Skip to main content

A micro authorization system

Project description

# clustaar.authorize

[![Build Status](](
[![Code Climate](](

## Description

A micro authorization system.

Definition of the access rules is up to you as it's too much specific of a project.

It can be used with **Falcon**, just use the `@authorize` decorator and be sure to provide an `ability` property on the request context.

## Examples
### Usage
#### Creating authorizations

from clustaar.authorize import Action, Ability, Authorizations
from clustaar.authorize.rules import ALLOW, DENY, AccessRule
from clustaar.authorize.conditions import Condition

create_action = Action(name="create_project")
view_action = Action(name="view_project")

class KwargEquals(Condition):
"""This conditions validate that a kwarg value equals a expected one."""
def __init__(self, name, expected):
self._name = name
self._expected = expected

def __call__(self, context):
return context.get(self._name) == self._expected

class AdminAuthorizations(Authorizations):
def __init__(self):
# Admins can do whatever they want

class UserAuthorizations(Authorizations):
def __init__(self):
rules = {
create_action: DENY,
view_action: AccessRule(condition=KwargEquals("id", "1"))

user_ability = Ability(UserAuthorizations())
admin_ability = Ability(AdminAuthorizations())

#### Using authorizations

admin_ability.can(view_action, id="1") # => True
admin_ability.can(create_action) # => True
admin_ability.authorize(view_action, id=1) # => No exception raised
admin_ability.authorize(create_action) # => No exception raised

user_ability.can(view_action, id="1") # => True
user_ability.can(view_action, id="2") # => False
user_ability.can(create_action) # => False
user_ability.authorize(view_action, id="1") # => No exception raised
user_ability.authorize(create_action) # => Raises an Exception : Access denied for create_project ({})

#### Falcon

import falcon
from clustaar.authorize.falcon import authorize

class AbilityInjectionMiddleware(object):
Set the `ability` property from the request context.
It choses the right ability depending on the user roles (if admin ability
will be an AdminAbility, etc.)
def process_request(self, request, *args):
# another middleware has injected current user in context
user = request.context.user
if user.has_role("admin"):
authorizations = AdminAuthorizations()
authorizations = UserAuthorizations(user)
request.context.ability = Ability(authorizations)

class ProjectsHandler(object):
def on_post(self, request, response):

class ProjectHandler(object):
def on_get(self, request, response, id):

app = falcon.API(middlewares=(AbilityInjectionMiddleware(),))
app.add_route("/projects", ProjectsHandler())
app.add_route("/projects/{id}", ProjectHandler())

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for clustaar.authorize, version 0.2.0
Filename, size File type Python version Upload date Hashes
Filename, size clustaar.authorize-0.2.0.tar.gz (15.2 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page