Introduction
Provides simple access control based on key+principals (all strings).
Examples
By role:
import kbac
ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])
print(ac.is_allowed("viewer", ["lucy"]))
print(ac.is_allowed("manager", ["lucy"]))
ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])
print(ac.is_allowed("viewer", ["lucy"]))
print(ac.is_allowed("manager", ["lucy"]))
Notes:
- add individual settings using KBAC.add()
- test if lucy is a viewer
By service:
import kbac
acdict = {
"list": "dudley, al, jeffrey",
"create": "dudley, jill",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
print("key (%s) allowed (%s)" % (key, ac.is_allowed(key, principals)))
acdict = {
"list": "dudley, al, jeffrey",
"create": "dudley, jill",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
print("key (%s) allowed (%s)" % (key, ac.is_allowed(key, principals)))
Notes:
- load KBAC object from dictionary
- test which keys/services dudley is allowed
Display settings:
import kbac
acdict = {
"list": "dudley, al",
"create": "dudley, brittany",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
for key in ac.keys():
print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))
acdict = {
"list": "dudley, al",
"create": "dudley, brittany",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
for key in ac.keys():
print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))
Notes:
- extract settings using KBAC.keys() and KBAC.principals()
About
Requirements: Python
License: BSD-3
Repository: https://bitbucket.org/johnmdev/kbac
Email: expldotinfo@gmail.com
Activity
Unknown macro: recently-updated.