Rule registry for django

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jpic from gravatar.com jpic Avatar for Serafeim.Papastefanos from gravatar.com Serafeim.Papastefanos

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: James Pic

Tags django, security, rules, acl, rbac

Classifiers

Project description

https://secure.travis-ci.org/yourlabs/django-rules-light.png?branch=master https://img.shields.io/pypi/dm/django-rules-light.svg https://img.shields.io/pypi/v/django-rules-light.svg

This is a simple alternative to django-rules. Its core difference is that it does not rely on models. Instead, it uses a registry which can be modified at runtime.

One of its goals is to enable developers of external apps to make rules, depend on it, while allowing a project to override rules.

Example your_app/rules_light_registry.py:

# Everybody can read a blog post (for now!):
rules_light.registry['blog.post.read'] = True

# Require authentication to create a blog post, using a shortcut:
rules_light.registry['blog.post.create'] = rules_light.is_authenticated

# But others shouldn't mess with my posts !
def is_staff_or_mine(user, rule, obj):
    return user.is_staff or obj.author == user

rules_light.registry['blog.post.update'] = is_staff_or_mine
rules_light.registry['blog.post.delete'] = is_staff_or_mine

Example your_app/views.py:

@rules_light.class_decorator
class PostDetailView(generic.DetailView):
    model = Post

@rules_light.class_decorator
class PostCreateView(generic.CreateView):
    model = Post

@rules_light.class_decorator
class PostUpdateView(generic.UpdateView):
    model = Post

@rules_light.class_decorator
class PostDeleteView(generic.DeleteView):
    model = Post

You might want to read the tutorial for more.

What’s the catch ?

The catch is that this approach does not offer any feature to get secure querysets.

This means you have to:

  • think about security when making querysets,

  • override eventual external app ListViews,

Requirements

  • Python 2.7+ (Python 3 supported)

  • Django 1.8+

Quick Install

  • Install module: pip install django-rules-light,

  • Add to settings.INSTALLED_APPS: rules_light,

  • Add in settings.MIDDLEWARE_CLASSES (or settings.MIDDLEWARE for Django 1.10+): rules_light.middleware.Middleware,

You might want to read the tutorial.

There is also a lot of documentation, from the core to the tools, including pointers to debug, log and test your security.

Contributing

Run tests with the tox command. Documented patches passing all tests have a better chance to get merged in. See community guidelines for details.

Resources

To ask questions or just get informed about package updates, you could subscribe to the mailing list.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jpic from gravatar.com jpic Avatar for Serafeim.Papastefanos from gravatar.com Serafeim.Papastefanos

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT)

Author: James Pic

Tags django, security, rules, acl, rbac

Classifiers

Release history Release notifications | RSS feed

This version

0.3.2

0.3.1

0.3.0

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.3

0.0.2

0.0.1

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-rules-light-0.3.2.tar.gz (18.0 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page