使用访问控制列表的数据存储安全性
DStore-ACL的Python项目详细描述
dstore acl是dstore的安全层。
安装
dstore acl可从pypi存储库获得。
这意味着您只需在控制台中运行以下命令即可安装dstore acl:
$ pip install dstore-acl
最小示例
fromdstoreimportMemoryStore,Model,var,modfromdstore_aclimportACL,Role,UserRole,AccessDeniedclassUserAccount(Model):_namespace="users.account"_vars=[var.RowID,var.String("name",32,mods=[mod.NotNull()])]_acl_rules=dict(add_own=dict(default=True),add_others=dict(default=True),read_own=dict(allow=["admin","member"]),read_others=dict(allow=["admin"]),update_own=dict(allow=["admin","member"]),delete_own=dict(allow=["admin"]),delete_others=dict(allow=["admin"]),empty=dict(allow=["admin"]))classCar(Model):_namespace="cars.make"_vars=[var.RowID,var.String("manufacturer",32,mods=[mod.NotNull()]),var.String("make",32,mods=[mod.NotNull()]),var.Number("year",mods=[mod.NotNull(),mod.Min(1950),mod.Max(2017)]),]_acl_rules=dict(add=dict(allow=["admin"]),read=dict(default=True),update=dict(allow=["admin"]),delete=dict(allow=["admin"]),empty=dict(allow=["admin"]))users={}current_user="admin"# Create the MemoryStore instance, and add Models to itstore=MemoryStore([Car])acl=ACL(data_store=store,get_user=get_user,user_model=UserAccount)store.init_app()store.connect()store.create_all()# Create the user accountsfornamein["admin","member"]:users[name]=UserAccount(name=name).add()role=Role.filter(name=name)[0]UserRole(user_id=users[name].id,acl_role_id=role.id).add()# Admin can add new carsCar(manufacturer="Holden",make="Commodore",year=2009).add()# Member cannot add new carscurrent_user="member"try:Car(manufacturer="Holden",make="Commodore",year=2010).add()exceptAccessDenied:pass# Destroy all instances and shut down the applicationstore.destroy_all()store.disconnect()store.destroy_app()defget_user():returnusers[current_user]
文档:ReadTheDocs
源代码:GitHub