merge https://github.com/ScienceLogic/flask-casbin code into flask-authz

Author: jessecooper

.bumpversion.cfg

@@ -0,0 +1,6 @@
+[bumpversion]
+current_version = 0.1.0
+commit = True
+tag = True
+
+[bumpversion:file:setup.py]

.flake8

@@ -0,0 +1,7 @@
+[flake8]
+# Recommend matching the black line length (default 88),
+# rather than using the flake8 default of 79:
+max-line-length = 88
+extend-ignore =
+    # See https://github.com/PyCQA/pycodestyle/issues/373
+    E203,

.gitignore

@@ -103,5 +103,30 @@ venv.bak/
 # mypy
 .mypy_cache/
 
+# pycharm
 .idea/
-*.iml
+*.iml
+
+# Packages
+*.egg-info
+build
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+lib
+lib64
+
+.tox
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+docs/_build
+
+# Cookiecutter
+output/

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+default_stages: [commit, push]
+fail_fast: true
+repos:
+- repo: https://github.com/ambv/black
+  rev: stable
+  hooks:
+  - id: black
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.1.0
+  hooks:
+  - id: trailing-whitespace
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v2.1.0
+  hooks:
+  - id: flake8
+- repo: https://github.com/szebenyib/pre-commit-pytest
+  rev: master
+  hooks:
+  - id: pytest

LICENSE.md

@@ -0,0 +1,13 @@
+Copyright 2020 ScienceLogic, Inc
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

MANIFEST.in

@@ -0,0 +1,2 @@
+include README.md
+include requirements.txt

README.md

@@ -15,36 +15,59 @@ flask-authz is an authorization middleware for [Flask](http://flask.pocoo.org/),
 ```
 pip install flask-authz
 ```
+Or clone the repo:
+```
+$ git clone https://github.com/pycasbin/flask-authz.git
+$ python setup.py install
+```
 
-## Simple Example
-
-This repo is just a working Flask app that shows the usage of flask-authz (see: https://github.com/pycasbin/flask-authz/blob/master/app.py). To use it in your existing Flask app, you need:
-
+Module Usage:
 ```python
-from authz.middleware import CasbinMiddleware
-import casbin
 from flask import Flask
+from flask_authz import CasbinEnforcer
+from casbin.persist.adapters import FileAdapter
 
 app = Flask(__name__)
+# Set up Casbin model config
+app.config['CASBIN_MODEL'] = 'casbinmodel.conf'
+# Set headers where owner for enforcement policy should be located
+app.config['CASBIN_OWNER_HEADERS'] = {'X-User', 'X-Group'}
+# Set up Casbin Adapter
+adapter = FileAdapter('rbac_policy.csv')
+casbin_enforcer = CasbinEnforcer(app, adapter)
+
+@app.route('/', methods=['GET'])
+@casbin_enforcer.enforcer
+def get_root():
+    return jsonify({'message': 'If you see this you have access'})
+
+@app.route('/manager', methods=['POST'])
+@casbin_enforcer.enforcer
+@casbin_enforcer.manager
+def make_casbin_change(manager):
+    # Manager is an casbin.enforcer.Enforcer object to make changes to Casbin
+    return jsonify({'message': 'If you see this you have access'})
+```
+Example Config  
+This example file can be found in `tests/casbin_files`
+```ini
+[request_definition]
+r = sub, obj, act
 
-# Initialize the Casbin enforcer, load the casbin model and policy from files.
-# Change the 2nd arg to use a database.
-enforcer = casbin.Enforcer("authz_model.conf", "authz_policy.csv")
-
-app.wsgi_app = CasbinMiddleware(app.wsgi_app, enforcer)
-
+[policy_definition]
+p = sub, obj, act
 
-@app.route("/")
-def hello_world():
-    return "Hello World!"
+[role_definition]
+g = _, _
 
+[policy_effect]
+e = some(where (p.eft == allow))
 
-if __name__ == '__main__':
-    app.run()
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
 ```
-
-- The default policy ``authz_policy.csv`` is:
-
+Example Policy  
+This example file can be found in `tests/casbin_files`
 ```csv
 p, alice, /dataset1/*, GET
 p, alice, /dataset1/resource1, POST
@@ -59,24 +82,31 @@ p, anonymous, /, GET
 g, cathy, dataset1_admin
 ```
 
-It means ``anonymous`` user can only access homepage ``/``. Admin users like alice can access any pages. Currently all accesses are regarded as ``anonymous``. Add your authentication to let a user log in.
-
-## How are subject, object, action defined?
-
-In ``middleware.py``:
-
+Development
+------------
+1. Fork
+2. Install Dev ENV
 ```python
-def check_permission(self, request):
-    # change the user, path, method as you need.
-    user = request.remote_user # subject
-    if user is None:
-        user = 'anonymous'
-    path = request.path # object
-    method = request.method # action
-    return self.enforcer.enforce(user, path, method)
+# Install Flask-Casbin with Dev packages
+pip install -r dev_requirements.txt
+pip install -r requirements.txt
+pip install -e .
+# Install Pre-commits
+pre-commit install
+# Create feature branch
+git checkout -b feature-more-cool-stuff
+# Code stuff
 ```
+Then push your changes and create a PR
 
-You may need to copy the ``middleware.py`` code to your project and modify it directly if you have other definitions for subject, object, action.
+#### Manually Bump Version
+```
+bumpversion major  # major release
+or
+bumpversion minor  # minor release
+or
+bumpversion patch  # hotfix release
+```
 
 ## Documentation
 
@@ -95,3 +125,4 @@ For how to write authorization policy and other details, please refer to [the Ca
 ## License
 
 This project is under Apache 2.0 License. See the [LICENSE](LICENSE) file for the full license text.
+

app.py

@@ -0,0 +1,10 @@
+pre-commit
+black
+sphinx
+sphinx_rtd_theme
+pytest
+pytest-cov
+casbin_sqlalchemy_adapter
+coverage
+pypi-publisher
+bumpversion