Skip to main content

Impose authorization requirements on Flask routes

Project description


Are your permissions making too much noise all the time? Are your permissions stomping all over your actual code? Are your permission decorators clawing at your line count all the time? Think there’s no answer? There is! Flask-Allows.

Flask-Allows is an authorization tool for Flask inspired by django-rest-framework’s permissioning system and rest_condition’s ability to compose simple requirements into more complex ones.


Flask-Allows is available on pypi and installable with:

pip install flask-allows

Flask Allows supports 2.7, and 3.4+. Support for 3.3 was ended in the version 0.3 release.

More Information

Change Log

Version 0.7.1 (2018-10-03)

  • Added requirement name to deprecation message to make tracking down user-only requirements warnings easier.

Version 0.7 (2018-09-03)

  • Added flask_allows.view.guard_entire and flask_allows.views.exempt_from_requirements to make protecting entire blueprints easier.

  • Added __all__ export markers to flask_allows modules to prevent accidental re-export of other symbols when using from flask_allows.module import *

Version 0.6 (2018-05-26)

  • Permission no longer needs an application context for construction but does require one for evaluation now.

  • Added a public helper that performs the complete fulfill and fail cycle. This cleans up the duplication between Allows.requires, requires and Permission.__enter__

  • Removed Permission.throw_type

  • Removed PermissionedView, PermissionedMethodView

  • Added ability to disable requirements already registered on routes and inside handlers via the flask_allows.overrides.OverrideManager class

  • Added ability to add more requirements to be run during checks on routes and other handlers via the flask_allows.additional.AdditionalManager class

Version 0.5.1 (2018-04-22)

  • Added wants_request to ease transition to user only requirements

Version 0.5 (2018-04-17)

  • Real documentation

  • Accepting request in requirements is now deprecated, pending removal in 1.0

  • Promoted internal _allows context local to part of the public interface

  • Bug Fix: ConditionalRequirement returned False when no requirements were provided

    it now returns True and mimics the behavior of all better

Version 0.4 (2017-08-29)

  • Clarify deprecation message for PermissionedView, will be removed in 0.6

  • Deprecate Permission.throw_type for 0.6 removak

  • Add optional on_fail for allows.requires and requires decoration

  • Fix coverage path problem with local testing

Version 0.3.2 (2017-08-29)

  • Fix package data not being included

Version 0.3.1 (2017-08-20)

  • Fix error that prevent sdist builds on 2.7

Version 0.3 (2017-08-20)

  • Drop official support for Python 3.3

  • Deprecate implicit decoration on class based views via the requirements attribute

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-allows-0.7.1.tar.gz (14.4 kB view hashes)

Uploaded Source

Built Distribution

flask_allows-0.7.1-py2.py3-none-any.whl (16.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page