Project description

graphene-acl

The motivation for this library is to simplify access control protection for Graphene Fields. A common approach to ACL protection is through the use of a reusable permissions validation decorator. The problem is this is cumbersome for Graphene Fields that use the standard resolver. You are forced to write an unnecessary resolver function just to annotate it with your permissions validator. The second cumbersome problem this library addresses is ACL role based resolvers. Depending on the users role you might want to perform different business logic in order to retrieve the data they requested for a Graphene Field.

Installation

$ pip install graphene-acl

Usage

acl_classifier

The purpose of the classifier is to return a route key that will be used to determine which resolver function is used for resolving the field. The classifier function has access to all the arguments from the field resolver.

acl_validator

The purpose of the validator is to authorize access to the field. This validation will occurr before classification routing happens. If authorization validation is different per classification route then you should not use this validator to enforce authorization access. Instead you should authorize at the specific classifier resolver definition.

Example

from graphene_acl import AclField
import graphene

def classifier(root, info, *args, **kwargs):
    if 'admin' in info.context.jwt.permissions:
        return 'admin'
    return None

def has_permissions(permissions):
    def validator(root, info, *args, **kwars):
        if (any([permission in info.context.jwt.permissions for permission in permissions])):
            return True
        raise AuthorizationError(f'Not authorized to query field {info.field_name}')

    return validator

class Foo(graphene.ObjectType):
    private_name = AclField(graphene.String, acl_classifier=classifier)
    restricted_name = AclField(graphene.String, acl_validator=has_permissions(['foo:name:read', 'admin']))

@Foo.private_name.resolve('admin')
def resolve_private_name__admin(root, info, *args, **kwargs):
    pass

@Foo.private_name.resolve()
def resolve_private_name__default(root, info):
    # Alternatively, authorization handling could be done by an acl_validator
    raise Error('Not Authorized')

ACL Connection Fields

from graphene_django.filter import DjangoFilterConnectionField
from graphene_acl import acl_field_type

BarConnectionField = acl_field_type('BarConnectionField', DjangoFilterConnectionField)

class Foo(graphene.ObjectType):
    bar = BarConnectionField(MyNode, acl_permissions=has_permission('FOO'))

Development

First time setup

Install Precommit hooks
brew install pre-commit && pre-commit install && pre-commit install --install-hooks
Install poetry: https://github.com/sdispater/poetry#installation
curl -sSL https://raw.githubusercontent.com/sdispater/poetry/master/get-poetry.py | python
Install dependencies
poetry install

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

1.1.1

Dec 13, 2019

1.1.0

Nov 26, 2019

This version

1.0.4

Apr 25, 2019

1.0.3

Apr 23, 2019

1.0.2

Apr 15, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

graphene-acl-1.0.4.tar.gz (5.3 kB view hashes)

Uploaded Apr 25, 2019 Source

Hashes for graphene-acl-1.0.4.tar.gz

Hashes for graphene-acl-1.0.4.tar.gz
Algorithm	Hash digest
SHA256	`e5cb7a17764eed85abb58a1e811b72d6c2c7964cc8e8cb4e5e41f17e81d46b71`
MD5	`cda0bf0ca52739340342636720089286`
BLAKE2b-256	`fab0ee4c55f5d81ef1fdefa570771b233b5e7e7c1d119ede0400a0647a3b57af`