flask-allows 0.7.1

Impose authorization requirements on Flask routes

flask-allows

Are your permissions making too much noise all the time? Are your permissions stomping all over your actual code? Are your permission decorators clawing at your line count all the time? Think there’s no answer? There is! Flask-Allows.

Flask-Allows is an authorization tool for Flask inspired by django-rest-framework’s permissioning system and rest_condition’s ability to compose simple requirements into more complex ones.

Installation

Flask-Allows is available on pypi and installable with:

pip install flask-allows

Flask Allows supports 2.7, and 3.4+. Support for 3.3 was ended in the version 0.3 release.

Note

If you are installing flask-allows outside of a virtual environment, consider installing it with pip install --user flask-allows rather than using sudo or adminstrator privileges to avoid installing it into your system Python.

More Information

• For more information, please visit the documentation.

• Found a bug, have a question, or want to request a feature? Here is our issue tracker.

• Need the source code? Here is the repository

Change Log

Version 0.7.1 (2018-10-03)

• Added requirement name to deprecation message to make tracking down user-only requirements warnings easier.

Version 0.7 (2018-09-03)

• Added flask_allows.view.guard_entire and flask_allows.views.exempt_from_requirements to make protecting entire blueprints easier.

• Added __all__ export markers to flask_allows modules to prevent accidental re-export of other symbols when using from flask_allows.module import *

Version 0.6 (2018-05-26)

• Permission no longer needs an application context for construction but does require one for evaluation now.

• Added Allows.run a public helper that performs the complete fulfill and fail cycle. This cleans up the duplication between Allows.requires, requires and Permission.__enter__

• Removed Permission.throw_type

• Removed PermissionedView, PermissionedMethodView

• Added ability to disable requirements already registered on routes and inside handlers via the flask_allows.overrides.OverrideManager class

• Added ability to add more requirements to be run during checks on routes and other handlers via the flask_allows.additional.AdditionalManager class

Version 0.5.1 (2018-04-22)

• Added wants_request to ease transition to user only requirements

Version 0.5 (2018-04-17)

• Real documentation

• Accepting request in requirements is now deprecated, pending removal in 1.0

• Promoted internal _allows context local to part of the public interface

• Bug Fix: ConditionalRequirement returned False when no requirements were provided

  it now returns True and mimics the behavior of all better

Version 0.4 (2017-08-29)

• Clarify deprecation message for PermissionedView, will be removed in 0.6

• Deprecate Permission.throw_type for 0.6 removak

• Add optional on_fail for allows.requires and requires decoration

• Fix coverage path problem with local testing

Version 0.3.2 (2017-08-29)

• Fix package data not being included

Version 0.3.1 (2017-08-20)

• Fix error that prevent sdist builds on 2.7

Version 0.3 (2017-08-20)

• Drop official support for Python 3.3

• Deprecate implicit decoration on class based views via the requirements attribute