Skip to main content

A Flask extension which limits access to views.

Project description

Flask-Access CircleCI

Simple protection of Flask endpoints.

Integrates well with Flask-Login.

Protect endpoints

Here, the endpoint "/secret-code" requires a user to have "admin" rights:

@app.route("/secret-code")
@flask_access.require("admin")
def secret_code():
    return "1234"

You could have other requirements:

@flask_access.require("boss", 7, funny=True, bald=None)

Register a user loader

Flas-Access needs to associate the current request with a user that has permission or not. Flask-Access will look for the current user in app.config[flask_access.CURRENT_USER], here you can assign a function that returns the current user.

app.config[flask_access.CURRENT_USER] = my_current_user_func

The type of the returned user can be whatever you are using in your application to model users already, the only condition is that the user class implements a method has_access. If the user has no account return True to allow access. Anything other than True or an instance of a class implementing has_access will have access denied.

If you are also using Flask-Login you can simply apply the assignment below :clap:

app.config[flask_access.CURRENT_USER] = flask_login.current_user

User access logic

In short, implement has_access(self, rights) -> bool on your user class.

When a user attempts to access an endpoint, Flask-Access will load the current user object user and run user.has_access(rights), the rights that get passed in are the "boss", 7, funny=True, bald=None from above.

If a user doesn't have an has_access method, or the method doesn't return True, then access is denied :speak_no_evil:

Access denied handler

The default access denied handler calls flask.abort(403)

To set a custom access-denied handler:

app.config[flask_access.ABORT_FN] = my_custom_abort_func

Login required

If you are using flask_login.current_user as your user loader then flask_access.require implies flask_login.login_required, so no need to also specify the latter.

Why? Well, if a user is not logged-in, flask_login.current_user will return a flask_login.AnonymousUserMixin which does not have has_access implemented, hence no access for the user.

Example

An example with a primitive login/out system.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-access-0.1.2.1.tar.gz (3.4 kB view details)

Uploaded Source

Built Distribution

flask_access-0.1.2.1-py3-none-any.whl (4.8 kB view details)

Uploaded Python 3

File details

Details for the file flask-access-0.1.2.1.tar.gz.

File metadata

  • Download URL: flask-access-0.1.2.1.tar.gz
  • Upload date:
  • Size: 3.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.3

File hashes

Hashes for flask-access-0.1.2.1.tar.gz
Algorithm Hash digest
SHA256 b32ed7b1ed73f9313bef61f645f8a7c06448390ece65fa0137e4aeff3b7e6c85
MD5 258a7713ec11ea39a030fe18e7e4b1fe
BLAKE2b-256 a983ea6cb8d6e499da4c0e72f419029353e1d8cc84e53e445f0549ab6393b9ec

See more details on using hashes here.

File details

Details for the file flask_access-0.1.2.1-py3-none-any.whl.

File metadata

  • Download URL: flask_access-0.1.2.1-py3-none-any.whl
  • Upload date:
  • Size: 4.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/3.7.3

File hashes

Hashes for flask_access-0.1.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3bd82d9e1b32b80b6a1c1f7ca2cb32682aac8a1b4f93bf67291a92b280b0ce6b
MD5 4963d4dc81905cc1cca22e8aac822209
BLAKE2b-256 01ea34cba27dac32503d0292db5e2b6a080255a102feb21ddbd9527071414cf8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page