This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

The package “secobj” provides access control lists for functions, classes and methods. They are declared and enforced by a decorator named “access”. The goal of this library is to be simple and effective in use but at the same time to provide enough configurability to master complex scenarios.

As for the time being “secobj” only provides authorization based on access control lists. At a later time it can be possible, that the library will be extended with authentication functionality.

The decorator “access” is the pivotal element of this library. It augments the decorated function, class or method with variables, which have the naming pattern “__acl.*__”. At runtime these variables are evaluated by the decorating function and access is granted or denied. The signature of the decorator is as follows:

access(*rules, **kwargs)

The decorator can either be called with arguments or without. The possible arguments are:

  • rules: This is either a sequence of tuples defining the access control rules. Each tuple consits of two or more items:

    1. The desired action. “ALLOW” or “DENY” are provided.
    2. The effective principal. Either a user, group, list of groups or one of the predefined principals: ANONYMOUS, SYSTEM, AUTHENTICATED, OWNER, EVERYONE.
    3. Zero or more permissions, which will be granted or denied. If no permission is defined, than the default permission will be used as the permission defined by this rule.

    Or it is a string referencing a named access control list. The format of the string is the unique name of the section in the configuration file without the prefix “rules:” followed by the sign “#” and the name of the option in this section. If there is no such option defined in the configuration file, the named access control list will be ignored. This can be used to define external configurable hooks in the security system.

    Each access control list will be extended by the policy rules defined in the function “initsecurity”, by the option “policy_rules” in section “secobj” and the option “policy” in the same section, in that order.

  • keyword inherit: A boolean flag which controlls if the access control rules defined by the method of the super class or defined by the super class itself will have effect. This argument is only relevant on methods and classes and is ignored otherwise.

  • keyword permission: This is the permission which must be granted by one of the rules in the effective access control list. If this argument is not provided on a class, a default permission named like the fully qualified name of the class is defined. If not provided on a method, the permission will be that of the class. If omitted on a function the “ALL” permission will be in effect, meaning, that any permission will do.

  • keyword owner: This defines the principal which will own the class and instances or function. This argument is ignored by methods. A method is always owned by the defining class or by the instance. The default owner is the user SYSTEM.

  • keyword callback: Defines a function which is called to retrieve the resource (class, method, function) which will be used to provide the runtime variables defining the access control. The function will be called with all arguments passed and must return an appropriate resource object.

Before the library can be used the function “initsecurity” must be called. With the optionally provided configuration file a number of aspects can be controlled. A sensible default is defined by the library. Logging is either configured by the using application or provided as a configuration file to the function “initsecurity”. If logging is not configured at all, the library will use a null handler for the generated log messages. The signature of the function is as follows:

initsecurity(configfile=None, logconfigfile=None, policyrules=None)

The arguments are as follows:

  • configfile: This is the name of the main configuration file defining the configurable aspects. The relevant sections used by the library are “secobj” and “rules:<unique name>”.
  • logconfigfile: Configuration options for the logging facility as described in the python library documentation. This parameter can be the same as the configuration file and is the name of the corresponding file.
  • policyrules: Same as the argument “rules” of the decorator “access”. The rules defined here are appended to every access control list.
Release History

Release History

0.2a-1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.2a

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1adev

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
secobj-0.2a_1-py2.7.egg (44.8 kB) Copy SHA256 Checksum SHA256 2.7 Egg Aug 28, 2012
secobj-0.2a-1.tar.gz (15.4 kB) Copy SHA256 Checksum SHA256 Source Aug 28, 2012

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting