Skip to main content

👮 Role-Based-Access-Control module for Orwynn framework

Project description

👮 Role-Based-Access-Control module for Orwynn framework

Gives controls to roles and their permissions in your backend application.

Installation

Via Poetry:

poetry add orwynn_rbac

Usage

Define default roles in your application:

DefaultRoles = [
    DefaultRole(
        name="sergeant",
        title="Sergeant",
        description="Flexible policeman",
        permission_names=set(
            "yourcompany.yourproject.citizen.permission.citizen:get",
            "yourcompany.yourproject.tax.permission.tax:create",
            "yourcompany.yourproject.pursue.permission.start:do"
        )
    ),
    ...
]

NOTE: Default roles are initialized only once per fresh database.

In your Boot setup, initialize a RBACBoot class and get a bootscript from it:

from orwynn_rbac import RBACBoot

Boot(
    ...,
    bootscripts=[
        ...,
        RBACBoot(
            default_roles=DefaultRoles
        ).get_bootscript()
    ]
)

In any module, where RBAC functionality is required (e.g. user access checkers), import orwynn_rbac.module:

import orwynn_rbac

your_module = Module(
    ...,
    imports=[
        ...,
        orwynn_rbac.module
    ]
)

Checking access

To check an access to your controller you are free to implement own middleware, retrieve an user id, e.g. from HTTP authorization header, and pass it to our AccessService.check_user() method. A minimal middleware might look like this:

class AccessMiddleware(HttpMiddleware):
    def __init__(
        self,
        covered_routes: list[str],
        service: AccessService,
    ) -> None:
        super().__init__(covered_routes)
        self.service: AccessService = service

    async def process(
        self,
        request: HttpRequest,
        call_next: Callable,
    ) -> HttpResponse:
        user_id: str | None = request.headers.get("user-id", None)
        self.service.check_user(
            user_id, str(request.url.components.path), request.method
        )

        response: HttpResponse = await call_next(request)

        return response

The method AccessService.check_user() will raise a ForbiddenError if an user with given id has no access to the route and method, so you just need to call it with these arguments.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

orwynn_rbac-0.1.2.tar.gz (17.5 kB view details)

Uploaded Source

Built Distribution

orwynn_rbac-0.1.2-py3-none-any.whl (21.8 kB view details)

Uploaded Python 3

File details

Details for the file orwynn_rbac-0.1.2.tar.gz.

File metadata

  • Download URL: orwynn_rbac-0.1.2.tar.gz
  • Upload date:
  • Size: 17.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.11.6 Linux/6.6.2-zen1-1-zen

File hashes

Hashes for orwynn_rbac-0.1.2.tar.gz
Algorithm Hash digest
SHA256 96f7cd168c25b63d2abd206c01cde78aef17ed522bdc2acf155cce6e4774f910
MD5 ada90c45cdc11df905632b3699a70270
BLAKE2b-256 c1aad49d41dddc264ccd54a260fcbc7065d098cecbacb211a1a6dc4b7beeca70

See more details on using hashes here.

File details

Details for the file orwynn_rbac-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: orwynn_rbac-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 21.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.5.1 CPython/3.11.6 Linux/6.6.2-zen1-1-zen

File hashes

Hashes for orwynn_rbac-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 a794aa943338fc1d575eb382b1f45adc90eb5768e623e55c89ad331ad3a1e0ef
MD5 00ee0f746b1d309d0e4c0098183ba580
BLAKE2b-256 1b9004d38cfc62473cf6ce6682f67a6059c3269f32cda19e39692700e38addcd

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page