Skip to content

pycasbin/django-casbin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

.github

.github

 
 

casbin_middleware

casbin_middleware

 
 

django_example

django_example

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

manage.py

manage.py

 
 

pyproject.toml

pyproject.toml

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

django-casbin

Discord

News: 🔥🔥🔥 How to use it with Django ? Try Django Authorization >>>, an authorization library for Django framework.

django-casbin is an authorization middleware for Django, it's based on PyCasbin.

Installation

pip install casbin

Simple Example

This repo is just a working Django app that shows the usage of django-casbin. To use it in your existing Django app, you need:

  • Add the middleware to your Django app's settings.py:
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'casbin_middleware.middleware.CasbinMiddleware', # Add this line, must after AuthenticationMiddleware.
]
  • Copy casbin_middleware folder to your Django's top folder, modify casbin_middleware/middleware.py if you need:
import casbin

def __init__(self, get_response):
    self.get_response = get_response
    # load the casbin model and policy from files.
    # change the 2nd arg to use a database.
    self.enforcer = casbin.Enforcer("casbin_middleware/authz_model.conf", "casbin_middleware/authz_policy.csv")

def check_permission(self, request):
    # change the user, path, method as you need.
    user = request.user.username
    if request.user.is_anonymous:
        user = 'anonymous'
    path = request.path
    method = request.method
    return self.enforcer.enforce(user, path, method)
  • The default policy authz_policy.csv is:
p, anonymous, /, GET
p, admin, *, *
g, alice, admin

It means anonymous user can only access homepage /. Admin users like alice can access any pages. Currently all accesses are regarded as anonymous. Add your authentication to let a user log in.

Documentation

The authorization determines a request based on {subject, object, action}, which means what subject can perform what action on what object. In this plugin, the meanings are:

  1. subject: the logged-in user name
  2. object: the URL path for the web resource like "dataset1/item1"
  3. action: HTTP method like GET, POST, PUT, DELETE, or the high-level actions you defined like "read-file", "write-blog"

For how to write authorization policy and other details, please refer to the Casbin's documentation.

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.

About

Authorization middleware for Django based on PyCasbin

github.com/casbin/pycasbin

Topics

python middleware django acl authorization permission rbac abac django-middleware casbin pycasbin django-auth

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

97 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages