Flask-ACL

Flask-ACL is a Python package which provides configurable access control lists for Flask.

It is designed to allow for you to get started authorizing users immediately, but allows for a very high level of customization.

Getting Started

At the very minimum, you must setup a Login Manager, SECRET_KEY, and login view:

from flask import Flask, render_template
from flask.ext.login import LoginManager
from flask.ext.acl import ACLManager

app = Flask(__name__)
app.config['SECRET_KEY'] = 'monkey'
authn = LoginManager(app)
authz = ACLManager(app)

@app.route('/login')
def login():
    return render_template('login.html'), 401

Then you can start attaching ACLs to your routes:

@app.route('/users_area')
@authz.route_acl('''
    ALLOW AUTHENTICATED http.get
    DENY ANY ALL
''')
def users_area():
    # only authenticated users will get this far

You can also check for permissions on your models by defining an __acl__ attribute:

class MyModel(object):

    __acl__ = '''
        ALLOW AUTHENTICATED ALL
        DENY ANY ALL
    '''

    # ...

@app.route('/model/<id>')
def show_a_model(id):
    obj = MyModel.get(id)
    if not auths.can('read', obj):
        abort(404)
    else:
        return render_template('mymodel.html', obj=obj)

Indices and tables

Table Of Contents

Related Topics

This Page