No project description provided
Project description
pg-rls-sqlalchemy
Work in progress. Support for Postgres Row Level Security (RLS) include Postgres Policy in SQL Alchemy and Alembic.
Installation
No package as yet
Usage
Using RLS BaseModel
Recommended most projects. This is for projects with majority of tables using RLS which will also be almost all new projects using this library.
from sqlalchemy.orm import declarative_base
from pg_rls import rls_base, policy, Policy, PolicyType, PolicyCommands
BaseModel = rls_base(declarative_base())
@policy(Policy("pol_my_models_select_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.SELECT, using="user_id == auth.uid()"))
@policy(Policy("pol_my_models_delete_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.DELETE, using="user_id == auth.uid()"))
@policy(Policy("pol_my_models_update_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.UPDATE, using="user_id == auth.uid()", with_check="user_id == auth.uid()"))
@policy(Policy("pol_my_models_update_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.INSERT, with_check="user_id == auth.uid()"))
# Equivalent to:
# @policy(Policy("pol_my_models_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.ALL, using="user_id == auth.uid()", with_check="user_id == auth.uid()"))
class MyModel(BaseModel):
...
Using RLS Decorator
Only intended for projects with majority of tables without RLS enabled. Usually only for existing projects with most tables not protected using RLS that are only using RLS for a niche use case
This is not recommended for other use cases as it makes it easy for a developer to forget to enable RLS and expose a security vulnerability.
from sqlalchemy.orm import declarative_base
from pg_rls import rls, policy, Policy, PolicyType, PolicyCommands
BaseModel = declarative_base()
@rls()
@policy(Policy("pol_my_models_select_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.SELECT, using="user_id == auth.uid()"))
@policy(Policy("pol_my_models_delete_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.DELETE, using="user_id == auth.uid()"))
@policy(Policy("pol_my_models_update_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.UPDATE, using="user_id == auth.uid()", with_check="user_id == auth.uid()"))
@policy(Policy("pol_my_models_update_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.INSERT, with_check="user_id == auth.uid()"))
# Equivalent to:
# @policy(Policy("pol_my_models_primary", as_=PolicyType.PERMISSIVE, for_=PolicyCommands.ALL, using="user_id == auth.uid()", with_check="user_id == auth.uid()"))
class MyModel(BaseModel):
...
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pg_rls_sqlalchemy-0.1.0.tar.gz.
File metadata
- Download URL: pg_rls_sqlalchemy-0.1.0.tar.gz
- Upload date:
- Size: 5.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.1 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f6289a653e33c423cad39aaabf8c9e7f2d4409188358ffa5bfdc7f78e1b6cbb3
|
|
| MD5 |
62e1ff6fef19104f45eb2dca2956816d
|
|
| BLAKE2b-256 |
0f47adb1948da239c05586ce7920baca542e037b1b0905a84af0f06a2adba52a
|
File details
Details for the file pg_rls_sqlalchemy-0.1.0-py3-none-any.whl.
File metadata
- Download URL: pg_rls_sqlalchemy-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.12.1 Linux/6.5.0-1025-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0bc81f9353447c659189972f9d6637112cddd9acd507df6ea15c559dc1517b5a
|
|
| MD5 |
78216d31bd3d907515c367a1760e6177
|
|
| BLAKE2b-256 |
e43a509bc4c7576e0ed0a1c914655d8c257f47436d29db5bbd5c43c7de0bd542
|
