Общая библиотека контроля доступа для микросервисов

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 3 - Alpha
Environment
- Web Environment
Framework
- Django :: 4.0
- Django :: 4.1
Intended Audience
- Developers
Natural Language
- English
- Russian
Operating System
- OS Independent
Programming Language
- Python
- Python :: 3.10

Project description

Общая библиотека контроля доступа для микросервисов

Подключение

settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'oidc_auth.authentication.JSONWebTokenAuthentication',
    ),
}

OIDC_AUTH = {
    # URL сервиса аутентификации, необходимо указать своё значение
    'OIDC_ENDPOINT': 'http://testserver/oauth',
    
    # функция преобразующая токен в объект пользователя. Указать как есть.
    'OIDC_RESOLVE_USER_FUNCTION': 'librbac.oidc.auth.get_user_from_token',
    
    # Заголовок в котором хранится токен. Указать как есть.
    'JWT_AUTH_HEADER_PREFIX': 'Bearer',

    # The Claims Options can now be defined by a static string.
    # ref: https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation
    # The old OIDC_AUDIENCES option is removed in favor of this new option.
    # `aud` is only required, when you set it as an essential claim.
    'OIDC_CLAIMS_OPTIONS': {
        'iss': {
            'essential': True,
        }
    },
}

testapp/apps.py:

from django.apps.config import AppConfig as AppConfigBase

from librbac.events import PermissionPushed
from librbac.utils.management import is_in_management_command


class AppConfig(AppConfigBase):

    name = __package__

    def _bootstrap(self):
        """Предоставление общей шины ядра."""
        from explicit.messagebus.messagebus import MessageBus
        from auth.apps import core
        from .unit_of_work import UnitOfWork
        uow = UnitOfWork()
        dependencies = dict(uow=uow)
        messagebus = MessageBus(**dependencies)
        core.bus = messagebus

    def _register_events(self):
        ...

    def _configure_rbac(self):
        from librbac import config
        from librbac.manager import rbac
        from testapp import core
        from testapp.core.adapters import messaging

        class Config(config.IConfig):
            bus = core.bus
            adapter = messaging.adapter

        config.rbac_config = Config()

        # не пушим разрешения в шину, если выполняется management команда
        rbac.init(push_permissions=not is_in_management_command())


    def ready(self):
        self._bootstrap()
        self._register_events()
        self._configure_rbac()

testapp/permissions.py

from librbac.types import Permission
from librbac.types import PermissionGroup


PERM_NAMESPACE_TEST = 'test'

PERM_RESOURCE__PERSON = 'person'
PERM__PERSON__READ = Permission(
    # (namespace, resource, action, scope)
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'read'
)
PERM__PERSON__WRITE = Permission(
    PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON, 'write'
)
# Описание разрешений
# -----------------------------------------------------------------------------
permissions = (
    (PERM__PERSON__READ, 'Просмотр ФЛ'),
    (PERM__PERSON__WRITE, 'Редактирование ФЛ'),
)

dependencies = {
    PERM__PERSON__WRITE: {
        PERM__PERSON__READ,
    },
}
# -----------------------------------------------------------------------------
# Описание связей разделов и групп разрешений
partitions = {
    'Администрирование': (
        PermissionGroup(PERM_NAMESPACE_TEST, PERM_RESOURCE__PERSON),
    ),
}
# -----------------------------------------------------------------------------

testapp/views.py

from rest_framework.generics import GenericAPIView
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet

from librbac.drf.viewsets import RBACMixin

from .models import Person
from .permissions import PERM__PERSON__READ
from .permissions import PERM__PERSON__WRITE
from .serializers import PersonSerializer


class PersonViewSet(RBACMixin, ModelViewSet):
    
    # сопоставление действий с разрешениями
    perm_map = dict(
        create=(PERM__PERSON__WRITE,),
        partial_update=(PERM__PERSON__WRITE,),
        destroy=(PERM__PERSON__WRITE,),
        retrieve=(PERM__PERSON__READ,),
        list=(PERM__PERSON__READ,),
    )

    ...

Запуск тестов

$ tox

Project details

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 3 - Alpha
Environment
- Web Environment
Framework
- Django :: 4.0
- Django :: 4.1
Intended Audience
- Developers
Natural Language
- English
- Russian
Operating System
- OS Independent
Programming Language
- Python
- Python :: 3.10

Release history Release notifications | RSS feed

3.0.1

Aug 26, 2024

3.0.0

Aug 26, 2024

2.1.0

Jan 29, 2024

2.0

Aug 7, 2023

1.1.0

Nov 29, 2022

1.0.3

Nov 8, 2022

This version

1.0.2

Oct 4, 2022

1.0.1

Sep 20, 2022

1.0.0

Aug 19, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

librbac-1.0.2.tar.gz (14.8 kB view hashes)

Uploaded Oct 4, 2022 Source

Built Distribution

librbac-1.0.2-py3-none-any.whl (16.9 kB view hashes)

Uploaded Oct 4, 2022 Python 3

Hashes for librbac-1.0.2.tar.gz

Hashes for librbac-1.0.2.tar.gz
Algorithm	Hash digest
SHA256	`8815d5a9d150c390566a97f8bcd0b65e913d8b15aba620bd92b158659a982b9c`
MD5	`1071b7be85b1be1af7ec7c8ce8cfb303`
BLAKE2b-256	`62a49a6c24270e85cb1aae3c485ae9075143a66f05eda147603cfa93a9c61af6`

Hashes for librbac-1.0.2-py3-none-any.whl

Hashes for librbac-1.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2b758582c19fe440edcb320967e2297488b6c4b5d9862f281ae0b78ab5dafa7c`
MD5	`8d3f45852a1a717cf19b27bdef4e99f8`
BLAKE2b-256	`e33cb2c5e91847232045302b90480e57b5c981b53e49df74b98766bd0864cecc`