Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

easyrbac

Build Status

Role based Access Control implementation using the standard library

I wrote a little piece on medium about it if you are interested on reading.

NOTE: Still under heavy development.

Installation

$ mkvirtualenv rbac
$ workon rbac
(rbac)$ pip install easyrbac

Demo

Role creation and assignment of role to a User

from easyrbac import Role, User


default_role = Role('default')
admin_role = Role('admin')

default_user = User(roles=[default_role])
admin_user = User(roles=[admin_role, default_role])

User resource access permissions allocation

from easyrbac import AccessControlList, User, Role

everyone_role = Role('everyone')
admin_role = Role('admin')

everyone_user = User(roles=[everyone_role])
admin_user = User(roles=[admin_role, everyone_role])


acl = AccessControlList()

acl.resource_read_rule(everyone_role, 'GET', '/api/v1/employee/1/info')
acl.resource_delete_rule(admin_role, 'DELETE', '/api/v1/employee/1/')

# checking READ operation on resource for user `everyone_user`
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    assert acl.is_read_allowed(user_role, 'GET', '/api/v1/employee/1/info') == True

# checking WRITE operation on resource for user `everyone_user`
# Since you have not defined the rule for the particular, it will disallow any such operation by default.
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    assert acl.is_write_allowed(user_role, 'WRITE', '/api/v1/employee/1/info') == False

# checking WRITE operation on resource for user `admin_user`
for user_role in [role.get_name() for role in everyone_user.get_roles()]:
    if user_role == 'admin': # as a user can have more than one role assigned to them
        assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == True
    else:
        assert acl.is_delete_allowed(user_role, 'DELETE', '/api/v1/employee/1/') == False

Tests

easyrbac uses py.test for running the tests, running which is as simple as doing a

$ py.test

TODO

  • Adding hierarchical roles, which represent parent<->child relations
  • Adding this on top of Bottle/Flask
  • Make it pip installable

Issues

You can submit the issues on the issue tracker here

Literature material

RBAC in simple terms

rbac

Links

LICENSE

GPLv3

Donation

If you have found my little bits of software being of any use to you, do consider helping me pay my internet bills :)

PayPal Donate via PayPal!
Gratipay Support via Gratipay
Patreon Support me on Patreon
£ (GBP) Donate via TransferWise!
€ Euros Donate via TransferWise!
₹ (INR) Donate via instamojo
You can’t perform that action at this time.