Fine-grained hierarchical RBAC for Litestar applications

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jacobcoffee from gravatar.com jacobcoffee
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jacob Coffee
  • Tags rbac , permissions , authorization , litestar , async
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

litestar-permissions

CI PyPI version Python versions License: MIT

Fine-grained hierarchical RBAC for Litestar applications.

Roles are scoped to resources and permissions inherit upward through the hierarchy. An org-admin role on Organization X grants those permissions on every project and application inside it. Built on SQLAlchemy 2.x, ships as a Litestar plugin.

Installation

uv add litestar-permissions

Quick Start

from litestar import Litestar, get
from litestar_permissions import PermissionsPlugin, PermissionsConfig, require_permission
from sqlalchemy.orm import DeclarativeBase


class Base(DeclarativeBase):
    pass


config = PermissionsConfig(
    hierarchy={"application": "project", "project": "organization"},
)


@get(
    "/apps/{app_id:str}/deploy",
    guards=[require_permission("application:deploy", resource_id_param="app_id")],
)
async def deploy(app_id: str) -> dict:
    return {"status": "deploying"}


app = Litestar(
    route_handlers=[deploy],
    plugins=[PermissionsPlugin(config=config, base=Base)],
)

The plugin generates four SQLAlchemy tables (roles, permissions, role_permissions, user_role_assignments) bound to your Base. Guards check permissions at the resource scope, walking up the hierarchy to find matching role assignments.

How the Hierarchy Works

Define parent-child relationships between resource types:

PermissionsConfig(
    hierarchy={
        "application": "project",   # application's parent is project
        "project": "organization",   # project's parent is organization
    }
)

When checking application:deploy on a specific app, the resolver checks role assignments scoped to that app, then its parent project, then the parent org, then global. A match at any level grants the permission.

Development

make dev           # install with all dev deps
make test          # run tests
make lint          # run prek hooks (ruff, ty, codespell)
make docs-serve    # live-reload docs on localhost:8001

Documentation

Full docs at jacobcoffee.github.io/litestar-permissions.

License

MIT - see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jacobcoffee from gravatar.com jacobcoffee
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jacob Coffee
  • Tags rbac , permissions , authorization , litestar , async
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

This version

0.1.3

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

litestar_permissions-0.1.3.tar.gz (10.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

litestar_permissions-0.1.3-py3-none-any.whl (11.6 kB view details)

Uploaded Python 3

File details

Details for the file litestar_permissions-0.1.3.tar.gz.

File metadata

  • Download URL: litestar_permissions-0.1.3.tar.gz
  • Upload date:
  • Size: 10.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for litestar_permissions-0.1.3.tar.gz
Algorithm Hash digest
SHA256 7d8d97a154569c5e6ceb1b7ebd524f93a0d18b3f20348c7902bc285df8a19123
MD5 3be54cd000fb94c7fb7a9676b3d1209a
BLAKE2b-256 8ba600fed455189d922457824c594a672ece08013957bafbf69183e4a078cc5a

See more details on using hashes here.

Provenance

The following attestation bundles were made for litestar_permissions-0.1.3.tar.gz:

Publisher: publish.yml on JacobCoffee/litestar-permissions

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file litestar_permissions-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for litestar_permissions-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 ff63c0c773a5bb21b624fb0a0bcb16b6e59cc825581c8e830e4365df5c8d2619
MD5 ab2ee11a3d28682363068307a5e3efd4
BLAKE2b-256 e1066c6f1ca3ef57a581fb2b6e8483005b7db6965c4e796a33ff843272d649d1

See more details on using hashes here.

Provenance

The following attestation bundles were made for litestar_permissions-0.1.3-py3-none-any.whl:

Publisher: publish.yml on JacobCoffee/litestar-permissions

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page