An authorization middleware for Flask that supports ACL, RBAC, ABAC, based on Casbin

These details have been verified by PyPI

Maintainers

casbin dfresh613 hsluoyz jessecooper sciencelogic

These details have not been verified by PyPI

Project links

Homepage

Project description

flask-authz

flask-authz is an authorization middleware for Flask, it's based on PyCasbin.

Installation

pip install flask-authz

Simple Example

This repo is just a working Flask app that shows the usage of flask-authz. To use it in your existing Flask app, you need:

from authz.middleware import CasbinMiddleware
import casbin
from flask import Flask

app = Flask(__name__)

# Initialize the Casbin enforcer, load the casbin model and policy from files.
# Change the 2nd arg to use a database.
enforcer = casbin.Enforcer("authz_model.conf", "authz_policy.csv")

app.wsgi_app = CasbinMiddleware(app.wsgi_app, enforcer)


@app.route("/")
def hello_world():
    return "Hello World!"


if __name__ == '__main__':
    app.run()

The default policy authz_policy.csv is:

p, anonymous, /, GET
p, admin, *, *
g, alice, admin

It means anonymous user can only access homepage /. Admin users like alice can access any pages. Currently all accesses are regarded as anonymous. Add your authentication to let a user log in.

How are subject, object, action defined?

In middleware.py:

def check_permission(self, request):
    # change the user, path, method as you need.
    user = request.remote_user # subject
    if user is None:
        user = 'anonymous'
    path = request.path # object
    method = request.method # action
    return self.enforcer.enforce(user, path, method)

You may need to copy the middleware.py code to your project and modify it directly if you have other definitions for subject, object, action.

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

subject: the logged-in user name
object: the URL path for the web resource like "dataset1/item1"
action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

Casbin

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

Project details

These details have been verified by PyPI

Maintainers

casbin dfresh613 hsluoyz jessecooper sciencelogic

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

2.6.0

Mar 29, 2024

2.5.1

Nov 19, 2023

2.5.0

Jan 30, 2022

2.4.0

Jul 23, 2021

2.3.0

May 15, 2021

2.2.0

Mar 9, 2021

2.1.1

Nov 20, 2020

2.1.0

Nov 11, 2020

2.0.1

Aug 19, 2020

2.0.0

Jul 3, 2020

1.0.0

Jan 26, 2020

This version

0.0.1

Jun 23, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flask-authz-0.0.1.tar.gz (3.5 kB view hashes)

Uploaded Jun 23, 2019 Source

Built Distribution

flask_authz-0.0.1-py3-none-any.whl (10.0 kB view hashes)

Uploaded Jun 23, 2019 Python 3

Hashes for flask-authz-0.0.1.tar.gz

Hashes for flask-authz-0.0.1.tar.gz
Algorithm	Hash digest
SHA256	`0f181060e7214dad0db96d91ba19985c7a6d9f1e513b5de8c644d11ed0f4a0f0`
MD5	`10dba3526ce0adba566070f027900a83`
BLAKE2b-256	`989c57713744cbc6f5d9bda04356bc841780b9bb9325140b279595339cd2b92e`

Hashes for flask_authz-0.0.1-py3-none-any.whl

Hashes for flask_authz-0.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`d6d39d165cdfe81009c148250f9bde110850ddf86a6dc00a14e791028d4899c4`
MD5	`9f2e7d3e0a99f1bff098c041fb108788`
BLAKE2b-256	`34d8f9364a03b99467ef0f1b6b7f86da3d2ab001326bf1598669038bba8842f7`