Rule registry for django

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jpic from gravatar.com jpic Avatar for Serafeim.Papastefanos from gravatar.com Serafeim.Papastefanos

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: James Pic
  • Tags django, security, rules, acl, rbac
Classifiers

Project description

https://secure.travis-ci.org/yourlabs/django-rules-light.png?branch=master

This is a simple alternative to django-rules. The core difference is that it uses as registry that can be modified on runtime, instead of database models.

One of the goal is to enable developpers of external apps to make rules, depend on it, while allowing a project to override rules.

Example your_app/rules_light_registry.py:

# Everybody can read a blog post (for now!):
rules_light.registry['blog.post.read'] = True

# Require authentication to create a blog post, using a shortcut:
rules_light.registry['blog.post.create'] = rules_light.is_authenticated

def is_staff_or_mine(user, rule, obj):
    return user.is_staff or obj.author == user

# But others shouldn't mess with my posts !
rules_light.registry['blog.post.update'] = is_staff_or_mine
rules_light.registry['blog.post.delete'] = is_staff_or_mine

Example your_app/views.py:

@rules_light.class_decorator
class PostDetailView(generic.DetailView):
    model = Post

@rules_light.class_decorator
class PostCreateView(generic.CreateView):
    model = Post

@rules_light.class_decorator
class PostUpdateView(generic.UpdateView):
    model = Post

@rules_light.class_decorator
class PostDeleteView(generic.DeleteView):
    model = Post

You might want to read the tutorial for more.

What’s the catch ?

The catch is that this approach does not offer any feature to get secure querysets.

This means that the developper has to:

  • think about security when making querysets,

  • override eventual external app ListViews,

Requirements

  • Maintained against Python 2.7

  • and Django 1.4+

Quick Install

  • Install module: pip install django-rules-light,

  • Add to settings.INSTALLED_APPS: rules_light,

  • Add in settings.MIDDLEWARE_CLASSES: rules_light.middleware.Middleware,

  • Add in urls.py: rules_light.autodiscover(),

You might want to read the tutorial.

There is also a lot of documentation, from the core to the tools, including pointers to debug, log and test your security.

Resources

You could subscribe to the mailing list ask questions or just be informed of package updates.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jpic from gravatar.com jpic Avatar for Serafeim.Papastefanos from gravatar.com Serafeim.Papastefanos

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: James Pic
  • Tags django, security, rules, acl, rbac
Classifiers

Release history Release notifications | RSS feed

0.3.2

0.3.1

0.3.0

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

This version

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.3

0.0.2

0.0.1

0.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-rules-light-0.0.9.tar.gz (16.4 kB view details)

Uploaded Source

File details

Details for the file django-rules-light-0.0.9.tar.gz.

File metadata

File hashes

Hashes for django-rules-light-0.0.9.tar.gz
Algorithm Hash digest
SHA256 12d553aa58728691d02941c0909efdb2825cc2c440aae3fb30c004a90fbbd968
MD5 14492ab1db487de677b62023537d265a
BLAKE2b-256 08fd828642398aebb4adb7885b08602f06a92a4a52acb23e0b24a922eb1bd943

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page