Introducing a pythonic RBAC API
- Shawn McKinney
- Mar 19, 2018
- 1 min read
py-fortress is a Python API implementing Role-Based Access Control level 0 – Core. It’s still pretty new so there’s going to be some rough edges that will need to be smoothed out in the coming weeks.
To try it out, clone its git repo and use one of the fortress docker images for OpenLDAP or Apache Directory. The README has the details.
The API is pretty simple to use.
ADMIN FUNCTIONS WORK LIKE THIS
# Add User:
admin_mgr.add_user(User(uid='foo', password='secret'))
# Add Role:
admin_mgr.add_role(Role(name='customer'))
# Assign User:
admin_mgr.assign(User(uid='foo'), Role(name='customer'))
# Add Permission:
admin_mgr.add_perm_obj(PermObj(obj_name='shopping-cart'))
admin_mgr.add_perm(Perm(obj_name='shopping-cart', op_name='checkout'))
# Grant:
admin_mgr.grant(Perm(obj_name='shopping-cart', op_name='checkout'),Role(name='customer'))
ACCESS CONTROL FUNCTIONS
# Create Session, False means mandatory password authentication.
session = access_mgr.create_session(User(uid='foo', password='secret'), False)
# Permission check, returns True if allowed:
result = access_mgr.check_access(session, Perm(obj_name='shopping-cart', op_name='checkout'))
# Get all the permissions allowed for user:
perms = access_mgr.session_perms(session)
# Check a role:
result = access_mgr.is_user_in_role(session, Role(name='customer'))
# Get all roles in the session:
roles = access_mgr.session_roles(session)In addition, there’s the full compliment of review apis as prescribed by RBAC. If interested, look at the RBAC modules:
admin_mgr
review_mgr
access_mgr
Each of the modules have comments that describe the functions, along with their required and optional attributes.
Try it out and let me know what you think. There will be a release in the near future that will include some additional tooling. If it takes off, RBAC1 – RBAC3 will follow.