

users = {}
current_user = "admin"

# Create the MemoryStore instance, and add Models to it
store = MemoryStore( [ Car ] )

acl = ACL(
    data_store = store,
    get_user   = get_user,
    user_model = UserAccount
)

store.init_app()
store.connect()
store.create_all()

# Create the user accounts
for name in [ "admin", "member" ]:
    users[ name ] = UserAccount( name = name ).add()
    role = Role.filter( name = name )[0]
    UserRole( user_id = users[ name ].id, acl_role_id = role.id ).add()

# Admin can add new cars
Car( manufacturer = "Holden", make = "Commodore", year = 2009 ).add()

# Member cannot add new cars
current_user = "member"
try:
    Car( manufacturer = "Holden", make = "Commodore", year = 2010 ).add()
except AccessDenied:
    pass

# Destroy all instances and shut down the application
store.destroy_all()
store.disconnect()
store.destroy_app()

def get_user():
    return users[ current_user ]

Documentation: ReadTheDocs

Source Code: GitHub

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for DStore-ACL, version 0.1.1
Filename, size File type Python version Upload date Hashes
Filename, size DStore_ACL-0.1.1-py2.py3-none-any.whl (10.9 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size DStore-ACL-0.1.1.tar.gz (6.1 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page