Metadata-Version: 2.1
Name: flask-access
Version: 0.1.2
Summary: A Flask extension which limits access to views.
Home-page: UNKNOWN
License: UNKNOWN
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Framework :: Flask
Classifier: Intended Audience :: Developers
Requires-Python: >=3
Description-Content-Type: text/markdown

# Flask-Access [![CircleCI](https://circleci.com/gh/barischrooneyj/flask-access.svg?style=svg)](https://circleci.com/gh/barischrooneyj/flask-access)

Simple protection of Flask endpoints.

Integrates well with [Flask-Login](https://flask-login.readthedocs.io/en/latest/).

## Protect endpoints

Here, the endpoint `"/secret-code"` requires a user to have `"admin"` rights:

``` Python
@app.route("/secret-code")
@flask_access.require("admin")
def secret_code():
    return "1234"
```

You could have other requirements:

``` Python
@flask_access.require("boss", 7, funny=True, bald=None)
```

## Register a user loader

Flas-Access needs to associate the current request with a user that
has permission or not. Flask-Access will look for the current user
in `app.config[flask_access.CURRENT_USER]`, here you can assign a
function that returns the current user.

``` Python
app.config[flask_access.CURRENT_USER] = my_current_user_func
```

The type of the returned user can be whatever you are using in your
application to model users already, the only condition is that the user
class implements a method `has_access`. If the user has no account return
`True` to allow access. Anything other than `True` or an instance of a
class implementing `has_access` will have access denied.

If you are also using Flask-Login you can simply apply the assignment
below :clap:

``` Python
app.config[flask_access.CURRENT_USER] = flask_login.current_user

```

## User access logic

In short, implement `has_access(self, rights) -> bool` on your user class.

When a user attempts to access an endpoint, Flask-Access will load the current
user object `user` and run `user.has_access(rights)`, the `rights` that get
passed in are the `"boss", 7, funny=True, bald=None` from above.

If a user doesn't have an `has_access` method, or the method doesn't return
`True`, then access is denied :speak_no_evil:

## Access denied handler

The default access denied handler calls `flask.abort(403)`

To set a custom access-denied handler:

``` Python
app.config[flask_access.ABORT_FN] = my_custom_abort_func
```

## Login required

If you are using `flask_login.current_user` as your user loader then
`flask_access.require` implies `flask_login.login_required`, so no need to also
specify the latter.

Why? Well, if a user is not logged-in, `flask_login.current_user` will return a
`flask_login.AnonymousUserMixin` which does not have `has_access` implemented,
hence no access for the user.

## Example

An [example](example/example.py) with a primitive login/out system.


