Fine-grained hierarchical RBAC for Litestar applications

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jacobcoffee from gravatar.com jacobcoffee
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jacob Coffee
  • Tags rbac , permissions , authorization , litestar , async
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

litestar-permissions

CI PyPI version Python versions License: MIT

Fine-grained hierarchical RBAC for Litestar applications.

Roles are scoped to resources and permissions inherit upward through the hierarchy. An org-admin role on Organization X grants those permissions on every project and application inside it. Built on SQLAlchemy 2.x, ships as a Litestar plugin.

Installation

uv add litestar-permissions

Quick Start

from litestar import Litestar, get
from litestar_permissions import PermissionsPlugin, PermissionsConfig, require_permission
from sqlalchemy.orm import DeclarativeBase


class Base(DeclarativeBase):
    pass


config = PermissionsConfig(
    hierarchy={"application": "project", "project": "organization"},
)


@get(
    "/apps/{app_id:str}/deploy",
    guards=[require_permission("application:deploy", resource_id_param="app_id")],
)
async def deploy(app_id: str) -> dict:
    return {"status": "deploying"}


app = Litestar(
    route_handlers=[deploy],
    plugins=[PermissionsPlugin(config=config, base=Base)],
)

The plugin generates four SQLAlchemy tables (roles, permissions, role_permissions, user_role_assignments) bound to your Base. Guards check permissions at the resource scope, walking up the hierarchy to find matching role assignments.

How the Hierarchy Works

Define parent-child relationships between resource types:

PermissionsConfig(
    hierarchy={
        "application": "project",   # application's parent is project
        "project": "organization",   # project's parent is organization
    }
)

When checking application:deploy on a specific app, the resolver checks role assignments scoped to that app, then its parent project, then the parent org, then global. A match at any level grants the permission.

Development

make dev           # install with all dev deps
make test          # run tests
make lint          # run prek hooks (ruff, ty, codespell)
make docs-serve    # live-reload docs on localhost:8001

Documentation

Full docs at jacobcoffee.github.io/litestar-permissions.

License

MIT - see LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for jacobcoffee from gravatar.com jacobcoffee
Meta

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jacob Coffee
  • Tags rbac , permissions , authorization , litestar , async
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

0.1.3

This version

0.1.2

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

litestar_permissions-0.1.2.tar.gz (9.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

litestar_permissions-0.1.2-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file litestar_permissions-0.1.2.tar.gz.

File metadata

  • Download URL: litestar_permissions-0.1.2.tar.gz
  • Upload date:
  • Size: 9.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for litestar_permissions-0.1.2.tar.gz
Algorithm Hash digest
SHA256 9355132f167df73d002296cb96e08f81f713daa7cc24f729165e96e02e1db836
MD5 bb7a2a1f7184c3fb1179220050823827
BLAKE2b-256 e56d1fe1627372c117028a491750ae5186b00a86647a6708e361eddd423bac60

See more details on using hashes here.

Provenance

The following attestation bundles were made for litestar_permissions-0.1.2.tar.gz:

Publisher: publish.yml on JacobCoffee/litestar-permissions

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file litestar_permissions-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for litestar_permissions-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 b995de9546f274e60052a4f2053c78c964172ec766fe7b787062c4e2789e49af
MD5 d888c6a153d55152509f081fb8939ff3
BLAKE2b-256 4235a9a91c4887d2150d3ed96b4b3d7c847f5890ee6e37c705f57e0e642ce03f

See more details on using hashes here.

Provenance

The following attestation bundles were made for litestar_permissions-0.1.2-py3-none-any.whl:

Publisher: publish.yml on JacobCoffee/litestar-permissions

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page