Skip to main content

Impose authorization requirements on Flask routes

Project description


Are your permissions making too much noise all the time? Are your permissions stomping all over your actual code? Are your permission decorators clawing at your line count all the time? Think there’s no answer? There is! Flask-Allows.

Flask-Allows is an authorization tool for Flask inspired by django-rest-framework’s permissioning system and rest_condition’s ability to compose simple requirements into more complex ones.


Flask-Allows is available on pypi and installable with:

pip install flask-allows

Flask Allows supports 2.7, and 3.4+. Support for 3.3 was ended in the version 0.3 release.


If you are installing flask-allows outside of a virtual environment, consider installing it with pip install --user flask-allows rather than using sudo or adminstrator privileges to avoid installing it into your system Python.

More Information

Change Log

Version 0.7.1 (2018-10-03)

  • Added requirement name to deprecation message to make tracking down user-only requirements warnings easier.

Version 0.7 (2018-09-03)

  • Added flask_allows.view.guard_entire and flask_allows.views.exempt_from_requirements to make protecting entire blueprints easier.
  • Added __all__ export markers to flask_allows modules to prevent accidental re-export of other symbols when using from flask_allows.module import *

Version 0.6 (2018-05-26)

  • Permission no longer needs an application context for construction but does require one for evaluation now.
  • Added a public helper that performs the complete fulfill and fail cycle. This cleans up the duplication between Allows.requires, requires and Permission.__enter__
  • Removed Permission.throw_type
  • Removed PermissionedView, PermissionedMethodView
  • Added ability to disable requirements already registered on routes and inside handlers via the flask_allows.overrides.OverrideManager class
  • Added ability to add more requirements to be run during checks on routes and other handlers via the flask_allows.additional.AdditionalManager class

Version 0.5.1 (2018-04-22)

  • Added wants_request to ease transition to user only requirements

Version 0.5 (2018-04-17)

  • Real documentation
  • Accepting request in requirements is now deprecated, pending removal in 1.0
  • Promoted internal _allows context local to part of the public interface
  • Bug Fix: ConditionalRequirement returned False when no requirements were provided
    it now returns True and mimics the behavior of all better

Version 0.4 (2017-08-29)

  • Clarify deprecation message for PermissionedView, will be removed in 0.6
  • Deprecate Permission.throw_type for 0.6 removak
  • Add optional on_fail for allows.requires and requires decoration
  • Fix coverage path problem with local testing

Version 0.3.2 (2017-08-29)

  • Fix package data not being included

Version 0.3.1 (2017-08-20)

  • Fix error that prevent sdist builds on 2.7

Version 0.3 (2017-08-20)

  • Drop official support for Python 3.3
  • Deprecate implicit decoration on class based views via the requirements attribute

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for flask-allows, version 0.7.1
Filename, size File type Python version Upload date Hashes
Filename, size flask_allows-0.7.1-py2.py3-none-any.whl (16.7 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size flask-allows-0.7.1.tar.gz (14.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page