GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rsinger86 → Drf Access Policy

rsinger86 / Drf Access Policy

Licence: mit
Declarative access policies/permissions modeled after AWS' IAM policies.

Programming Languages

python
139335 projects - #7 most used programming language
declarative
70 projects

Labels

djangoauthorizationdjango-rest-frameworkpermissionsaccess-controliam

Projects that are alternatives of or similar to Drf Access Policy

riam
AWS IAM inspired policy engine in Rust
Stars: ✭ 19 (-90.5%)
Mutual labels:  permissions, iam, authorization
Access Granted
Multi-role and whitelist based authorization gem for Rails (and not only Rails!)
Stars: ✭ 733 (+266.5%)
Mutual labels:  authorization, permissions, access-control
access-controller
A highly scalable open-source implementation of an access-control engine inspired by Google Zanzibar-"Google’s Consistent, Global Authorization System"
Stars: ✭ 61 (-69.5%)
Mutual labels:  iam, authorization, access-control
Casbin4D
An authorization library that supports access control models like ACL, RBAC, ABAC in Delphi
Stars: ✭ 25 (-87.5%)
Mutual labels:  permissions, authorization, access-control
Rbac.dev
A collection of good practices and tools for Kubernetes RBAC
Stars: ✭ 115 (-42.5%)
Mutual labels:  authorization, permissions, access-control
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+173%)
Mutual labels:  permissions, authorization, access-control
Django Rest Framework Passwordless
Passwordless Auth for Django REST Framework
Stars: ✭ 412 (+106%)
Mutual labels:  django, django-rest-framework, authorization
nova-permissions
Add Permissions based authorization for your Nova installation via User-based Roles and Permissions. Roles are defined in the database whereas Permissions are defined in the code base.
Stars: ✭ 115 (-42.5%)
Mutual labels:  permissions, authorization, access-control
Vakt
Attribute-based access control (ABAC) SDK for Python
Stars: ✭ 92 (-54%)
Mutual labels:  authorization, permissions, access-control
Django Rules
Awesome Django authorization, without the database
Stars: ✭ 1,255 (+527.5%)
Mutual labels:  django, authorization, permissions
Authr
🔑 a flexible and expressive approach to access-control
Stars: ✭ 33 (-83.5%)
Mutual labels:  authorization, permissions, access-control
Laravel Authz
An authorization library that supports access control models like ACL, RBAC, ABAC in Laravel.
Stars: ✭ 136 (-32%)
Mutual labels:  authorization, permissions, access-control
Accesscontrol
Role and Attribute based Access Control for Node.js
Stars: ✭ 1,723 (+761.5%)
Mutual labels:  authorization, permissions, access-control
Think Authz
An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .
Stars: ✭ 155 (-22.5%)
Mutual labels:  authorization, permissions, access-control
Django Rest Auth
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)
Stars: ✭ 2,289 (+1044.5%)
Mutual labels:  django, django-rest-framework
Redis Adapter
Redis adapter for Casbin
Stars: ✭ 167 (-16.5%)
Mutual labels:  authorization, access-control
Casbin Server
Casbin as a Service (CaaS)
Stars: ✭ 171 (-14.5%)
Mutual labels:  authorization, access-control
Mongodb Adapter
MongoDB adapter for Casbin
Stars: ✭ 194 (-3%)
Mutual labels:  authorization, access-control
Vue People
VuePeople lists and connects Vue.JS developers around the world.
Stars: ✭ 167 (-16.5%)
Mutual labels:  django, django-rest-framework
Rest Api Basics
This is a basic guide on how to build a REST API with Django & Python. For much deeper depth, check out our new course on REST API: (https://kirr.co/90kxtx)
Stars: ✭ 171 (-14.5%)
Mutual labels:  django, django-rest-framework
View All Similar Projects ➔

Django REST - Access Policy

Package version Python versions

This project brings a declaritive, organized approach to managing access control in Django REST Framework projects. Each ViewSet or function-based view can be assigned an explicit policy for the exposed resource(s). No more digging through views or seralizers to understand access logic -- it's all in one place in a format that less technical stakeholders can understand. If you're familiar with other declaritive access models, such as AWS' IAM, the syntax will be familiar.

In short, you can start expressing your access rules like this:

class ArticleAccessPolicy(AccessPolicy):
    statements = [
        {
            "action": ["list", "retrieve"],
            "principal": "*",
            "effect": "allow"
        },
        {
            "action": ["publish", "unpublish"],
            "principal": ["group:editor"],
            "effect": "allow"            
        }
    ]

This project has complete test coverage and the base AccessPolicy class is only ~150 lines of code: there's no magic here.

Documentation: https://rsinger86.github.io/drf-access-policy

Source Code: https://github.com/rsinger86/drf-access-policy

Changelog

0.8.7 (February 2021)

  • Fixed bug preventing argument being passed to custom condition method if "*" character used.

0.8.6 (January 2021)

  • Adds missing requirement to setup.py. Thanks @daviddavis!

0.8.5 (January 2021)

  • Adds support for boolean expressions in condition statement elements. Thanks @tanonl!

0.8.1 (October 2020)

0.8.0 (September 2020)

0.7.0 (August 2020)

  • Allows using HTTP method placeholders in action element of statements to match request.
    • For example, "action": ["<method:post>"] will match all POST requests.

0.6.2 (July 2020)

  • Uses user.pk instead of user.id in user principal check, for compatibility with non-id primary keys.
  • Fixes to documentation. Thanks @oguzhancelikarslan!

0.6.1 (June 2020)

  • Replaces references to "delete" action with "destroy" in docs/tests, to be consistent with DRF's ViewSet actions. Thanks @greenled!

0.6.0 (May 2020)

  • Only call database-hitting get_user_group_values if needed in private method. Thanks KillianMeersman!
  • Use prefetch_related_objects to ensure that user's groups aren't fetched more than once. Thanks filwaline!

0.5.1 (December 2019)

  • Tox config updates and typo fixes in docs.

0.5.0 (September 2019)

  • Add option to define re-usable custom conditions/permissions in a module that can be referenced by multiple policies.

0.4.2 (June 2019)

  • Fixes readme format for Pypy display.

0.4.0 (June 2019)

  • Allow passing arguments to condition methods, via condition values formatted as {method_name}:{arg_value}.

0.3.0 (May 2019)

  • Adds special <safe_methods> action key that matches when the current request is an HTTP read-only method: HEAD, GET, OPTIONS.

0.2.0 (May 2019)

  • Adds special authenticated and anonymous principal keys to match any authenticated user and any non-authenticated user, respectively. Thanks @bogdandm for discussion/advice!

0.1.0 (May 2019)

  • Initial release

Testing

Tests are found in a simplified Django project in the /tests folder. Install the project requirements and do ./manage.py test to run them.

License

See License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].