Add Casbin middleware.
diff --git a/casbin_middleware/__init__.py b/casbin_middleware/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/casbin_middleware/__init__.py
diff --git a/casbin_middleware/authz_model.conf b/casbin_middleware/authz_model.conf new file mode 100644 index 0000000..d5705e5 --- /dev/null +++ b/casbin_middleware/authz_model.conf
@@ -0,0 +1,14 @@ +[request_definition] +r = sub, obj, act + +[policy_definition] +p = sub, obj, act + +[role_definition] +g = _, _ + +[policy_effect] +e = some(where (p.eft == allow)) + +[matchers] +m = (g(r.sub, p.sub) || p.sub == "*") && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*") \ No newline at end of file
diff --git a/casbin_middleware/authz_policy.csv b/casbin_middleware/authz_policy.csv new file mode 100644 index 0000000..1c26998 --- /dev/null +++ b/casbin_middleware/authz_policy.csv
@@ -0,0 +1,3 @@ +p, anonymous, /, GET +p, admin, *, * +g, alice, admin \ No newline at end of file
diff --git a/casbin_middleware/middleware.py b/casbin_middleware/middleware.py new file mode 100644 index 0000000..d40ff9b --- /dev/null +++ b/casbin_middleware/middleware.py
@@ -0,0 +1,53 @@ +# Copyright 2019 The Casbin Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import casbin + +from django.core.exceptions import PermissionDenied + + +class CasbinMiddleware: + """ + Casbin middleware. + """ + + def __init__(self, get_response): + self.get_response = get_response + self.enforcer = casbin.Enforcer("casbin_middleware/authz_model.conf", "casbin_middleware/authz_policy.csv") + # One-time configuration and initialization. + + def __call__(self, request): + # Code to be executed for each request before + # the view (and later middleware) are called. + + if not self.check_permission(request): + raise PermissionDenied + + response = self.get_response(request) + + # Code to be executed for each request/response after + # the view is called. + + return response + + def check_permission(self, request): + user = request.user.username + if request.user.is_anonymous: + user = 'anonymous' + path = request.path + method = request.method + return self.enforcer.enforce(user, path, method) + + def require_permission(self,): + raise PermissionDenied
diff --git a/django_example/settings.py b/django_example/settings.py index 7e77958..12e8bed 100644 --- a/django_example/settings.py +++ b/django_example/settings.py
@@ -47,6 +47,7 @@ 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'casbin_middleware.middleware.CasbinMiddleware', ] ROOT_URLCONF = 'django_example.urls'