Simple RBAC library
Project description
rbact
A simple RBAC library with different ORM adapters
- has sync and async implementation
- supports peewee/peewee_async
- stores access data in normal form
- doesn't use cache (at least right now), so doesn't need to reload data and performs best with small role inheritance tree
Content
Installation
# Basic
pip install rbact
# With adapter's dependencies
pip install rbact[peewee]
pip install rbact[peewee_async]
Docs
Peewee hello world
from peewee import PostgresqlDatabase
import rbact
db = PostgresqlDatabase('my_app', user='postgres', password='secret',
host='10.1.0.9', port=5432)
adapter = rbact.peewee.PeeweeAdapter(db)
adapter.create_tables()
inspector = rbact.Inspector(adapter)
result = inspector.has_access('user', 'resource', 'write')
With peewee your application needs to close connections explicitly. adapter.create_tables() and inspector.has_access() methods follow this logic and don't close connections by themselves.
Peewee async example with a connection pool and model extensions
import peewee as pw
from peewee_async import PooledPostgresqlDatabase, Manager
from rbact import peewee_async as rbact_peewee, AsyncInspector
db = PooledPostgresqlDatabase('my_app', user='postgres', password='secret',
host='10.1.0.9', port=5432)
db_manager = Manager(db)
# model extension
class Users(rbact_peewee.Users):
class Meta:
table_name = 'custom_users'
email = pw.TextField()
async def main():
loader = rbact_peewee.ModelsLoader(db_manager.database, users_model=Users)
adapter = rbact_peewee.AsyncPeeweeAdapter(db_manager, models_loader=loader)
inspector = AsyncInspector(adapter)
has_access = await inspector.has_access('user', 'resource', 'write')
role_with_access = await inspector.get_first_role_with_access('user', 'resource', 'read')
How it works?
Rbact uses 4 tables to store data, default tables look like this:
adapter.create_tables(). You can extend any table using inheritance but default columns mustn't be changed.
Rbact rules examples
The user who wants to access, the object (or resource) to which access is requested, the action that the user wants to do
analyst, company_metrics, read
employee, /api/write_task, write
Superuser
import rbact
db = ...
adapter = rbact.peewee.PeeweeAdapter(db)
inspector = rbact.Inspector(adapter)
inspector.superuser = 'root' # default value is admin
inspector.superuser = None # disable superuser
Get all user rules/roles
import rbact
db = ...
adapter = rbact.peewee.PeeweeAdapter(db)
inspector = rbact.Inspector(adapter)
# list of tuples
list_rules = inspector.get_user_rules('user', orient='list')
# dict with resource key and list of actions value
dict_rules = inspector.get_user_rules('user', orient='dict')
# list of roles
roles = inspector.get_user_roles('user')
Fake roles
Fake role is an intermediate role that mustn't be assigned to any user. All its rules will be used, but you can't get this role by get_user_roles or get_first_role_with_access methods
import rbact.peewee as rbact_peewee
from rbact import Inspector
db = ...
loader = rbact_peewee.ModelsLoader(db, with_fake_roles=True)
adapter = rbact_peewee.PeeweeAdapter(db, models_loader=loader)
adapter.create_tables()
rbact_peewee.Roles.create(name="development_department", id=1, is_rbact_fake=True)
rbact_peewee.Rules.create(role=1, obj="docs", act="read")
rbact_peewee.Roles.create(name="software_developer", id=2, parent=1)
rbact_peewee.Rules.create(role=2, obj="code", act="write")
rbact_peewee.Users.create(login="user1", id=1)
rbact_peewee.UsersRoles.create(user=1, role=2)
rbact_peewee.Roles.create(name="project_manager", id=3)
# all this users can read docs due to root fake role
inspector = Inspector(adapter)
result = inspector.get_user_roles('user1') # ["software_developer"]
role_with_access = inspector.get_first_role_with_access('user1', 'docs', 'read') # software_developer
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rbact-1.4.1.tar.gz.
File metadata
- Download URL: rbact-1.4.1.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.10.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b92c3f30c5ea19848197a0dd52ec57451eb9e519ef51b058ebe78f4c711d8f9d
|
|
| MD5 |
7796525dc7cb4e87e9d587cfeff6aae7
|
|
| BLAKE2b-256 |
41e03bb8ca37635c618825db4ba37413234dd6d1d329afbe37dc63a9c10aae38
|
File details
Details for the file rbact-1.4.1-py3-none-any.whl.
File metadata
- Download URL: rbact-1.4.1-py3-none-any.whl
- Upload date:
- Size: 8.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.10.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
18ac75227d2db21810e520ef62131f1bcd2f81c3a658873db5316e1540914065
|
|
| MD5 |
2c92d23e16c9239893c120cbca5dc14b
|
|
| BLAKE2b-256 |
99a9be2baf46d1e90f8257fe17bbbb53481b3e6ea62df5e9f1e64933d7a90156
|
