Flexible role-based authorization solution that is a pleasure to use
Project description
Miracle
Miracle is an ACL for Python that was designed to be well-structuted, simple yet exhaustive. It uses permissions defined on resources, and roles are granted with the access to them.
To be a universal tool, it does not include any special cases, does not force you to persist and does not insist on any formats or conventions.
Maximum flexibility and total control. Enjoy! :)
Highlights:
- Inspired by miracle for NodeJS ;
- Simple core
- No restrictions on authorization entities
- Unit-tested
Table of Contents
- Define The Structure
- Acl
- Create
- add_role(role)
- add_roles(roles)
- add_resource(resource)
- add_permission(resource, permission)
- add(structure)
- Remove
- remove_role(role)
- remove_resource(resource)
- remove_permission(resource, permission)
- clear()
- Get
- get_roles()
- get_resources()
- get_permissions(resource)
- get()
- Export and Import
- Authorize
- Grant Permissions
- grant(role, resource, permission)
- grants(grants)
- revoke(role, resource, permission)
- revoke_all(role[, resource])
- Check Permissions
- check(role, resource, permission)
- check_any(roles, resource, permission)
- check_all(roles, resource, permission)
- Show Grants
- which_permissions(role, resource)
- which_permissions_any(roles, resource)
- which_permissions_all(roles, resource)
- which(role)
- which_any(roles)
- which_all(roles)
- show()
- Grant Permissions
Define The Structure
Acl
To start using miracle, instantiate the Acl object:
from acl import Acl acl = Acl()
The Acl object keeps track of your resources and permissions defined on them, handles grants over roles and provides utilities to manage them. When configured, you can check the access against the defined state.
Create
Methods from this section allow you to build the structure: list of roles, resources and permissions.
It’s not required that you have the structure defined before you start granting the access: the grant() method implicitly creates all resources and permissions that were not previously defined.
Start with defining the resources and permissions on them, then you can grant a role with the access to some permissions on a resource.
For roles, resources & permissions, any hashable objects will do.
add_role(role)
Define a role.
- role: the role to define.
The role will have no permissions granted, but will appear in get_roles().
acl.add_role('admin') acl.get_roles() # -> {'admin'}
add_roles(roles)
Define multiple roles
- roles: An iterable of roles
acl.add_roles(['admin', 'root']) acl.get_roles() # -> {'admin', 'root'}
add_resource(resource)
Define a resource.
- resources: the resource to define.
The resource will have no permissions defined but will appear in get_resources().
acl.add_resource('blog') acl.get_resources() # -> {'blog'}
add_permission(resource, permission)
Define a permission on a resource.
- resource: the resource to define the permission on. Is created if was not previously defined.
- permission: the permission to define.
The defined permission is not granted to anyone, but will appear in get_permissions(resource).
acl.add_permission('blog', 'post') acl.get_permissions('blog') # -> {'post'}
add(structure)
Define the whole resource/permission structure with a single dict.
- structure: a dict that maps resources to an iterable of permissions.
acl.add({ 'blog': ['post'], 'page': {'create', 'read', 'update', 'delete'}, })
Remove
remove_role(role)
Remove the role and its grants.
- role: the role to remove.
acl.remove_role('admin')
remove_resource(resource)
Remove the resource along with its grants and permissions.
- resource: the resource to remove.
acl.remove_resource('blog')
remove_permission(resource, permission)
Remove the permission from a resource.
- resource: the resource to remove the permission from.
- permission: the permission to remove.
The resource is not implicitly removed: it remains with an empty set of permissions.
acl.remove_permission('blog', 'post')
clear()
Remove all roles, resources, permissions and grants.
Get
get_roles()
Get the set of defined roles.
acl.get_roles() # -> {'admin', 'anonymous', 'registered'}
get_resources()
Get the set of defined resources, including those with empty permissions set.
acl.get_resources() # -> {'blog', 'page', 'article'}
get_permissions(resource)
Get the set of permissions for a resource.
- resource: the resource to get the permissions for.
acl.get_permissions('page') # -> {'create', 'read', 'update', 'delete'}
get()
Get the structure: hash of all resources mapped to their permissions.
Returns a dict: { resource: set(permission,...), ... }.
acl.get() # -> { blog: {'post'}, page: {'create', ...} }
Export and Import
The Acl class is picklable:
acl = miracle.Acl() save = acl.__getstate__() #... acl = miracle.Acl() acl.__setstate__(save)
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size miracle_acl-0.0.4_1-py2-none-any.whl (9.9 kB) | File type Wheel | Python version 2.7 | Upload date | Hashes View hashes |
Filename, size miracle-acl-0.0.4-1.tar.gz (9.7 kB) | File type Source | Python version None | Upload date | Hashes View hashes |
Filename, size miracle_acl-0.0.4.post1-py2.py3-none-any.whl (10.3 kB) | File type Wheel | Python version py2.py3 | Upload date | Hashes View hashes |
Hashes for miracle_acl-0.0.4_1-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4149fd87213f43835b4b799350cc8dec4fe9bee21146fa42ab651a74f1af09d1 |
|
MD5 | 5f3f729d2200d6797ba9f3cc4356c79d |
|
BLAKE2-256 | 6ab8dfd25d26c26d15f331bb79a707520b2d775fffffa36c834ecc905b5a4b66 |
Hashes for miracle_acl-0.0.4.post1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a4932d5039b539fde82053a824e18b9ba0d8fcc2c1d95dfdf2bbeaf8d553f8f1 |
|
MD5 | 510b6bde509b89038dd7aaf689758daa |
|
BLAKE2-256 | 72e19d1ff7bb16024fc8f6494ead2fd5a1deea7959181780bbd85e92eea6297f |