Open Site Navigation
  • Shawn McKinney

Introducing a pythonic RBAC API


py-fortress is a Python API implementing Role-Based Access Control level 0 – Core. It’s still pretty new so there’s going to be some rough edges that will need to be smoothed out in the coming weeks.

To try it out, clone its git repo and use one of the fortress docker images for OpenLDAP or Apache Directory. The README has the details.

py-fortress git repo

The API is pretty simple to use.

ADMIN FUNCTIONS WORK LIKE THIS

# Add User:
admin_mgr.add_user(User(uid='foo', password='secret'))

# Add Role:
admin_mgr.add_role(Role(name='customer'))

# Assign User:
admin_mgr.assign(User(uid='foo'), Role(name='customer'))

# Add Permission:
admin_mgr.add_perm_obj(PermObj(obj_name='shopping-cart'))
admin_mgr.add_perm(Perm(obj_name='shopping-cart', op_name='checkout'))

# Grant:
admin_mgr.grant(Perm(obj_name='shopping-cart', op_name='checkout'),Role(name='customer')) 

ACCESS CONTROL FUNCTIONS

# Create Session, False means mandatory password authentication.
session = access_mgr.create_session(User(uid='foo', password='secret'), False)

# Permission check, returns True if allowed:
result = access_mgr.check_access(session, Perm(obj_name='shopping-cart', op_name='checkout'))

# Get all the permissions allowed for user:
perms = access_mgr.session_perms(session)

# Check a role:
result = access_mgr.is_user_in_role(session, Role(name='customer'))

# Get all roles in the session:
roles = access_mgr.session_roles(session)

In addition, there’s the full compliment of review apis as prescribed by RBAC. If interested, look at the RBAC modules:

  • admin_mgr

  • review_mgr

  • access_mgr

Each of the modules have comments that describe the functions, along with their required and optional attributes.

Try it out and let me know what you think. There will be a release in the near future that will include some additional tooling. If it takes off, RBAC1 – RBAC3 will follow.

43 views0 comments

Recent Posts

See All

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s

  • Symas Blog RSS Feed
  • Symas on Facebook
  • Symas on Twitter
  • Symas Blog
  • Symas on LinkedIn
  • Symas YouTube Channel

Copyright © 2022, Symas Corporation. All rights reserved. Privacy Statement (updated July 28, 2022)

Phone:

Main Office: +1.650.963.7601
Fax: +1.650.390.6284

Email:

Sales: sales@symas.com
Support: support@symas.com

Office Hours:

8:00 AM - 5:00 PM ET

Office Location:

Symas Corporation
PO Box 391
Grand Junction, CO 81507 USA