Общая библиотека контроля доступа для микросервисов

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bo_bot_pypi from gravatar.com bo_bot_pypi

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: BARS Group

Classifiers

Project description

Общая библиотека контроля доступа для микросервисов

Подключение

settings.py:

INSTALLED_APPS = [
    # другие приложение
    'testapp.core',
    'librbac',                         # для management команд rbac
    'librbac.contrib.migrations',      # для поддержки миграций
]

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oidc_auth.authentication.JSONWebTokenAuthentication',
    ),
}

OIDC_AUTH = {
    # URL сервиса аутентификации, необходимо указать своё значение
    'OIDC_ENDPOINT': 'http://testserver/oauth',
    
    # функция преобразующая токен в объект пользователя. Указать как есть.
    'OIDC_RESOLVE_USER_FUNCTION': 'librbac.oidc.auth.get_user_from_token',
    
    # Заголовок в котором хранится токен. Указать как есть.
    'JWT_AUTH_HEADER_PREFIX': 'Bearer',

    # The Claims Options can now be defined by a static string.
    # ref: https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation
    # The old OIDC_AUDIENCES option is removed in favor of this new option.
    # `aud` is only required, when you set it as an essential claim.
    'OIDC_CLAIMS_OPTIONS': {
        'iss': {
            'essential': True,
        }
    },
}

RBAC_BACKEND = 'librbac.backends.remote.RemoteBackend'
"""Путь до бэкенда RBAC"""


RBAC_PERMISSION_TOPIC = 'test.rbac.permission'
"""Наименование топика в который публикуются события связанные с разрешениями."""

testapp/__init__.py:

from typing import TYPE_CHECKING

from explicit.contrib.messagebus.event_registry import Registry


if TYPE_CHECKING:
    from explicit.messagebus.messagebus import MessageBus  # noqa


default_app_config = f'{__package__}.apps.AppConfig'


bus: 'MessageBus'

event_registry = Registry()

testapp/apps.py:

from django.apps.config import AppConfig as AppConfigBase

from librbac.events import PermissionPushed
from librbac.utils.management import is_in_management_command


class AppConfig(AppConfigBase):

    name = __package__

    def _bootstrap(self):
        """Предоставление общей шины ядра."""
        from explicit.messagebus.messagebus import MessageBus
        from testapp import core
        from .unit_of_work import UnitOfWork
        uow = UnitOfWork()
        dependencies = dict(uow=uow)
        messagebus = MessageBus(**dependencies)
        core.bus = messagebus

    def _register_event_handlers(self):
        ...

    def _configure_rbac(self):
        from librbac import config
        from librbac.manager import rbac
        from testapp import core
        from testapp.core import event_registry as registry
        from testapp.core.adapters import messaging

        class Config(config.IConfig):
            bus = core.bus
            adapter = messaging.adapter
            event_registry = registry

        config.rbac_config = Config()

        # не пушим разрешения в шину при старте. Этим занимается management команда.
        rbac.init()


    def ready(self):
        self._bootstrap()
        self._register_events()
        self._configure_rbac()

testapp/permissions.py

from librbac.types import Permission
from librbac.types import PermissionGroup


PERM_NAMESPACE_TEST = 'test'

PERM_RESOURCE__PERSON = 'person'
PERM__PERSON__READ = Permission(
    # (namespace, resource, action, scope)
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'read'
)
PERM__PERSON__WRITE = Permission(
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'write'
)
# Описание разрешений
# -----------------------------------------------------------------------------
permissions = (
    (PERM__PERSON__READ, 'Просмотр ФЛ'),
    (PERM__PERSON__WRITE, 'Редактирование ФЛ'),
)

dependencies = {
    PERM__PERSON__WRITE: {
        PERM__PERSON__READ,
    },
}
# -----------------------------------------------------------------------------
# Описание связей разделов и групп разрешений
partitions = {
    'Администрирование': (
        PermissionGroup(PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON),
    ),
}
# -----------------------------------------------------------------------------

testapp/views.py

from rest_framework.viewsets import ModelViewSet

from librbac.drf.viewsets import RBACMixin

from .permissions import PERM__PERSON__READ
from .permissions import PERM__PERSON__WRITE


class PersonViewSet(RBACMixin, ModelViewSet):
    
    # сопоставление действий с разрешениями
    perm_map = dict(
        create=(PERM__PERSON__WRITE,),
        partial_update=(PERM__PERSON__WRITE,),
        destroy=(PERM__PERSON__WRITE,),
        retrieve=(PERM__PERSON__READ,),
        list=(PERM__PERSON__READ,),
    )

    ...

Миграции разрешений

Описание в модуле миграций

Запуск тестов

$ tox

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bo_bot_pypi from gravatar.com bo_bot_pypi

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

Author: BARS Group

Classifiers

Release history Release notifications | RSS feed

This version

2.1.0

2.0

1.1.0

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

librbac-2.1.0.tar.gz (22.9 kB view hashes)

Uploaded Source

Built Distribution

librbac-2.1.0-py3-none-any.whl (30.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page