Skip to content

Logo: PyPermission - RBAC for Python

PyPermission - The python RBAC authorization authorization library for projects where SQLAlchemy is a valid option.

repository mirror License: LGPLv3 pipeline status coverage report Code style: black Imports: isort

pkgversion versionsupport Downloads Week Downloads Total

If you find the PyPermission library beneficial, please consider supporting the project by starring it on GitHub.

GitHub Repo stars

Python RBAC authorization with SQLAlchemy

Features

  • Authorization for pythonistas (Quick Start)
  • Persistency via SQLAlchemy
    • SQLite
    • PostgreSQL (psycopg)
  • Full integration guide (Guide WIP)
  • RBAC state analysis (optional)
    • Export the RBAC DAG as NetworkX DiGraph
    • Visualize the RBAC DAG via Plotly
  • Lightweight
  • High test coverage
  • Online documentation

Installing PyPermission with pip

The PyPermission library can be installed directly from the PyPI repositories with:

pip install PyPermission

If you want to use PostgreSQL, you need to install the postgres dependency group:

pip install 'PyPermission[postgres]'

Example

my_project.main.py
from sqlalchemy.engine import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.event import listen

engine = create_engine("sqlite:///:memory:", future=True)
db_factory = sessionmaker(bind=engine, autoflush=False, autocommit=False)

from pypermission import RBAC, Permission, create_rbac_database_table, set_sqlite_pragma

listen(engine, "connect", set_sqlite_pragma) # needed for foreign key constraints (sqlite only)
create_rbac_database_table(engine=engine)

with db_factory() as db:
    # Create an 'admin' Role
    RBAC.role.create(role="admin", db=db)

    # Allow all Members of the 'admin' Role, to edit any user
    RBAC.role.grant_permission(
        role="admin",
        permission=Permission(
            resource_type="user",
            resource_id="*",
            action="edit",
        ),
        db=db,
    )

    # Create a Subject for the user 'Alex'
    RBAC.subject.create(subject="Alex", db=db)

    # Assign Subject 'Alex' to the 'admin' Role
    RBAC.subject.assign_role(
        subject="Alex", role="admin", db=db
    )

    # Test if user 'Alex' can edit user 'Max'
    RBAC.subject.assert_permission(
        subject="Alex",
        permission=Permission(
            resource_type="user",
            resource_id="123",
            action="edit",
        ),
        db=db,
    )

Resources

Digon.IO GmbH Logo

Fine-Tuned AI services for developers.

Digon.IO provides end-to-end consulting and development for SMEs and software companies building data-driven solutions - with a focus on supply chain optimization and text processing. (Website) (Technical Blog)

The sponsor logo is the property of Digon.IO GmbH. Standard trademark and copyright restrictions apply to any use outside this repository.

License

  • Library source code: Licensed under LGPLv3.
  • Library logo: The library logo is a trademark of the project (unregistered). You are permitted to use the logo only in contexts that directly reference, document, or promote this library. For example, in a dependent project or in a blog post discussing this library. Any other use is prohibited.