Skip to main content

No project description provided

Project description

Tagashy Generic Permission Manager

pipeline coverage release

Getting started

Description

TGPM provide a permission management system where permissions can be set for different users on various resources. It supports different permission scopes like self, children allowed, and children denied, as well as different permission types like read and write. The PermissionDenied exception is raised when a user tries to perform an action without the necessary permissions.

Installation

pip install tgpm

Usage

Most use-cases are documented in the integration tests.

System instantiation

from typing import Annotated

from tgpm.tgpm import AsyncConnectedTGPM, get_tgpm
from sqlalchemy.ext.asyncio import AsyncSession
from fastapi import Depends
# WARNING CODE EXECUTION HERE
resource_security_manager = get_tgpm(User)
resource_security_manager.generate_permission_for_all_models()


# WARNING END CODE EXECUTION HERE
def get_connected_permission_service(session: Annotated[AsyncSession, Depends(get_db_session)]) -> AsyncConnectedTGPM:
    return resource_security_manager.use(session)

create permissions

@router.post("/")
async def create_project(project: schemas.ProjectCreation,
                         service: Annotated[ProjectService, Depends(get_project_service)],
                         user: Annotated[User, Security(get_current_active_user, scopes=[Scopes.PROJECT_CREATE.value])],
                         connected_tgpm: Annotated[AsyncConnectedTGPM, Depends(get_connected_permission_service)],
                         ) -> schemas.Project:
    """
    create a project for a given customer.
    """
    project = await service.create_project(project.application_name, creator_id=user.id)
    permission = connected_tgpm.add_permission_on(Project).for_(user.id).with_(scope=PermissionScope.CHILDREN_ALLOWED)
    await permission.with_(permission_type=PermissionType.READ).where(resource_id=project.id)
    await permission.with_(permission_type=PermissionType.WRITE).where(resource_id=project.id)
    return project

validate permissions

class ResourceValidator:
    def __init__(self, model: type[DeclarativeBase]):
        self.model = model

    def __call__(self, connected_tgpm: Annotated[AsyncConnectedTGPM, Depends(get_connected_permission_service)]):
        return connected_tgpm.get_permission_validator(resource_type=self.model)

ProjectResourceValidator = ResourceValidator(Project)

@router.post("/")
async def create_host(
        project_id: UUID,
        user: Annotated[User, Security(get_current_active_user, scopes=[Scopes.HOST_CREATE.value])],
        validate_that: Annotated[ValidateThat, Depends(ProjectResourceValidator)],
        host: schemas.HostCreation,
        service: Annotated[HostService, Depends(get_host_service)]) -> schemas.Host:
    """
    allow to create a host directly.
    This endpoint is a public API but is currently unused by the code. It is available though swagger API

    :param host: the host information in the body
    :param service: the host service
    :return: the created host
    """
    await validate_that(user.id).can_write(project_id)
    return await service.create_host(host=host)

Support

Contributions and feedback are welcome! You can:

  • create an issue
  • look for TODO in the code and provide a MR with changes
  • provide a MR for support of new class

Roadmap

  • Library Usage

Authors and acknowledgment

Currently developed by Tagashy, but any help is welcomed and credited here.

License

See the LICENSE file for licensing information as it pertains to files in this repository.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tgpm-0.2.0.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

tgpm-0.2.0-py3-none-any.whl (12.4 kB view details)

Uploaded Python 3

File details

Details for the file tgpm-0.2.0.tar.gz.

File metadata

  • Download URL: tgpm-0.2.0.tar.gz
  • Upload date:
  • Size: 11.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for tgpm-0.2.0.tar.gz
Algorithm Hash digest
SHA256 fe51751514ed578df673a1d56901e894e25d7355ccfd7ab76454706513efc084
MD5 7b457340c6e978f6c895c2eb609679fc
BLAKE2b-256 64706d3af8695c5e4bbc090987c13e2ef10b078509657f5f2c9289795df5a75a

See more details on using hashes here.

File details

Details for the file tgpm-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: tgpm-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 12.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for tgpm-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b345af93b61775577ae6d88be883c780518edb953eb489ba5e1bbad78c7dc96d
MD5 e3d4c56e2172f218dbbb556f8e406e8e
BLAKE2b-256 d22705fd40e25d5182ee2fcb228036879a8949be749ebf2204c6a0181993df0b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page