RBAC0 implementation (core part)
Python Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

easyrbac

Build Status

Role based Access Control implementation using the standard library

I wrote a little piece on medium about it if you are interested on reading.

NOTE: Still under heavy development.

Installation

$ mkvirtualenv rbac
$ workon rbac
(rbac)$ pip install easyrbac

Demo

Role creation and assignment of role to a User

from easyrbac import Role, User


default_role = Role('default')
admin_role = Role('admin')

default_user = User(roles=[default_role])
admin_user = User(roles=[admin_role, default_role])

User resource access permissions allocation

from easyrbac import AccessControlList, User, Role

everyone_role = Role('everyone')
admin_role = Role('admin')

everyone_user = User(roles=[everyone_role])
admin_user = User(roles=[admin_role, everyone_role])


acl = AccessControlList()

acl.resource_read_rule(everyone_role, 'GET', '/api/v1/employee/1/info')
acl.resource_delete_rule(admin_role, 'DELETE', '/api/v1/employee/1/')

# checking READ operation on resource for user `everyone_user`
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    assert acl.is_read_allowed(user_role, 'GET', '/api/v1/employee/1/info') == True

# checking WRITE operation on resource for user `everyone_user`
# Since you have not defined the rule for the particular, it will disallow any such operation by default.
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    assert acl.is_write_allowed(user_role, 'WRITE', '/api/v1/employee/1/info') == False

# checking WRITE operation on resource for user `admin_user`
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    if user_role == 'admin': # as a user can have more than one role assigned to them
        assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == True
    else:
        assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == False

Tests

easyrbac uses py.test for running the tests, running which is as simple as doing a

$ py.test

TODO

  • Adding hierarchical roles, which represent parent<->child relations
  • Adding this on top of Bottle/Flask
  • Make it pip installable

Issues

You can submit the issues on the issue tracker here

Literature material

RBAC in simple terms

rbac

Links

LICENSE

GPLv3

Donation

If you have found my little bits of software being of any use to you, do consider helping me pay my internet bills :)

PayPal Donate via PayPal!
Gratipay Support via Gratipay
Patreon Support me on Patreon
£ (GBP) Donate via TransferWise!
€ Euros Donate via TransferWise!
₹ (INR) Donate via instamojo