An authorization middleware for Flask that supports ACL, RBAC, ABAC, based on Casbin
Project description
flask-authz
flask-authz is an authorization middleware for Flask, it's based on PyCasbin.
Installation
pip install flask-authz
Simple Example
This repo is just a working Flask app that shows the usage of flask-authz. To use it in your existing Flask app, you need:
from authz.middleware import CasbinMiddleware
import casbin
from flask import Flask
app = Flask(__name__)
# Initialize the Casbin enforcer, load the casbin model and policy from files.
# Change the 2nd arg to use a database.
enforcer = casbin.Enforcer("authz_model.conf", "authz_policy.csv")
app.wsgi_app = CasbinMiddleware(app.wsgi_app, enforcer)
@app.route("/")
def hello_world():
return "Hello World!"
if __name__ == '__main__':
app.run()
- The default policy
authz_policy.csvis:
p, anonymous, /, GET
p, admin, *, *
g, alice, admin
It means anonymous user can only access homepage /. Admin users like alice can access any pages. Currently all accesses are regarded as anonymous. Add your authentication to let a user log in.
How are subject, object, action defined?
In middleware.py:
def check_permission(self, request):
# change the user, path, method as you need.
user = request.remote_user # subject
if user is None:
user = 'anonymous'
path = request.path # object
method = request.method # action
return self.enforcer.enforce(user, path, method)
You may need to copy the middleware.py code to your project and modify it directly if you have other definitions for subject, object, action.
Documentation
The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:
subject: the logged-in user nameobject: the URL path for the web resource like "dataset1/item1"action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"
For how to write authorization policy and other details, please refer to the Casbin's documentation.
Getting Help
License
This project is under Apache 2.0 License. See the LICENSE file for the full license text.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for flask_authz-1.0.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 779f7e7c64d04d9843ce32d327ddd75c5316c7b019e210f60d5682b1a3d756cd |
|
| MD5 | 94cd426a746b28a62510197bb67a0101 |
|
| BLAKE2b-256 | 6d1d73e9172999650d1d2832d9bdc3d58e48191d009676ee123864af6436c4c5 |
