-
-
Notifications
You must be signed in to change notification settings - Fork 6k
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How we can manage roles and permissions using fast-API dynamically? #5676
Comments
Can you please clarify what is wrong with the code snippet and what you are trying to accomplish, as well as what you mean by managing roles and permissions dynamically? There is a section in the documentation about using oauth2.0 scopes (https://fastapi.tiangolo.com/advanced/security/oauth2-scopes) which is a way to manage permissions. As mentioned in the docs, you will want to have some way to persist the permissions for each user (using a database of some sort or using a predefined list of permissions). You can also create a custom dependency to check permissions each time the user makes a request to your endpoints, which may be necessary if you need the ability to immediately revoke permissions for a user without invalidating their JWT. |
@waderoberts123 I need Roles and permission for proper articles for good understanding. From the docs I cannot understand how we can work on that case. For example, users have 500 Roles and every role against different permissions so how do we handle dynamically without specifying specific roles e.g i use static roles and check if users have this role 'admin' or not. So I need the proper way of managing roles and permissions. For example, one user has posts. create a table name and create another table name
|
Hi Syed, |
@tacan these libraries we can use with fastAPI? |
Yes, of course. You just have to install them via pip (or any other tool you use) and then import and implement the access control logic in your path functions. Better yet, you can create helper functions or classes in external modules and just use them in your path functions. |
@tacan please share with me any library link you recommend who fix my problem. |
I use request.auth.scopes to check permissions and it is used in |
@SyedKashifNaqvi PyCasbin (https://github.com/casbin/pycasbin) is a pure Python implementation for all RBAC and ABAC authorization (instead of just a client library that talks to an auth server via HTTP). It also provides a fastapi middleware: https://github.com/pycasbin/fastapi-authz for people to get started quickly. Maybe documentation can be added to let more people know. |
@hsluoyz I hadn't seen fastapi-authz until now! Looks very useful/simple thanks for sharing |
Thanks a lot for sharing these information. I will study this package in depth. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
First Check
Commit to Help
Example Code
Description
I research a lot but not find any good way to manage roles and permission dynamically using FastApi. if you guys have any idea please let me know.Thanks in advance
Operating System
Linux
Operating System Details
No response
FastAPI Version
0.87.0
Python Version
3.10.8
Additional Context
No response
The text was updated successfully, but these errors were encountered: