Skip to main content

An authorization library that supports access control models like ACL, RBAC, ABAC in Django

Project description

Django Casbin Auth

tests Coverage Status Version Download Discord

django-casbin-auth is an authorization library for Django framework.

Based on Casbin and Django-casbin (middleware, light weight of this plugin), an authorization library that that supports access control models like ACL, RBAC, ABAC.

image

Installation and Configure

pip install django-casbin-auth

We recommend that you first configure the adapter for persistent storage of the policy, such as:

django-orm-adapter, After integrating it into the project continue with the configuration of django-authrization

# 1. Add the app to INSTALLED_APPS
INSTALLED_APPS = [
    "django.contrib.admin",
    "django.contrib.auth",
    "django.contrib.contenttypes",
    "django.contrib.sessions",
    "django.contrib.messages",
    "django.contrib.staticfiles",
    "dauthz.apps.DauthzConfig",	# add this app to INSTALLED_APPS
]

# 2. Add configure of dauthz
DAUTHZ = {
    # DEFAULT Dauthz enforcer
    "DEFAULT": {
        # Casbin model setting.
        "MODEL": {
            # Available Settings: "file", "text"
            "CONFIG_TYPE": "file",
            "CONFIG_FILE_PATH": Path(__file__).parent.joinpath("dauthz-model.conf"),
            "CONFIG_TEXT": "",
        },
        # Casbin adapter .
        "ADAPTER": {
            "NAME": "casbin_adapter.adapter.Adapter",
            # 'OPTION_1': '',
        },
        "LOG": {
            # Changes whether Dauthz will log messages to the Logger.
            "ENABLED": False,
        },
    },
}

to better prompt the configure method of django-casbin-auth, we made a django-app based on django-casbin-auth, you can see it in django-casbin-auth-example

Usage

Some Important Concepts:

such as .conf file, policy, sub, obj, act, please refer to the casbin website

Middleware Usage

# Install middleware for django-casbin-auth as required
MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
    "dauthz.middlewares.request_middleware.RequestMiddleware",	# add the middleware 
]

You can freely set the casbin enforcer for the middleware via API: set_enforcer_for_request_middleware(enforcer_name) and set_enforcer_for_enforcer_middleware(enforcer_name)

Decorator Usage

Request decorator will check the authorization status of user, path, method

# use request decorator
@request_decorator
def some_view(request):
    return HttpResponse("Hello World")

Enforcer decorator will check the authorization status of user, obj, edit. example:

# use enforcer decorator
# sub: user in request obj: "artical" act: "edit"
@enforcer_decorator("artical", "edit")
def some_view(request):
    return HttpResponse("Hello World")

Command Line Usage

The command line operation allows you to operate directly on the enforcer's database. Three sets of commands are available: policy commands, group commands and role commands.

Add/Get policy, usage: 
python manage.py policy [opt: --enforcer=<enforcer_name>] add <sub> <obj> <act>
python manage.py policy [opt: --enforcer=<enforcer_name>] get <sub> <obj> <act>

Add/Get role to user, usage: 
python manage.py role [opt: --enforcer=<enforcer_name>] add <user> <role>
python manage.py role [opt: --enforcer=<enforcer_name>] get <user>

Add/Get group policy, usage:
python manage.py group [opt: --enforcer=<enforcer_name>] add <user> <role> [opt:<domain>]
python manage.py group [opt: --enforcer=<enforcer_name>] get <user> <role> [opt:<domain>]

Backend Usage

You can integrate Pycasbin with Django authentication system. For more usage, you can refer to tests/test_backend.py. To enable the backend, you need to specify it in settings.py.

AUTHENTICATION_BACKENDS = [
    "dauthz.backends.CasbinBackend",
    "django.contrib.auth.backends.ModelBackend", 
    ]

Note that you still need to add permissions for users with pycasbin add_policy() due to the mechanism of the django permission system.

License

This project is licensed under the Apache 2.0 license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_casbin_auth-1.5.0.tar.gz (373.4 kB view details)

Uploaded Source

Built Distribution

django_casbin_auth-1.5.0-py3-none-any.whl (409.1 kB view details)

Uploaded Python 3

File details

Details for the file django_casbin_auth-1.5.0.tar.gz.

File metadata

  • Download URL: django_casbin_auth-1.5.0.tar.gz
  • Upload date:
  • Size: 373.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.12.7

File hashes

Hashes for django_casbin_auth-1.5.0.tar.gz
Algorithm Hash digest
SHA256 eab37931ce42a1837f34af6f5e88d41f9d13226caca9e182b83784531691ea01
MD5 0960673d2951dc4e13ad8dc2a4873690
BLAKE2b-256 54e98a168324e07c114c1a9c25cf1516dc39fd9b104279a070895b4631109b3b

See more details on using hashes here.

Provenance

File details

Details for the file django_casbin_auth-1.5.0-py3-none-any.whl.

File metadata

File hashes

Hashes for django_casbin_auth-1.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 90e0db0abd4c9e92a42200e0146f76216425ddc609e3f8f1e5ebed1527d936d4
MD5 1c3984f642b0500ab2b8a692efa8fb25
BLAKE2b-256 584fa77e42489d27a8f9d042ecec7855a3b381be176028e041346fe9b0c56478

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page