Project description

👮 Role-Based-Access-Control module for Orwynn framework

Gives controls to roles and their permissions in your backend application.

Installation

Via Poetry:

poetry add orwynn_rbac

Usage

Define default roles in your application:

DefaultRoles = [
    DefaultRole(
        name="sergeant",
        title="Sergeant",
        description="Flexible policeman",
        permission_names=set(
            "yourcompany.yourproject.citizen.permission.citizen:get",
            "yourcompany.yourproject.tax.permission.tax:create",
            "yourcompany.yourproject.pursue.permission.start:do"
        )
    ),
    ...
]

NOTE: Default roles are initialized only once per fresh database.

In your Boot setup, initialize a RBACBoot class and get a bootscript from it:

from orwynn_rbac import RBACBoot

Boot(
    ...,
    bootscripts=[
        ...,
        RBACBoot(
            default_roles=DefaultRoles
        ).get_bootscript()
    ]
)

In any module, where RBAC functionality is required (e.g. user access checkers), import orwynn_rbac.module:

import orwynn_rbac

your_module = Module(
    ...,
    imports=[
        ...,
        orwynn_rbac.module
    ]
)

Checking access

To check an access to your controller you are free to implement own middleware, retrieve an user id, e.g. from HTTP authorization header, and pass it to our AccessService.check_user() method. A minimal middleware might look like this:

class AccessMiddleware(HttpMiddleware):
    def __init__(
        self,
        covered_routes: list[str],
        service: AccessService,
    ) -> None:
        super().__init__(covered_routes)
        self.service: AccessService = service

    async def process(
        self,
        request: HttpRequest,
        call_next: Callable,
    ) -> HttpResponse:
        user_id: str | None = request.headers.get("user-id", None)
        self.service.check_user(
            user_id, str(request.url.components.path), request.method
        )

        response: HttpResponse = await call_next(request)

        return response

The method AccessService.check_user() will raise a ForbiddenError if an user with given id has no access to the route and method, so you just need to call it with these arguments.

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

0.1.4

Dec 14, 2023

This version

0.1.3

Dec 12, 2023

0.1.2

Dec 7, 2023

0.1.1

Dec 3, 2023

0.1.0

Nov 8, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

orwynn_rbac-0.1.3.tar.gz (17.5 kB view hashes)

Uploaded Dec 12, 2023 Source

Built Distribution

orwynn_rbac-0.1.3-py3-none-any.whl (21.7 kB view hashes)

Uploaded Dec 12, 2023 Python 3

Hashes for orwynn_rbac-0.1.3.tar.gz

Hashes for orwynn_rbac-0.1.3.tar.gz
Algorithm	Hash digest
SHA256	`03647e8ff8ed31afcc02ff9cfd61d5ca349dfbdab7fe74263eacb4891cf49af3`
MD5	`47f8ca1f0655aefbbf45afd8d6e65346`
BLAKE2b-256	`710fc762f0245a50b3a07e7630efe9d9d3eb318bdcc6ba6c063fd03279934917`

Hashes for orwynn_rbac-0.1.3-py3-none-any.whl

Hashes for orwynn_rbac-0.1.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`75ec70d007717d4334eff467ceca9504afeddd83ab9ea791f26962dcdb157a4f`
MD5	`fc3828186998c4358061920b9516475c`
BLAKE2b-256	`f10e56d029b84a3731d89aec2ab038427c3c7d2d1a38a84e32fc0330dfec5aa8`