Py-rbac
Python implementation of the NIST model for role based access control (RBAC).
Flat Scenario
This is the simplest scenario an mostly used I think. Let's configure it first:
from rbac import RBAC
rbac = RBAC()
# a role for junior editors
jr_editor = rbac.create_role('jr_editor')
# a domain or resource is also an object
article = rbac.create_domain('article')
# create permissions
create = rbac.create_permission('c')
read = rbac.create_permission('r')
update = rbac.create_permission('u')
delete = rbac.create_permission('d')
# give junior a read permission for articles
jr_editor.add_permission(read, article)
# lets create a subject. a user or a third party client
subject = rbac.create_subject('some_int_or_str')
# our subject is new in the job
subject.authorize(jr_editor)
# lock rbac configuration
# this validates the entire structure of our configuration
# will sense more meaning as we use advanced features below
rbac.lock()
After your application executed some code and is about respond client's request:
# check if the client is allowed to...
rbac.go('some_int_or_str', article, create)
# this will raise an exception since we didn't give a create permission to our junior
# raised RBACAuthorizationError