An authorization library that supports access control models like ACL, RBAC, ABAC in Django

These details have not been verified by PyPI

Project links

Home-page

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

Django Authorization

Django-authorization is an authorization library for Django framework.

Based on Casbin and Django-casbin (middleware, light weight of this plugin), an authorization library that that supports access control models like ACL, RBAC, ABAC.

Django Authorization

Installation and Configure

pip install django-authorization

We recommend that you first configure the adapter for persistent storage of the policy, such as:

django-orm-adapter, After integrating it into the project continue with the configuration of django-authrization

# 1. Add the app to INSTALLED_APPS
INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "dauthz.apps.DauthzConfig",	# add this app to INSTALLED_APPS
]

# 2. Add configure of dauthz
DAUTHZ = {
    # DEFAULT Dauthz enforcer
    "DEFAULT": {
        # Casbin model setting.
        "MODEL": {
            # Available Settings: "file", "text"
            "CONFIG_TYPE": "file",
            "CONFIG_FILE_PATH": Path(__file__).parent.joinpath("dauthz-model.conf"),
            "CONFIG_TEXT": "",
        },
        # Casbin adapter .
        "ADAPTER": {
            "NAME": "casbin_adapter.adapter.Adapter",
            # 'OPTION_1': '',
        },
        "LOG": {
            # Changes whether Dauthz will log messages to the Logger.
            "ENABLED": False,
        },
    },
}

to better prompt the configure method of django-authorization, we made a django-app based on django-authorization, you can see it in django-authorization-example

Usage

Some Important Concepts:

such as .conf file, policy, sub, obj, act, please refer to the casbin website

Middleware Usage

# Install middleware for django-authorization as required
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "dauthz.middlewares.request_middleware.RequestMiddleware",	# add the middleware 
]

You can freely set the casbin enforcer for the middleware via API: set_enforcer_for_request_middleware(enforcer_name) and set_enforcer_for_enforcer_middleware(enforcer_name)

Decorator Usage

Request decorator will check the authorization status of user, path, method

# use request decorator
@request_decorator
def some_view(request):
    return HttpResponse("Hello World")

Enforcer decorator will check the authorization status of user, obj, edit. example:

# use enforcer decorator
# sub: user in request obj: "artical" act: "edit"
@enforcer_decorator("artical", "edit")
def some_view(request):
    return HttpResponse("Hello World")

Command Line Usage

The command line operation allows you to operate directly on the enforcer's database. Three sets of commands are available: policy commands, group commands and role commands.

Add/Get policy, usage: 
python manage.py policy [opt: --enforcer=<enforcer_name>] add <sub> <obj> <act>
python manage.py policy [opt: --enforcer=<enforcer_name>] get <sub> <obj> <act>

Add/Get role to user, usage: 
python manage.py role [opt: --enforcer=<enforcer_name>] add <user> <role>
python manage.py role [opt: --enforcer=<enforcer_name>] get <user>

Add/Get group policy, usage:
python manage.py group [opt: --enforcer=<enforcer_name>] add <user> <role> [opt:<domain>]
python manage.py group [opt: --enforcer=<enforcer_name>] get <user> <role> [opt:<domain>]

Backend Usage

You can integrate Pycasbin with Django authentication system. For more usage, you can refer to tests/test_backend.py. To enable the backend, you need to specify it in settings.py.

AUTHENTICATION_BACKENDS = [
    "dauthz.backends.CasbinBackend",
    "django.contrib.auth.backends.ModelBackend", 
    ]

Note that you still need to add permissions for users with pycasbin add_policy() due to the mechanism of the django permission system.

License

This project is licensed under the Apache 2.0 license.

Project details

These details have not been verified by PyPI

Project links

Home-page

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

1.4.0

Apr 24, 2024

1.3.0

Apr 24, 2024

1.2.1

Oct 28, 2023

1.2.0

Aug 20, 2023

1.1.0

Aug 17, 2023

1.0.3

Aug 6, 2023

1.0.2

Jul 8, 2023

1.0.1

Sep 8, 2022

1.0.0

Sep 5, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_authorization-1.4.0.tar.gz (370.6 kB view hashes)

Uploaded Apr 24, 2024 Source

Built Distribution

django_authorization-1.4.0-py3-none-any.whl (406.0 kB view hashes)

Uploaded Apr 24, 2024 Python 3

Hashes for django_authorization-1.4.0.tar.gz

Hashes for django_authorization-1.4.0.tar.gz
Algorithm	Hash digest
SHA256	`7ab9bf0ac908d27ea9365fbc2151f013fe70497253df411a35902bb3f48ba551`
MD5	`eab49d5faa35191cb13ab66762e275d2`
BLAKE2b-256	`054ff57283c370748bf3a2602aeb3a3b8d26bad2083c20be41f10eb3ce6f4274`

Hashes for django_authorization-1.4.0-py3-none-any.whl

Hashes for django_authorization-1.4.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`c1f1ff481d7b88306948e63ee79cc4257b82ab57ff5c5c1cc9c48f58112ad814`
MD5	`dc633cd2e0a6c8c87c57337529928243`
BLAKE2b-256	`b25d36a5070aef2e5848ed2c308467c98767f5b9e883220b2998130997786fd6`