Extension API

class flask_acl.extension.ACLManager(app=None)

Flask extension for registration and checking of ACLs on routes and other objects.

assert_can(permission, obj, **kwargs)

Make sure we have a permission, or abort the request.

Parameters:

• permission – The permission to look for.
• obj – The object to check the ACL of.
• flash – The message to flask if denied (keyword only).
• stealth – Abort with a 404? (keyword only).
• **kwargs –

  The context to pass to predicates.

can(permission, obj, **kwargs)

Check if we can do something with an object.

Parameters:

• permission – The permission to look for.
• obj – The object to check the ACL of.
• **kwargs –

  The context to pass to predicates.

>>> auth.can('read', some_object)
>>> auth.can('write', another_object, group=some_group)

can_route(endpoint, method=None, **kwargs)

Make sure we can route to the given endpoint or url.

This checks for http.get permission (or other methods) on the ACL of route functions, attached via the ACL decorator.

Parameters:

• endpoint – A URL or endpoint to check for permission to access.
• method – The HTTP method to check; defaults to ‘GET’.
• **kwargs –

  The context to pass to predicates.

context_processor(func)

Register a function to build authorization contexts.

The function is called with no arguments, and must return a dict of new context material.

permission_set(name, permission_set=None)

Define a new permission set (directly, or as a decorator).

predicate(name, predicate=None)

Define a new predicate (direclty, or as a decorator).

E.g.:

@authz.predicate
def ROOT(user, **ctx):
    # return True of user is in group "wheel".

route_acl(*acl, **options)

Decorator to attach an ACL to a route.

E.g:

@app.route('/url/to/view')
@authz.route_acl('''
    ALLOW WHEEL ALL
    DENY  ANY   ALL
''')
def my_admin_function():
    pass