Flask-ACL
=========
**Flask-ACL** is a Python package which provides configurable access control lists for Flask.
It is designed to allow for you to get started authorizing users immediately, but allows for a very high level of customization.
Getting Started
---------------
At the very minimum, you must setup a `Login Manager `_, ``SECRET_KEY``, and ``login`` view::
from flask import Flask, render_template
from flask.ext.login import LoginManager
from flask.ext.acl import ACLManager
app = Flask(__name__)
app.config['SECRET_KEY'] = 'monkey'
authn = LoginManager(app)
authz = ACLManager(app)
@app.route('/login')
def login():
return render_template('login.html'), 401
Then you can start attaching ACLs to your routes:
.. code-block:: python
@app.route('/users_area')
@authz.route_acl('''
ALLOW AUTHENTICATED http.get
DENY ANY ALL
''')
def users_area():
# only authenticated users will get this far
You can also check for permissions on your models by defining an ``__acl__`` attribute::
class MyModel(object):
__acl__ = '''
ALLOW AUTHENTICATED ALL
DENY ANY ALL
'''
# ...
@app.route('/model/')
def show_a_model(id):
obj = MyModel.get(id)
if not auths.can('read', obj):
abort(404)
else:
return render_template('mymodel.html', obj=obj)
Contents
--------
.. toctree::
:maxdepth: 2
abstract
protocol
API Reference
-------------
.. toctree::
:maxdepth: 2
api/core
api/extension
api/globals
api/permission
api/predicate
api/state
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`