Skip to main content

An authorization library that supports access control models like ACL, RBAC, ABAC in Django

Project description

Django Authorization

English | 中文

Django-authorization is an authorization library for Django framework.

tests Coverage Status Version Download Discord

Based on Casbin and Django-casbin (middleware, light weight of this plugin), an authorization library that that supports access control models like ACL, RBAC, ABAC.

image

Installation and Configure

pip install django-authorization

We recommend that you first configure the adapter for persistent storage of the policy, such as:

django-orm-adapter, After integrating it into the project continue with the configuration of django-authrization

# 1. Add the app to INSTALLED_APPS
INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "dauthz.apps.DauthzConfig",	# add this app to INSTALLED_APPS
]

# 2. Add configure of dauthz
DAUTHZ = {
    # DEFAULT Dauthz enforcer
    "DEFAULT": {
        # Casbin model setting.
        "MODEL": {
            # Available Settings: "file", "text"
            "CONFIG_TYPE": "file",
            "CONFIG_FILE_PATH": Path(__file__).parent.joinpath("dauthz-model.conf"),
            "CONFIG_TEXT": "",
        },
        # Casbin adapter .
        "ADAPTER": {
            "NAME": "casbin_adapter.adapter.Adapter",
            # 'OPTION_1': '',
        },
        "LOG": {
            # Changes whether Dauthz will log messages to the Logger.
            "ENABLED": False,
        },
    },
}

to better prompt the configure method of django-authorization, we made a django-app based on django-authorization, you can see it in django-authorization-example

Usage

Some Important Concepts:

such as .conf file, policy, sub, obj, act, please refer to the casbin website

Middleware Usage

# Install middleware for django-authorization as required
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "dauthz.middlewares.request_middleware.RequestMiddleware",	# add the middleware 
]

You can freely set the casbin enforcer for the middleware via API: set_enforcer_for_request_middleware(enforcer_name) and set_enforcer_for_enforcer_middleware(enforcer_name)

Decorator Usage

Request decorator will check the authorization status of user, path, method

# use request decorator
@request_decorator
def some_view(request):
    return HttpResponse("Hello World")

Enforcer decorator will check the authorization status of user, obj, edit. example:

# use enforcer decorator
# sub: user in request obj: "artical" act: "edit"
@enforcer_decorator("artical", "edit")
def some_view(request):
    return HttpResponse("Hello World")

Command Line Usage

The command line operation allows you to operate directly on the enforcer's database. Three sets of commands are available: policy commands, group commands and role commands.

Add/Get policy, usage: 
python manage.py policy [opt: --enforcer=<enforcer_name>] add <sub> <obj> <act>
python manage.py policy [opt: --enforcer=<enforcer_name>] get <sub> <obj> <act>

Add/Get role to user, usage: 
python manage.py role [opt: --enforcer=<enforcer_name>] add <user> <role>
python manage.py role [opt: --enforcer=<enforcer_name>] get <user>

Add/Get group policy, usage:
python manage.py group [opt: --enforcer=<enforcer_name>] add <user> <role> [opt:<domain>]
python manage.py group [opt: --enforcer=<enforcer_name>] get <user> <role> [opt:<domain>]

Backend Usage

You can integrate Pycasbin with Django authentication system. For more usage, you can refer to tests/test_backend.py. To enable the backend, you need to specify it in settings.py.

AUTHENTICATION_BACKENDS = [
    "dauthz.backends.CasbinBackend",
    "django.contrib.auth.backends.ModelBackend", 
    ]

Note that you still need to add permissions for users with pycasbin add_policy() due to the mechanism of the django permission system.

License

This project is licensed under the Apache 2.0 license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-authorization-1.1.0.tar.gz (15.9 kB view details)

Uploaded Source

Built Distribution

django_authorization-1.1.0-py3-none-any.whl (19.1 kB view details)

Uploaded Python 3

File details

Details for the file django-authorization-1.1.0.tar.gz.

File metadata

  • Download URL: django-authorization-1.1.0.tar.gz
  • Upload date:
  • Size: 15.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.17

File hashes

Hashes for django-authorization-1.1.0.tar.gz
Algorithm Hash digest
SHA256 b05c872bc1cc3564cc3c51a75b370a3e23383bc3311c06ba6c56d2dba177f119
MD5 7b5add607a55562e09351b37f09314b1
BLAKE2b-256 38f0e5f448ba0b78687a16500db94a54479fd4d51205e7a5929a1b9075f05a89

See more details on using hashes here.

File details

Details for the file django_authorization-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for django_authorization-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 975bbbeb6af9f2b6a045549788320b51c3a4b318a96012ba4571655e4a818e7e
MD5 6a04f56c48a32ce97475672df876702a
BLAKE2b-256 731aeebaf61f42ad3af5a2d30997a0a2c8ad486f10662e66feeb6996293619b0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page