👮 Role-Based-Access-Control module for Orwynn framework

These details have not been verified by PyPI

Project links

Project description

👮 Role-Based-Access-Control module for Orwynn framework

Gives controls to roles and their permissions in your backend application.

Installation

Via Poetry:

poetry add orwynn_rbac

Usage

Define default roles in your application:

DefaultRoles = [
    DefaultRole(
        name="sergeant",
        title="Sergeant",
        description="Flexible policeman",
        permission_names=set(
            "yourcompany.yourproject.citizen.permission.citizen:get",
            "yourcompany.yourproject.tax.permission.tax:create",
            "yourcompany.yourproject.pursue.permission.start:do"
        )
    ),
    ...
]

NOTE: Default roles are initialized only once per fresh database.

In your Boot setup, initialize a RBACBoot class and get a bootscript from it:

from orwynn_rbac import RBACBoot

Boot(
    ...,
    bootscripts=[
        ...,
        RBACBoot(
            default_roles=DefaultRoles
        ).get_bootscript()
    ]
)

In any module, where RBAC functionality is required (e.g. user access checkers), import orwynn_rbac.module:

import orwynn_rbac

your_module = Module(
    ...,
    imports=[
        ...,
        orwynn_rbac.module
    ]
)

Checking access

To check an access to your controller you are free to implement own middleware, retrieve an user id, e.g. from HTTP authorization header, and pass it to our AccessService.check_user() method. A minimal middleware might look like this:

class AccessMiddleware(HttpMiddleware):
    def __init__(
        self,
        covered_routes: list[str],
        service: AccessService,
    ) -> None:
        super().__init__(covered_routes)
        self.service: AccessService = service

    async def process(
        self,
        request: HttpRequest,
        call_next: Callable,
    ) -> HttpResponse:
        user_id: str | None = request.headers.get("user-id", None)
        self.service.check_user(
            user_id, str(request.url.components.path), request.method
        )

        response: HttpResponse = await call_next(request)

        return response

The method AccessService.check_user() will raise a ForbiddenError if an user with given id has no access to the route and method, so you just need to call it with these arguments.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.1.4

Dec 14, 2023

This version

0.1.3

Dec 12, 2023

0.1.2

Dec 7, 2023

0.1.1

Dec 3, 2023

0.1.0

Nov 8, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

orwynn_rbac-0.1.3.tar.gz (17.5 kB view details)

Uploaded Dec 12, 2023 Source

Built Distribution

orwynn_rbac-0.1.3-py3-none-any.whl (21.7 kB view details)

Uploaded Dec 12, 2023 Python 3

File details

Details for the file orwynn_rbac-0.1.3.tar.gz.

File metadata

Download URL: orwynn_rbac-0.1.3.tar.gz
Upload date: Dec 12, 2023
Size: 17.5 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.5.1 CPython/3.11.6 Linux/6.6.3-zen1-1-zen

File hashes

Hashes for orwynn_rbac-0.1.3.tar.gz
Algorithm	Hash digest
SHA256	`03647e8ff8ed31afcc02ff9cfd61d5ca349dfbdab7fe74263eacb4891cf49af3`
MD5	`47f8ca1f0655aefbbf45afd8d6e65346`
BLAKE2b-256	`710fc762f0245a50b3a07e7630efe9d9d3eb318bdcc6ba6c063fd03279934917`

See more details on using hashes here.

File details

Details for the file orwynn_rbac-0.1.3-py3-none-any.whl.

File metadata

Download URL: orwynn_rbac-0.1.3-py3-none-any.whl
Upload date: Dec 12, 2023
Size: 21.7 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.5.1 CPython/3.11.6 Linux/6.6.3-zen1-1-zen

File hashes

Hashes for orwynn_rbac-0.1.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`75ec70d007717d4334eff467ceca9504afeddd83ab9ea791f26962dcdb157a4f`
MD5	`fc3828186998c4358061920b9516475c`
BLAKE2b-256	`f10e56d029b84a3731d89aec2ab038427c3c7d2d1a38a84e32fc0330dfec5aa8`