Login/Register
Role-based authorization mechanism for a GAE app
Asked Answered
pythongoogle-app-engineauthorizationacl
L

2

9

I'm looking for a role-based framework/module/package for an app written in Python (2.7) running on Google App Engine.

With role-based I mean a mechanism that would allow me to check (during a request processing most of the time) whether a certain user is able to perform a specific action.

A couple use cases:

  • user A should be able to see and modify own profile, whereas user B should only be able to see user A profile.
  • user with an "admin" role should be able to see all registered users, whereas user A and user B should only be able to see users with a public profile (e.g. users with user.public property set to True)
  • etc.

I'm imagining something like 

user_a.is_able_to('read', user_b) # -> True of False

or

user_a.authorize('update', user_b) # raises an exception if 'not allowed to'

So far I've only seen acl.py from tipfy. Looks quite simple and pretty much close to what I'm looking for. I'm wondering whether there's something similar to that acl.py, preferably implemented using NDB.

Libertinage answered 13/3, 2012 at 19:4 Comment(2)
[Here][1] is a good implementation suggestion. [1]: #1448808Blastula
Yeah, I have a couple ideas on how to implement it myself. I was wondering whether there's somebody/something already implemented. It seems not though (a part from tipfy) so I'll probably DIY.Libertinage
B
2

Web2py contains role based access control which I believe works on GAE. This is documented here:

http://web2py.com/books/default/chapter/29/9

You may be able to fork the auth module and mod it for your purposes. I know people have done this with other parts of web2py such as the DAL.

Betts answered 21/3, 2012 at 17:32 Comment(0)
H
1

Turbogears and Web2py frameworks have the role based access control you can integrate one of them on GAE Python version.

Himalayas answered 3/8, 2012 at 12:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.