Default ACL implementation for Mara
Project description
Mara ACL
Default ACL implementation for mara with the following design choices:
- Authentication of users is handled externally, e.g. through a Oauth2 Proxy. An upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
- Each user is assigned a single role.
- Permissions are not based on urls, but on application-defined "resources". Thus, checking of permissions needs to be done in the application.
The ACL provides a single UI for both user and permission management. Users can be added / removed and their roles can be changed like this:
New roles are created by moving a user to a new role.
Permissions can be set for
- an individual user or a whole role,
- an individual resource, a group of resources or "All" resources.
Individual users inherit permissions from their role, and permissions on higher levels overwrite permissions on lower levels:
Each new user that is authenticated is automatically created with a default role in the acl:
This behavior can be switched off (so that only invited users can join). See config.py for details.
Please have a look at the mara example application for how to integrate this ACL implementation.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for mara_acl-2.1.0-2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d283bdd73d2886fb8d0ea28f00c4cb41069d737a62a0374140c81d9ca9c46f29 |
|
MD5 | 8ac611f9e10a070f46d8ff6b3569397d |
|
BLAKE2b-256 | 4561621fa630bd725603ac731b9bdf3ce9e6157b4097a6e0bc0e6e3ed17171a4 |