About

Name: KBAC
Requirements: Python
License: BSD-3
Repository: https://bitbucket.org/johnmdev/kbac
Contact

Introduction

Provides simple access control based on key+principals (all strings).

Examples

By role:

import kbac

ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])

print(ac.is_allowed(["viewer"], ["lucy"]))
print(ac.is_allowed(["manager"], ["lucy"]))
print(ac.is_allowed(["viewer", "manager"], ["rick"]))

Notes:

Add individual settings using KBAC.add().
Test if lucy is a viewer.
Test if lucy is a manager.
Test if rick is a viewer or manager.

By service:

import kbac

acdict = {
    "list": "dudley, al, jeffrey",
    "create": "dudley, jill",
    "delete": "dudley",
}

ac = kbac.KBAC()
ac.load(acdict.items())

principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
    print("key (%s) allowed (%s)" % (key, ac.is_allowed([key], principals)))

Notes:

Load KBAC object from dictionary.
Test which keys/services dudley is allowed.

Display settings:

import kbac

acdict = {
    "list": "dudley, al",
    "create": "dudley, brittany",
    "delete": "dudley",
}

ac = kbac.KBAC()
ac.load(acdict.items())

for key in ac.keys():
    print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))

Notes:

Extract settings using KBAC.keys() and KBAC.principals().