一种微授权系统
clustaar.authorize的Python项目详细描述
#俱乐部授权
[![构建状态](https://travis-ci.org/clustaar/clustaar.authorize.svg?branch=master)(https://travis ci.org/clustaar/clustaar.authorize)
[![代码气候](https://codecoltimae.com/github/clustaar/clustaar.authorize/badges/gpa.svg)](https://codecoltimae.com/github/clustaar/clustaar.authorize)
只需使用`@authorize`decorator并确保在请求上下文上提供一个` ability`属性。
accessrule
来自clustaar.authorize.conditions导入条件
view_action=action(name=“view_project”)
class kwarg equals(condition):
“此条件验证kwarg值是否等于预期值。”
self.\u name=name
self.\u expected=expected
def\u call(self,上下文:
return context.get(self.\u name)==self.\u需要
class adminauthorizations(authorizations):
def初始化(self):
={
创建操作:拒绝,
查看操作:accessrule(condition=kwargequals(“id”,“1”))
}
super()。\uu init(rules=rules,
>用户能力=能力(用户授权())
>管理员能力=能力(管理员授权())
``
授权(查看操作,id=1);>;未发生异常
admin\u-ability.authorize(create\u-action)authorize(create\u action);>;未发生异常
>用户能力.可以(查看用户行为, id="1") # => True
用户能力.可以(查看用户行为, id="2") # => False
用户能力.可以(创建用户行为);>;false
>用户能力.authorize(查看用户行为, id="1") # => No exception raised
用户能力.authorize(创建用户行为,^{br/>
>用户能力.authorize(查看用户行为, id="1") # => No exception raised
用户行为, id="1") # => No exception raised
u action)引发异常:拒绝对创建项目({})
```
``python
``import falcon
管理能力
将是一种管理能力,等等)
“
def process_request(self,request,*args):
另一个中间件在context中注入了当前用户
user=request.context.user
如果user.has_role(“admin”):
authorizations=adminauthorizations()
否则:
authorizations=userauthorizations(user)
request.context.ability=ability(authorizations)
class projectshandler(object):
@authorize(create_action)
def on_post(self,request,response):
pass
class projecthandler(object):
@authorize(view_action)
def on_get(self,请求,响应,id):
传递
app=falcon.api(中间软件=(abilityInjectionMiddleware(),)
app.add_route(“/projects”,projectShandler())
app.add_route(“/projects/{id}”,projecthandler())
```
[![构建状态](https://travis-ci.org/clustaar/clustaar.authorize.svg?branch=master)(https://travis ci.org/clustaar/clustaar.authorize)
[![代码气候](https://codecoltimae.com/github/clustaar/clustaar.authorize/badges/gpa.svg)](https://codecoltimae.com/github/clustaar/clustaar.authorize)
只需使用`@authorize`decorator并确保在请求上下文上提供一个` ability`属性。
accessrule
来自clustaar.authorize.conditions导入条件
class kwarg equals(condition):
“此条件验证kwarg值是否等于预期值。”
self.\u name=name
self.\u expected=expected
def\u call(self,上下文:
return context.get(self.\u name)==self.\u需要
class adminauthorizations(authorizations):
def初始化(self):
={
创建操作:拒绝,
查看操作:accessrule(condition=kwargequals(“id”,“1”))
}
super()。\uu init(rules=rules,
>用户能力=能力(用户授权())
>管理员能力=能力(管理员授权())
``
授权(查看操作,id=1);>;未发生异常
admin\u-ability.authorize(create\u-action)authorize(create\u action);>;未发生异常
>用户能力.可以(查看用户行为, id="1") # => True
用户能力.可以(查看用户行为, id="2") # => False
用户能力.可以(创建用户行为);>;false
>用户能力.authorize(查看用户行为, id="1") # => No exception raised
用户能力.authorize(创建用户行为,^{br/>
>用户能力.authorize(查看用户行为, id="1") # => No exception raised
用户行为, id="1") # => No exception raised
u action)引发异常:拒绝对创建项目({})
```
``python
``import falcon
管理能力
将是一种管理能力,等等)
“
def process_request(self,request,*args):
另一个中间件在context中注入了当前用户
user=request.context.user
如果user.has_role(“admin”):
authorizations=adminauthorizations()
否则:
authorizations=userauthorizations(user)
request.context.ability=ability(authorizations)
class projectshandler(object):
@authorize(create_action)
def on_post(self,request,response):
pass
class projecthandler(object):
@authorize(view_action)
def on_get(self,请求,响应,id):
传递
app=falcon.api(中间软件=(abilityInjectionMiddleware(),)
app.add_route(“/projects”,projectShandler())
app.add_route(“/projects/{id}”,projecthandler())
```