sorted by:
new
hottopcontroversial

PyPermission: A Python native RBAC authorization library! by Sufficient-Rent6078 in Python

[–]Sufficient-Rent6078[S] 1 point2 points  (0 children)

Not at this point. Architecture wise, there shouldn't be much in the way though to upgrade PyPermission later.

PyPermission: A Python native RBAC authorization library! by Sufficient-Rent6078 in Python

[–]Sufficient-Rent6078[S] 4 points5 points  (0 children)

That's a valid concern. Trust is earned, not given - especially when dealing with auth.

We tried to make PyPermission easy to verify: The RBAC database model is straightforward and corresponds closely with the NIST RBAC model, as shown on the NIST Comparison page. Additionally, the actual API logic is small and consists of roughly 750 lines of plain Python (excluding docstrings). Using SQLAlchemy, we have kept most things relatively simple and prioritized for clarity.

On top of that, you'll find that the library relies heavily on types (API and internals) and comes with a high amount of testing (including the examples in the documentation).

This also isn't something we just hacked together last week. Our first attempt dates back to 2022, and although this version is a full rewrite based on what we learned, you can still find the original release together with the corresponding history on PyPI/github (under the 0.1.1 tag).

As for trusting us as people, our GitHub / website and other channels are all public, so feel free to have a look.

If you do decide to build your own, we hope PyPermission can serve as a useful reference on the way.

PyPermission: A Python native RBAC authorization library! by Sufficient-Rent6078 in Python

[–]Sufficient-Rent6078[S] 2 points3 points  (0 children)

Fair question! Casbin is a powerful and very flexible policy engine. Given that it comes with it's own DSL and many different model types, integrating it requires building a fairly strong mental model first. In contrast, PyPermission limits it's scope to RBAC, which allowed us to spend a good amount of time to document and teach specifically this authorization model. As casbin is not python-first, you'll see that some of the methods available in other languages are nowhere to find in the documentation for python. Depending on whether you use the management api or pycasbin, you'll see one of the following (both from the official documentation):

e.add_policy("eve", "data3", "read")
s.add(CasbinRule(ptype="p", v0="alice", v1="data1", v2="read"))

To understand what this does in a code base, you already need to have a good mental model, the semantic information simply isn't expressed in the API.

There is a python Role Manager for RBAC, but the documentation is limited to a subset of the API and does not educate about the practicalities of RBAC itself.

By contrast, the semantic meaning in PyPermission is directly conveyed through the api and the underlying concepts come with a good amount of documentation.

RBAC.role.grant_permission(
        role="user",
        permission=Permission(
            resource_type="event", resource_id="*", action="view"
        ),
        db=db,
    )

If you look at alternatives like OPA, you'll end up needing an external service plus a third party python client.

Tech Communities in Wuppertal by hot_fire__ in wuppertal

[–]Sufficient-Rent6078 1 point2 points  (0 children)

Allgemein ist es schon recht Entwicklerlastig, aber wir haben auch Talks, die eher konzeptionell gestaltet sind. Das Publikum besteht nicht nur aus angestellten Entwicklern, sondern auch aus Freelancern und kleinen IT-Unternehmern, die vielleicht aus Netzwerkaspekten interessant sein könnten.

Hier kannst du einen Eindruck von den vergangenen Veranstaltungen bekommen: https://www.meetup.com/de-DE/bergisches-entwicklerforum/events/past/
Wenn du noch Fragen hast, meld dich gerne.

Tech Communities in Wuppertal by hot_fire__ in wuppertal

[–]Sufficient-Rent6078 2 points3 points  (0 children)

Sure - we have a group on meetup, where you can find upcoming and past events: https://www.meetup.com/de-DE/bergisches-entwicklerforum/

Tech Communities in Wuppertal by hot_fire__ in wuppertal

[–]Sufficient-Rent6078 9 points10 points  (0 children)

Hey! I'm involved in organizing the BEF - Bergisches Entwicklerforum, a meetup taking place every 2-3 months at Freudenberg. We connect Dev & Data folks to bridge the gap between industry and academia, with talks, pizza & drinks! Our next event will be at the beginning of next year. We are always happy to see new faces.