Simple RBAC library
Project description
rbact
A simple RBAC library with different ORM adapters
- has sync and async implementation
- supports peewee/peewee_async
- stores access data in normal form
- doesn't use cache (at least right now), so doesn't need to reload data and performs best with small role inheritance tree
Content
Installation
pip install rbact
Docs
Peewee hello world
from peewee import PostgresqlDatabase
import rbact
db = PostgresqlDatabase('my_app', user='postgres', password='secret',
host='10.1.0.9', port=5432)
adapter = rbact.peewee.PeeweeAdapter(db)
adapter.create_tables()
inspector = rbact.Inspector(adapter)
result = inspector.has_access('user', 'resource', 'write')
With peewee your application needs to close connections explicitly. adapter.create_tables()
and inspector.has_access()
methods follow this logic and don't close connections by themselves.
Peewee async example with a connection pool and model extensions
import peewee as pw
from peewee_async import PooledPostgresqlDatabase, Manager
from rbact import peewee_async as rbact_peewee, AsyncInspector
db = PooledPostgresqlDatabase('my_app', user='postgres', password='secret',
host='10.1.0.9', port=5432)
db_manager = Manager(db)
# model extension
class Users(rbact_peewee.Users):
class Meta:
table_name = 'custom_users'
email = pw.TextField()
async def main():
loader = rbact_peewee.ModelsLoader(db_manager.database, users_model=Users)
adapter = rbact_peewee.AsyncPeeweeAdapter(db_manager, models_loader=loader)
inspector = AsyncInspector(adapter)
result = await inspector.has_access('user', 'resource', 'write')
How it works?
Rbact uses 4 tables to store data, default tables look like this:
All these tables can be created automatically with adapter.create_tables()
. You can extend any table using inheritance but default columns mustn't be changed.
Rbact rules examples
The user who wants to access, the object (or resource) to which access is requested, the action that the user wants to do
analyst, company_metrics, read
employee, /api/write_task, write
Superuser
from peewee import PostgresqlDatabase
import rbact
db = PostgresqlDatabase('my_app', user='postgres', password='secret',
host='10.1.0.9', port=5432)
adapter = rbact.peewee.PeeweeAdapter(db)
inspector = rbact.Inspector(adapter)
inspector.superuser = 'root' # default value is admin
inspector.superuser = None # disable superuser
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
rbact-1.0.0.tar.gz
(6.5 kB
view hashes)
Built Distribution
rbact-1.0.0-py3-none-any.whl
(7.3 kB
view hashes)