├── .gitignore ├── .travis.yml ├── AUTHORS ├── CHANGES ├── LICENSE ├── README.rst ├── development-requirements.txt ├── docs ├── Makefile ├── _static │ ├── title-small.png │ └── title.png ├── _themes │ ├── .gitignore │ ├── LICENSE │ ├── README │ ├── flask │ │ ├── layout.html │ │ ├── relations.html │ │ ├── static │ │ │ └── flasky.css_t │ │ └── theme.conf │ ├── flask_small │ │ ├── layout.html │ │ ├── static │ │ │ └── flasky.css_t │ │ └── theme.conf │ └── flask_theme_support.py ├── conf.py └── index.rst ├── flask_bouncer.py ├── setup.cfg ├── setup.py ├── test_flask_bouncer ├── __init__.py ├── helpers.py ├── models.py ├── test_advanced_usage.py ├── test_base.py ├── test_basic_usage.py ├── test_blueprints.py ├── test_classy │ ├── __init__.py │ └── view_classes.py └── test_lock_it_down.py └── tox.ini /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | 3 | # PyCharm 4 | .idea/* 5 | .idea/libraries/sass_stdlib.xml 6 | 7 | # C extensions 8 | *.so 9 | 10 | # Packages 11 | *.egg 12 | *.egg-info 13 | dist 14 | build 15 | eggs 16 | .eggs 17 | parts 18 | bin 19 | var 20 | sdist 21 | develop-eggs 22 | .installed.cfg 23 | lib 24 | lib64 25 | __pycache__ 26 | 27 | # Installer logs 28 | pip-log.txt 29 | 30 | # Unit test / coverage reports 31 | .coverage 32 | .tox 33 | nosetests.xml 34 | 35 | # Translations 36 | *.mo 37 | 38 | # Mr Developer 39 | .mr.developer.cfg 40 | .project 41 | .pydevproject 42 | 43 | .DS_Store 44 | 45 | docs/_build 46 | 47 | # PyCharm defaults to this directory for virtualenv installations on windows 48 | venv -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | dist: xenial 2 | language: python 3 | python: 4 | - "3.5" 5 | - "3.6" 6 | - "3.7" 7 | - "3.8" 8 | - "pypy3.5" 9 | install: 10 | - pip install tox 11 | script: 12 | - python setup.py test 13 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Flask-Bouncer is written and maintained by Jonathan Tushman and 2 | various contributors: 3 | 4 | Development Lead 5 | ```````````````` 6 | 7 | - Jonathan Tushman 8 | - Fabian Becker 9 | 10 | Patches and Suggestions 11 | ``````````````````````` 12 | 13 | - Freedom Dumlao 14 | 15 | 16 | Inspiration for this library 17 | 18 | - Ryan Bates -------------------------------------------------------------------------------- /CHANGES: -------------------------------------------------------------------------------- 1 | Version 0.3.0 2 | ------------- 3 | 4 | - Adds `can` method 5 | - Drops Python 2.7 support 6 | - Adds Python 3.8 support 7 | 8 | Version 0.2.0 9 | ------------- 10 | 11 | - Raises Forbidden (403) instead of Unauthorized (401) 12 | - Drops Python 2.6 support 13 | 14 | Version 0.1.13 15 | -------------- 16 | 17 | - Adds init_app method 18 | - More standard way of registering extensions 19 | - Added AUTHORS file 20 | - Added CHANGES file -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Jonathan Tushman 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | flask-bouncer 2 | ============= 3 | 4 | Flask declarative authorization leveraging `bouncer`_ 5 | 6 | |Build Status| 7 | 8 | **flask-bouncer** is an authorization library for Flask which restricts 9 | what resources a given user is allowed to access. All the permissions 10 | are defined in a **single location**. 11 | 12 | Enough chit-chat – show me the code … 13 | 14 | Installation 15 | ------------ 16 | 17 | .. code:: bash 18 | 19 | pip install flask-bouncer 20 | 21 | Usage 22 | ----- 23 | 24 | .. code:: python 25 | 26 | from flask_bouncer import requires, ensure, Bouncer 27 | app = Flask() 28 | bouncer = Bouncer(app) 29 | 30 | # Define your authorization in one place and in english ... 31 | @bouncer.authorization_method 32 | def define_authorization(user, they): 33 | if user.is_admin: 34 | they.can(MANAGE, ALL) 35 | else: 36 | they.can(READ, ('Article', 'BlogPost')) 37 | they.can(EDIT, 'Article', lambda a: a.author_id == user.id) 38 | 39 | # Then decorate your routes with your conditions. 40 | # If it fails it will return a 403 41 | @app.route("/articles") 42 | @requires(READ, Article) 43 | def articles_index(): 44 | return "A bunch of articles" 45 | 46 | @app.route("/topsecret") 47 | @requires(READ, TopSecretFile) 48 | def topsecret_index(): 49 | return "A bunch of top secret stuff that only admins should see" 50 | 51 | - When you are dealing with a specific resource, then use the 52 | ``ensure`` method 53 | 54 | .. code:: python 55 | 56 | from flask_bouncer import requires, ensure 57 | @app.route("/articles/") 58 | @requires(READ, Article) 59 | def show_article(article_id): 60 | article = Article.find_by_id(article_id) 61 | 62 | # can the current user 'read' the article, if not it will throw a 403 63 | ensure(READ,article) 64 | return render_template('article.html', article=article) 65 | 66 | - When you want to conditionally check 67 | ``can`` method 68 | 69 | .. code:: python 70 | 71 | from flask_bouncer import requires, can 72 | @app.route("/articles/") 73 | @requires(READ, Article) 74 | def show_article(article_id): 75 | article = Article.find_by_id(article_id) 76 | 77 | # can the current user 'read' the article 78 | if can(MANAGE, article): 79 | return render_template('article-detailed.html', article=article) 80 | return render_template('article.html') 81 | 82 | - Check out `bouncer`_ with more details about defining Abilities 83 | - flask-bouncer by default looks for ``current_user`` or ``user`` 84 | stored in flask’s `g`_ 85 | 86 | Lock It Down 87 | ------------ 88 | You can use the `ensure_authorization` feature to ensure that all of your routes in your application have been 89 | authorized 90 | 91 | .. code:: python 92 | 93 | bouncer = Bouncer(app, ensure_authorization=True) 94 | 95 | This will check each request to ensure that an authorization check (either `ensure` or `requires`) has been made 96 | 97 | If you want to skip a certain route, decorate your route with `@skip_authorization`. Like so: 98 | 99 | .. code:: python 100 | 101 | @app.route("/articles") 102 | @skip_authorization 103 | def articles_index(): 104 | return "A bunch of articles" 105 | 106 | 107 | Flask-Classy Support 108 | -------------------- 109 | 110 | I ❤ `Flask-Classy`_ Like a lot. Flask-Classy is an extension that adds 111 | class-based REST views to Flask. 112 | 113 | 1) Define you View similarly as you would with flask-classy 114 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 115 | 116 | .. code:: python 117 | 118 | from flask_classy import FlaskView 119 | from yourapp.models import Article 120 | 121 | class ArticleView(FlaskView) 122 | 123 | # an additional class attribute that you need to add for flask-bouncer 124 | __target_model__ = Article 125 | 126 | def index(self) 127 | return "Index" 128 | 129 | def get(self, obj_id): 130 | return "Get " 131 | 132 | # ... methods for post, delete (and even put, and patch if you so like 133 | 134 | 135 | 2) Register the View with flask and bouncer 136 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 137 | 138 | .. code:: python 139 | 140 | # in your application.py or the like 141 | 142 | app = Flask("classy") 143 | bouncer = Bouncer(app) 144 | ArticleView.register(app) 145 | 146 | # Which classy views do you want to lock down, you can pass multiple 147 | bouncer.monitor(ArticleView) 148 | 149 | .. _bouncer: https://github.com/bouncer-app/bouncer 150 | .. _g: http://flask.pocoo.org/docs/api/#flask.g 151 | .. _Flask-Classy: https://pythonhosted.org/Flask-Classy/ 152 | 153 | .. |Build Status| image:: https://travis-ci.org/bouncer-app/flask-bouncer.svg?branch=master 154 | :target: https://travis-ci.org/bouncer-app/flask-bouncer 155 | 156 | Then voila – flask-bouncer will implicitly add the following conditions 157 | to the routes: 158 | 159 | - You need ‘READ’ privileges for ‘index’,‘show’ and ‘get’ 160 | - You need ‘CREATE’ privileges for ‘new’,‘put’ and ‘post’ 161 | - You need ‘UPDATE’ privileges for ‘edit’ and ‘patch’ 162 | 163 | If you want to over-write the default requirements, just add the 164 | ``@requires`` decorator to the function 165 | 166 | Configuration 167 | ------------- 168 | 169 | current\_user 170 | ~~~~~~~~~~~~~ 171 | 172 | By default flask-bouncer will inspect ``g`` for user or current\_user. 173 | You can add your custom loader by decorating a function with 174 | ``@bouncer.user_loader`` 175 | 176 | Other Features 177 | -------------- 178 | 179 | - Plays nice with `flask-login`_ 180 | - Plays nice with blueprints 181 | - Plays nice with `flask-classy`_ 182 | 183 | Notes 184 | ----- 185 | 186 | - This library focusing only on **Authorization**, we leave 187 | **Authentication** to other libraries such as `flask-login`_. 188 | 189 | Thank You! 190 | ---------- 191 | 192 | - Ryan Bates, and his excellent CanCan ruby library which this the 193 | inspiration for this library 194 | 195 | Questions / Issues 196 | ------------------ 197 | 198 | Feel free to ping me on twitter: `@tushman`_ 199 | or add issues or PRs at https://github.com/bouncer-app/flask-bouncer 200 | 201 | .. _flask-login: http://flask-login.readthedocs.org/en/latest/ 202 | .. _flask-classy: https://pythonhosted.org/Flask-Classy/ 203 | .. _@tushman: http://twitter.com/tushman 204 | -------------------------------------------------------------------------------- /development-requirements.txt: -------------------------------------------------------------------------------- 1 | nose 2 | flask 3 | flask-classy>=0.6.10 -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = _build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " devhelp to make HTML files and a Devhelp project" 34 | @echo " epub to make an epub" 35 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 36 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 37 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 38 | @echo " text to make text files" 39 | @echo " man to make manual pages" 40 | @echo " texinfo to make Texinfo files" 41 | @echo " info to make Texinfo files and run them through makeinfo" 42 | @echo " gettext to make PO message catalogs" 43 | @echo " changes to make an overview of all changed/added/deprecated items" 44 | @echo " xml to make Docutils-native XML files" 45 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 46 | @echo " linkcheck to check all external links for integrity" 47 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 48 | 49 | clean: 50 | rm -rf $(BUILDDIR)/* 51 | 52 | html: 53 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 54 | @echo 55 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 56 | 57 | dirhtml: 58 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 59 | @echo 60 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 61 | 62 | singlehtml: 63 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 64 | @echo 65 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 66 | 67 | pickle: 68 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 69 | @echo 70 | @echo "Build finished; now you can process the pickle files." 71 | 72 | json: 73 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 74 | @echo 75 | @echo "Build finished; now you can process the JSON files." 76 | 77 | htmlhelp: 78 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 79 | @echo 80 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 81 | ".hhp project file in $(BUILDDIR)/htmlhelp." 82 | 83 | qthelp: 84 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 85 | @echo 86 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 87 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 88 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/flask-bouncer.qhcp" 89 | @echo "To view the help file:" 90 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/flask-bouncer.qhc" 91 | 92 | devhelp: 93 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 94 | @echo 95 | @echo "Build finished." 96 | @echo "To view the help file:" 97 | @echo "# mkdir -p $$HOME/.local/share/devhelp/flask-bouncer" 98 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/flask-bouncer" 99 | @echo "# devhelp" 100 | 101 | epub: 102 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 103 | @echo 104 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 105 | 106 | latex: 107 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 108 | @echo 109 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 110 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 111 | "(use \`make latexpdf' here to do that automatically)." 112 | 113 | latexpdf: 114 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 115 | @echo "Running LaTeX files through pdflatex..." 116 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 117 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 118 | 119 | latexpdfja: 120 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 121 | @echo "Running LaTeX files through platex and dvipdfmx..." 122 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 123 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 124 | 125 | text: 126 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 127 | @echo 128 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 129 | 130 | man: 131 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 132 | @echo 133 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 134 | 135 | texinfo: 136 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 137 | @echo 138 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 139 | @echo "Run \`make' in that directory to run these through makeinfo" \ 140 | "(use \`make info' here to do that automatically)." 141 | 142 | info: 143 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 144 | @echo "Running Texinfo files through makeinfo..." 145 | make -C $(BUILDDIR)/texinfo info 146 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 147 | 148 | gettext: 149 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 150 | @echo 151 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 152 | 153 | changes: 154 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 155 | @echo 156 | @echo "The overview file is in $(BUILDDIR)/changes." 157 | 158 | linkcheck: 159 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 160 | @echo 161 | @echo "Link check complete; look for any errors in the above output " \ 162 | "or in $(BUILDDIR)/linkcheck/output.txt." 163 | 164 | doctest: 165 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 166 | @echo "Testing of doctests in the sources finished, look at the " \ 167 | "results in $(BUILDDIR)/doctest/output.txt." 168 | 169 | xml: 170 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 171 | @echo 172 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 173 | 174 | pseudoxml: 175 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 176 | @echo 177 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 178 | -------------------------------------------------------------------------------- /docs/_static/title-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bouncer-app/flask-bouncer/6e594185f99920b67704d42fd6ced7464c36b914/docs/_static/title-small.png -------------------------------------------------------------------------------- /docs/_static/title.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bouncer-app/flask-bouncer/6e594185f99920b67704d42fd6ced7464c36b914/docs/_static/title.png -------------------------------------------------------------------------------- /docs/_themes/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.pyo 3 | .DS_Store 4 | -------------------------------------------------------------------------------- /docs/_themes/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2010 by Armin Ronacher. 2 | 3 | Some rights reserved. 4 | 5 | Redistribution and use in source and binary forms of the theme, with or 6 | without modification, are permitted provided that the following conditions 7 | are met: 8 | 9 | * Redistributions of source code must retain the above copyright 10 | notice, this list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above 13 | copyright notice, this list of conditions and the following 14 | disclaimer in the documentation and/or other materials provided 15 | with the distribution. 16 | 17 | * The names of the contributors may not be used to endorse or 18 | promote products derived from this software without specific 19 | prior written permission. 20 | 21 | We kindly ask you to only use these themes in an unmodified manner just 22 | for Flask and Flask-related products, not for unrelated projects. If you 23 | like the visual style and want to use it for your own projects, please 24 | consider making some larger changes to the themes (such as changing 25 | font faces, sizes, colors or margins). 26 | 27 | THIS THEME IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 28 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 31 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 | ARISING IN ANY WAY OUT OF THE USE OF THIS THEME, EVEN IF ADVISED OF THE 37 | POSSIBILITY OF SUCH DAMAGE. 38 | -------------------------------------------------------------------------------- /docs/_themes/README: -------------------------------------------------------------------------------- 1 | Flask Sphinx Styles 2 | =================== 3 | 4 | This repository contains sphinx styles for Flask and Flask related 5 | projects. To use this style in your Sphinx documentation, follow 6 | this guide: 7 | 8 | 1. put this folder as _themes into your docs folder. Alternatively 9 | you can also use git submodules to check out the contents there. 10 | 2. add this to your conf.py: 11 | 12 | sys.path.append(os.path.abspath('_themes')) 13 | html_theme_path = ['_themes'] 14 | html_theme = 'flask' 15 | 16 | The following themes exist: 17 | 18 | - 'flask' - the standard flask documentation theme for large 19 | projects 20 | - 'flask_small' - small one-page theme. Intended to be used by 21 | very small addon libraries for flask. 22 | 23 | The following options exist for the flask_small theme: 24 | 25 | [options] 26 | index_logo = '' filename of a picture in _static 27 | to be used as replacement for the 28 | h1 in the index.rst file. 29 | index_logo_height = 120px height of the index logo 30 | github_fork = '' repository name on github for the 31 | "fork me" badge 32 | -------------------------------------------------------------------------------- /docs/_themes/flask/layout.html: -------------------------------------------------------------------------------- 1 | {%- extends "basic/layout.html" %} 2 | {%- block extrahead %} 3 | {{ super() }} 4 | {% if theme_touch_icon %} 5 | 6 | {% endif %} 7 | 8 | {% endblock %} 9 | {%- block relbar2 %}{% endblock %} 10 | {% block header %} 11 | {{ super() }} 12 | {% if pagename == 'index' %} 13 |
14 | {% endif %} 15 | {% endblock %} 16 | {%- block footer %} 17 |
18 | © Copyright {{ copyright }}. 19 | Created using Sphinx. 20 |
21 | {% if pagename == 'index' %} 22 |
23 | {% endif %} 24 | {%- endblock %} 25 | -------------------------------------------------------------------------------- /docs/_themes/flask/relations.html: -------------------------------------------------------------------------------- 1 |

Related Topics

2 | 20 | -------------------------------------------------------------------------------- /docs/_themes/flask/static/flasky.css_t: -------------------------------------------------------------------------------- 1 | /* 2 | * flasky.css_t 3 | * ~~~~~~~~~~~~ 4 | * 5 | * :copyright: Copyright 2010 by Armin Ronacher. 6 | * :license: Flask Design License, see LICENSE for details. 7 | */ 8 | 9 | {% set page_width = '940px' %} 10 | {% set sidebar_width = '220px' %} 11 | 12 | @import url("basic.css"); 13 | 14 | /* -- page layout ----------------------------------------------------------- */ 15 | 16 | body { 17 | font-family: 'Georgia', serif; 18 | font-size: 17px; 19 | background-color: white; 20 | color: #000; 21 | margin: 0; 22 | padding: 0; 23 | } 24 | 25 | div.document { 26 | width: {{ page_width }}; 27 | margin: 30px auto 0 auto; 28 | } 29 | 30 | div.documentwrapper { 31 | float: left; 32 | width: 100%; 33 | } 34 | 35 | div.bodywrapper { 36 | margin: 0 0 0 {{ sidebar_width }}; 37 | } 38 | 39 | div.sphinxsidebar { 40 | width: {{ sidebar_width }}; 41 | } 42 | 43 | hr { 44 | border: 1px solid #B1B4B6; 45 | } 46 | 47 | div.body { 48 | background-color: #ffffff; 49 | color: #3E4349; 50 | padding: 0 30px 0 30px; 51 | } 52 | 53 | img.floatingflask { 54 | padding: 0 0 10px 10px; 55 | float: right; 56 | } 57 | 58 | div.footer { 59 | width: {{ page_width }}; 60 | margin: 20px auto 30px auto; 61 | font-size: 14px; 62 | color: #888; 63 | text-align: right; 64 | } 65 | 66 | div.footer a { 67 | color: #888; 68 | } 69 | 70 | div.related { 71 | display: none; 72 | } 73 | 74 | div.sphinxsidebar a { 75 | color: #444; 76 | text-decoration: none; 77 | border-bottom: 1px dotted #999; 78 | } 79 | 80 | div.sphinxsidebar a:hover { 81 | border-bottom: 1px solid #999; 82 | } 83 | 84 | div.sphinxsidebar { 85 | font-size: 14px; 86 | line-height: 1.5; 87 | } 88 | 89 | div.sphinxsidebarwrapper { 90 | padding: 18px 10px; 91 | } 92 | 93 | div.sphinxsidebarwrapper p.logo { 94 | padding: 0 0 20px 0; 95 | margin: 0; 96 | text-align: center; 97 | } 98 | 99 | div.sphinxsidebar h3, 100 | div.sphinxsidebar h4 { 101 | font-family: 'Garamond', 'Georgia', serif; 102 | color: #444; 103 | font-size: 24px; 104 | font-weight: normal; 105 | margin: 0 0 5px 0; 106 | padding: 0; 107 | } 108 | 109 | div.sphinxsidebar h4 { 110 | font-size: 20px; 111 | } 112 | 113 | div.sphinxsidebar h3 a { 114 | color: #444; 115 | } 116 | 117 | div.sphinxsidebar p.logo a, 118 | div.sphinxsidebar h3 a, 119 | div.sphinxsidebar p.logo a:hover, 120 | div.sphinxsidebar h3 a:hover { 121 | border: none; 122 | } 123 | 124 | div.sphinxsidebar p { 125 | color: #555; 126 | margin: 10px 0; 127 | } 128 | 129 | div.sphinxsidebar ul { 130 | margin: 10px 0; 131 | padding: 0; 132 | color: #000; 133 | } 134 | 135 | div.sphinxsidebar input { 136 | border: 1px solid #ccc; 137 | font-family: 'Georgia', serif; 138 | font-size: 1em; 139 | } 140 | 141 | /* -- body styles ----------------------------------------------------------- */ 142 | 143 | a { 144 | color: #004B6B; 145 | text-decoration: underline; 146 | } 147 | 148 | a:hover { 149 | color: #6D4100; 150 | text-decoration: underline; 151 | } 152 | 153 | div.body h1, 154 | div.body h2, 155 | div.body h3, 156 | div.body h4, 157 | div.body h5, 158 | div.body h6 { 159 | font-family: 'Garamond', 'Georgia', serif; 160 | font-weight: normal; 161 | margin: 30px 0px 10px 0px; 162 | padding: 0; 163 | } 164 | 165 | {% if theme_index_logo %} 166 | div.indexwrapper h1 { 167 | text-indent: -999999px; 168 | background: url({{ theme_index_logo }}) no-repeat center center; 169 | height: {{ theme_index_logo_height }}; 170 | } 171 | {% endif %} 172 | div.body h1 { margin-top: 0; padding-top: 0; font-size: 240%; } 173 | div.body h2 { font-size: 180%; } 174 | div.body h3 { font-size: 150%; } 175 | div.body h4 { font-size: 130%; } 176 | div.body h5 { font-size: 100%; } 177 | div.body h6 { font-size: 100%; } 178 | 179 | a.headerlink { 180 | color: #ddd; 181 | padding: 0 4px; 182 | text-decoration: none; 183 | } 184 | 185 | a.headerlink:hover { 186 | color: #444; 187 | background: #eaeaea; 188 | } 189 | 190 | div.body p, div.body dd, div.body li { 191 | line-height: 1.4em; 192 | } 193 | 194 | div.admonition { 195 | background: #fafafa; 196 | margin: 20px -30px; 197 | padding: 10px 30px; 198 | border-top: 1px solid #ccc; 199 | border-bottom: 1px solid #ccc; 200 | } 201 | 202 | div.admonition tt.xref, div.admonition a tt { 203 | border-bottom: 1px solid #fafafa; 204 | } 205 | 206 | dd div.admonition { 207 | margin-left: -60px; 208 | padding-left: 60px; 209 | } 210 | 211 | div.admonition p.admonition-title { 212 | font-family: 'Garamond', 'Georgia', serif; 213 | font-weight: normal; 214 | font-size: 24px; 215 | margin: 0 0 10px 0; 216 | padding: 0; 217 | line-height: 1; 218 | } 219 | 220 | div.admonition p.last { 221 | margin-bottom: 0; 222 | } 223 | 224 | div.highlight { 225 | background-color: white; 226 | } 227 | 228 | dt:target, .highlight { 229 | background: #FAF3E8; 230 | } 231 | 232 | div.note { 233 | background-color: #eee; 234 | border: 1px solid #ccc; 235 | } 236 | 237 | div.seealso { 238 | background-color: #ffc; 239 | border: 1px solid #ff6; 240 | } 241 | 242 | div.topic { 243 | background-color: #eee; 244 | } 245 | 246 | p.admonition-title { 247 | display: inline; 248 | } 249 | 250 | p.admonition-title:after { 251 | content: ":"; 252 | } 253 | 254 | pre, tt { 255 | font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace; 256 | font-size: 0.9em; 257 | } 258 | 259 | img.screenshot { 260 | } 261 | 262 | tt.descname, tt.descclassname { 263 | font-size: 0.95em; 264 | } 265 | 266 | tt.descname { 267 | padding-right: 0.08em; 268 | } 269 | 270 | img.screenshot { 271 | -moz-box-shadow: 2px 2px 4px #eee; 272 | -webkit-box-shadow: 2px 2px 4px #eee; 273 | box-shadow: 2px 2px 4px #eee; 274 | } 275 | 276 | table.docutils { 277 | border: 1px solid #888; 278 | -moz-box-shadow: 2px 2px 4px #eee; 279 | -webkit-box-shadow: 2px 2px 4px #eee; 280 | box-shadow: 2px 2px 4px #eee; 281 | } 282 | 283 | table.docutils td, table.docutils th { 284 | border: 1px solid #888; 285 | padding: 0.25em 0.7em; 286 | } 287 | 288 | table.field-list, table.footnote { 289 | border: none; 290 | -moz-box-shadow: none; 291 | -webkit-box-shadow: none; 292 | box-shadow: none; 293 | } 294 | 295 | table.footnote { 296 | margin: 15px 0; 297 | width: 100%; 298 | border: 1px solid #eee; 299 | background: #fdfdfd; 300 | font-size: 0.9em; 301 | } 302 | 303 | table.footnote + table.footnote { 304 | margin-top: -15px; 305 | border-top: none; 306 | } 307 | 308 | table.field-list th { 309 | padding: 0 0.8em 0 0; 310 | } 311 | 312 | table.field-list td { 313 | padding: 0; 314 | } 315 | 316 | table.footnote td.label { 317 | width: 0px; 318 | padding: 0.3em 0 0.3em 0.5em; 319 | } 320 | 321 | table.footnote td { 322 | padding: 0.3em 0.5em; 323 | } 324 | 325 | dl { 326 | margin: 0; 327 | padding: 0; 328 | } 329 | 330 | dl dd { 331 | margin-left: 30px; 332 | } 333 | 334 | blockquote { 335 | margin: 0 0 0 30px; 336 | padding: 0; 337 | } 338 | 339 | ul, ol { 340 | margin: 10px 0 10px 30px; 341 | padding: 0; 342 | } 343 | 344 | pre { 345 | background: #eee; 346 | padding: 7px 30px; 347 | margin: 15px -30px; 348 | line-height: 1.3em; 349 | } 350 | 351 | dl pre, blockquote pre, li pre { 352 | margin-left: -60px; 353 | padding-left: 60px; 354 | } 355 | 356 | dl dl pre { 357 | margin-left: -90px; 358 | padding-left: 90px; 359 | } 360 | 361 | tt { 362 | background-color: #ecf0f3; 363 | color: #222; 364 | /* padding: 1px 2px; */ 365 | } 366 | 367 | tt.xref, a tt { 368 | background-color: #FBFBFB; 369 | border-bottom: 1px solid white; 370 | } 371 | 372 | a.reference { 373 | text-decoration: none; 374 | border-bottom: 1px dotted #004B6B; 375 | } 376 | 377 | a.reference:hover { 378 | border-bottom: 1px solid #6D4100; 379 | } 380 | 381 | a.footnote-reference { 382 | text-decoration: none; 383 | font-size: 0.7em; 384 | vertical-align: top; 385 | border-bottom: 1px dotted #004B6B; 386 | } 387 | 388 | a.footnote-reference:hover { 389 | border-bottom: 1px solid #6D4100; 390 | } 391 | 392 | a:hover tt { 393 | background: #EEE; 394 | } 395 | 396 | 397 | @media screen and (max-width: 870px) { 398 | 399 | div.sphinxsidebar { 400 | display: none; 401 | } 402 | 403 | div.document { 404 | width: 100%; 405 | 406 | } 407 | 408 | div.documentwrapper { 409 | margin-left: 0; 410 | margin-top: 0; 411 | margin-right: 0; 412 | margin-bottom: 0; 413 | } 414 | 415 | div.bodywrapper { 416 | margin-top: 0; 417 | margin-right: 0; 418 | margin-bottom: 0; 419 | margin-left: 0; 420 | } 421 | 422 | ul { 423 | margin-left: 0; 424 | } 425 | 426 | .document { 427 | width: auto; 428 | } 429 | 430 | .footer { 431 | width: auto; 432 | } 433 | 434 | .bodywrapper { 435 | margin: 0; 436 | } 437 | 438 | .footer { 439 | width: auto; 440 | } 441 | 442 | .github { 443 | display: none; 444 | } 445 | 446 | 447 | 448 | } 449 | 450 | 451 | 452 | @media screen and (max-width: 875px) { 453 | 454 | body { 455 | margin: 0; 456 | padding: 20px 30px; 457 | } 458 | 459 | div.documentwrapper { 460 | float: none; 461 | background: white; 462 | } 463 | 464 | div.sphinxsidebar { 465 | display: block; 466 | float: none; 467 | width: 102.5%; 468 | margin: 50px -30px -20px -30px; 469 | padding: 10px 20px; 470 | background: #333; 471 | color: white; 472 | } 473 | 474 | div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p, 475 | div.sphinxsidebar h3 a { 476 | color: white; 477 | } 478 | 479 | div.sphinxsidebar a { 480 | color: #aaa; 481 | } 482 | 483 | div.sphinxsidebar p.logo { 484 | display: none; 485 | } 486 | 487 | div.document { 488 | width: 100%; 489 | margin: 0; 490 | } 491 | 492 | div.related { 493 | display: block; 494 | margin: 0; 495 | padding: 10px 0 20px 0; 496 | } 497 | 498 | div.related ul, 499 | div.related ul li { 500 | margin: 0; 501 | padding: 0; 502 | } 503 | 504 | div.footer { 505 | display: none; 506 | } 507 | 508 | div.bodywrapper { 509 | margin: 0; 510 | } 511 | 512 | div.body { 513 | min-height: 0; 514 | padding: 0; 515 | } 516 | 517 | .rtd_doc_footer { 518 | display: none; 519 | } 520 | 521 | .document { 522 | width: auto; 523 | } 524 | 525 | .footer { 526 | width: auto; 527 | } 528 | 529 | .footer { 530 | width: auto; 531 | } 532 | 533 | .github { 534 | display: none; 535 | } 536 | } 537 | 538 | 539 | /* scrollbars */ 540 | 541 | ::-webkit-scrollbar { 542 | width: 6px; 543 | height: 6px; 544 | } 545 | 546 | ::-webkit-scrollbar-button:start:decrement, 547 | ::-webkit-scrollbar-button:end:increment { 548 | display: block; 549 | height: 10px; 550 | } 551 | 552 | ::-webkit-scrollbar-button:vertical:increment { 553 | background-color: #fff; 554 | } 555 | 556 | ::-webkit-scrollbar-track-piece { 557 | background-color: #eee; 558 | -webkit-border-radius: 3px; 559 | } 560 | 561 | ::-webkit-scrollbar-thumb:vertical { 562 | height: 50px; 563 | background-color: #ccc; 564 | -webkit-border-radius: 3px; 565 | } 566 | 567 | ::-webkit-scrollbar-thumb:horizontal { 568 | width: 50px; 569 | background-color: #ccc; 570 | -webkit-border-radius: 3px; 571 | } 572 | 573 | /* misc. */ 574 | 575 | .revsys-inline { 576 | display: none!important; 577 | } -------------------------------------------------------------------------------- /docs/_themes/flask/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = basic 3 | stylesheet = flasky.css 4 | pygments_style = flask_theme_support.FlaskyStyle 5 | 6 | [options] 7 | index_logo = 'title-small.png' 8 | index_logo_height = 80px 9 | github_fork = jtushman/flask-bouncer 10 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "basic/layout.html" %} 2 | {% block header %} 3 | {{ super() }} 4 | {% if pagename == 'index' %} 5 |
6 | {% endif %} 7 | {% endblock %} 8 | {% block footer %} 9 | {% if pagename == 'index' %} 10 |
11 | {% endif %} 12 | {% endblock %} 13 | {# do not display relbars #} 14 | {% block relbar1 %}{% endblock %} 15 | {% block relbar2 %} 16 | {% if theme_github_fork %} 17 | Fork me on GitHub 19 | {% endif %} 20 | {% endblock %} 21 | {% block sidebar1 %}{% endblock %} 22 | {% block sidebar2 %}{% endblock %} 23 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/static/flasky.css_t: -------------------------------------------------------------------------------- 1 | /* 2 | * flasky.css_t 3 | * ~~~~~~~~~~~~ 4 | * 5 | * Sphinx stylesheet -- flasky theme based on nature theme. 6 | * 7 | * :copyright: Copyright 2007-2010 by the Sphinx team, see AUTHORS. 8 | * :license: BSD, see LICENSE for details. 9 | * 10 | */ 11 | 12 | @import url("basic.css"); 13 | 14 | /* -- page layout ----------------------------------------------------------- */ 15 | 16 | body { 17 | font-family: 'Georgia', serif; 18 | font-size: 17px; 19 | color: #000; 20 | background: white; 21 | margin: 0; 22 | padding: 0; 23 | } 24 | 25 | div.documentwrapper { 26 | float: left; 27 | width: 100%; 28 | } 29 | 30 | div.bodywrapper { 31 | margin: 40px auto 0 auto; 32 | width: 700px; 33 | } 34 | 35 | hr { 36 | border: 1px solid #B1B4B6; 37 | } 38 | 39 | div.body { 40 | background-color: #ffffff; 41 | color: #3E4349; 42 | padding: 0 30px 30px 30px; 43 | } 44 | 45 | img.floatingflask { 46 | padding: 0 0 10px 10px; 47 | float: right; 48 | } 49 | 50 | div.footer { 51 | text-align: right; 52 | color: #888; 53 | padding: 10px; 54 | font-size: 14px; 55 | width: 650px; 56 | margin: 0 auto 40px auto; 57 | } 58 | 59 | div.footer a { 60 | color: #888; 61 | text-decoration: underline; 62 | } 63 | 64 | div.related { 65 | line-height: 32px; 66 | color: #888; 67 | } 68 | 69 | div.related ul { 70 | padding: 0 0 0 10px; 71 | } 72 | 73 | div.related a { 74 | color: #444; 75 | } 76 | 77 | /* -- body styles ----------------------------------------------------------- */ 78 | 79 | a { 80 | color: #004B6B; 81 | text-decoration: underline; 82 | } 83 | 84 | a:hover { 85 | color: #6D4100; 86 | text-decoration: underline; 87 | } 88 | 89 | div.body { 90 | padding-bottom: 40px; /* saved for footer */ 91 | } 92 | 93 | div.body h1, 94 | div.body h2, 95 | div.body h3, 96 | div.body h4, 97 | div.body h5, 98 | div.body h6 { 99 | font-family: 'Garamond', 'Georgia', serif; 100 | font-weight: normal; 101 | margin: 30px 0px 10px 0px; 102 | padding: 0; 103 | } 104 | 105 | {% if theme_index_logo %} 106 | div.indexwrapper h1 { 107 | text-indent: -999999px; 108 | background: url({{ theme_index_logo }}) no-repeat center center; 109 | height: {{ theme_index_logo_height }}; 110 | } 111 | {% endif %} 112 | 113 | div.body h2 { font-size: 180%; } 114 | div.body h3 { font-size: 150%; } 115 | div.body h4 { font-size: 130%; } 116 | div.body h5 { font-size: 100%; } 117 | div.body h6 { font-size: 100%; } 118 | 119 | a.headerlink { 120 | color: white; 121 | padding: 0 4px; 122 | text-decoration: none; 123 | } 124 | 125 | a.headerlink:hover { 126 | color: #444; 127 | background: #eaeaea; 128 | } 129 | 130 | div.body p, div.body dd, div.body li { 131 | line-height: 1.4em; 132 | } 133 | 134 | div.admonition { 135 | background: #fafafa; 136 | margin: 20px -30px; 137 | padding: 10px 30px; 138 | border-top: 1px solid #ccc; 139 | border-bottom: 1px solid #ccc; 140 | } 141 | 142 | div.admonition p.admonition-title { 143 | font-family: 'Garamond', 'Georgia', serif; 144 | font-weight: normal; 145 | font-size: 24px; 146 | margin: 0 0 10px 0; 147 | padding: 0; 148 | line-height: 1; 149 | } 150 | 151 | div.admonition p.last { 152 | margin-bottom: 0; 153 | } 154 | 155 | div.highlight{ 156 | background-color: white; 157 | } 158 | 159 | dt:target, .highlight { 160 | background: #FAF3E8; 161 | } 162 | 163 | div.note { 164 | background-color: #eee; 165 | border: 1px solid #ccc; 166 | } 167 | 168 | div.seealso { 169 | background-color: #ffc; 170 | border: 1px solid #ff6; 171 | } 172 | 173 | div.topic { 174 | background-color: #eee; 175 | } 176 | 177 | div.warning { 178 | background-color: #ffe4e4; 179 | border: 1px solid #f66; 180 | } 181 | 182 | p.admonition-title { 183 | display: inline; 184 | } 185 | 186 | p.admonition-title:after { 187 | content: ":"; 188 | } 189 | 190 | pre, tt { 191 | font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace; 192 | font-size: 0.85em; 193 | } 194 | 195 | img.screenshot { 196 | } 197 | 198 | tt.descname, tt.descclassname { 199 | font-size: 0.95em; 200 | } 201 | 202 | tt.descname { 203 | padding-right: 0.08em; 204 | } 205 | 206 | img.screenshot { 207 | -moz-box-shadow: 2px 2px 4px #eee; 208 | -webkit-box-shadow: 2px 2px 4px #eee; 209 | box-shadow: 2px 2px 4px #eee; 210 | } 211 | 212 | table.docutils { 213 | border: 1px solid #888; 214 | -moz-box-shadow: 2px 2px 4px #eee; 215 | -webkit-box-shadow: 2px 2px 4px #eee; 216 | box-shadow: 2px 2px 4px #eee; 217 | } 218 | 219 | table.docutils td, table.docutils th { 220 | border: 1px solid #888; 221 | padding: 0.25em 0.7em; 222 | } 223 | 224 | table.field-list, table.footnote { 225 | border: none; 226 | -moz-box-shadow: none; 227 | -webkit-box-shadow: none; 228 | box-shadow: none; 229 | } 230 | 231 | table.footnote { 232 | margin: 15px 0; 233 | width: 100%; 234 | border: 1px solid #eee; 235 | } 236 | 237 | table.field-list th { 238 | padding: 0 0.8em 0 0; 239 | } 240 | 241 | table.field-list td { 242 | padding: 0; 243 | } 244 | 245 | table.footnote td { 246 | padding: 0.5em; 247 | } 248 | 249 | dl { 250 | margin: 0; 251 | padding: 0; 252 | } 253 | 254 | dl dd { 255 | margin-left: 30px; 256 | } 257 | 258 | pre { 259 | padding: 0; 260 | margin: 15px -30px; 261 | padding: 8px; 262 | line-height: 1.3em; 263 | padding: 7px 30px; 264 | background: #eee; 265 | border-radius: 2px; 266 | -moz-border-radius: 2px; 267 | -webkit-border-radius: 2px; 268 | } 269 | 270 | dl pre { 271 | margin-left: -60px; 272 | padding-left: 60px; 273 | } 274 | 275 | tt { 276 | background-color: #ecf0f3; 277 | color: #222; 278 | /* padding: 1px 2px; */ 279 | } 280 | 281 | tt.xref, a tt { 282 | background-color: #FBFBFB; 283 | } 284 | 285 | a:hover tt { 286 | background: #EEE; 287 | } 288 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = basic 3 | stylesheet = flasky.css 4 | nosidebar = true 5 | pygments_style = flask_theme_support.FlaskyStyle 6 | 7 | [options] 8 | index_logo = 'title-small.png' 9 | index_logo_height = 80px 10 | github_fork = jtushman/flask-bouncer 11 | -------------------------------------------------------------------------------- /docs/_themes/flask_theme_support.py: -------------------------------------------------------------------------------- 1 | # flasky extensions. flasky pygments style based on tango style 2 | from pygments.style import Style 3 | from pygments.token import Keyword, Name, Comment, String, Error, \ 4 | Number, Operator, Generic, Whitespace, Punctuation, Other, Literal 5 | 6 | 7 | class FlaskyStyle(Style): 8 | background_color = "#f8f8f8" 9 | default_style = "" 10 | 11 | styles = { 12 | # No corresponding class for the following: 13 | #Text: "", # class: '' 14 | Whitespace: "underline #f8f8f8", # class: 'w' 15 | Error: "#a40000 border:#ef2929", # class: 'err' 16 | Other: "#000000", # class 'x' 17 | 18 | Comment: "italic #8f5902", # class: 'c' 19 | Comment.Preproc: "noitalic", # class: 'cp' 20 | 21 | Keyword: "bold #004461", # class: 'k' 22 | Keyword.Constant: "bold #004461", # class: 'kc' 23 | Keyword.Declaration: "bold #004461", # class: 'kd' 24 | Keyword.Namespace: "bold #004461", # class: 'kn' 25 | Keyword.Pseudo: "bold #004461", # class: 'kp' 26 | Keyword.Reserved: "bold #004461", # class: 'kr' 27 | Keyword.Type: "bold #004461", # class: 'kt' 28 | 29 | Operator: "#582800", # class: 'o' 30 | Operator.Word: "bold #004461", # class: 'ow' - like keywords 31 | 32 | Punctuation: "bold #000000", # class: 'p' 33 | 34 | # because special names such as Name.Class, Name.Function, etc. 35 | # are not recognized as such later in the parsing, we choose them 36 | # to look the same as ordinary variables. 37 | Name: "#000000", # class: 'n' 38 | Name.Attribute: "#c4a000", # class: 'na' - to be revised 39 | Name.Builtin: "#004461", # class: 'nb' 40 | Name.Builtin.Pseudo: "#3465a4", # class: 'bp' 41 | Name.Class: "#000000", # class: 'nc' - to be revised 42 | Name.Constant: "#000000", # class: 'no' - to be revised 43 | Name.Decorator: "#888", # class: 'nd' - to be revised 44 | Name.Entity: "#ce5c00", # class: 'ni' 45 | Name.Exception: "bold #cc0000", # class: 'ne' 46 | Name.Function: "#000000", # class: 'nf' 47 | Name.Property: "#000000", # class: 'py' 48 | Name.Label: "#f57900", # class: 'nl' 49 | Name.Namespace: "#000000", # class: 'nn' - to be revised 50 | Name.Other: "#000000", # class: 'nx' 51 | Name.Tag: "bold #004461", # class: 'nt' - like a keyword 52 | Name.Variable: "#000000", # class: 'nv' - to be revised 53 | Name.Variable.Class: "#000000", # class: 'vc' - to be revised 54 | Name.Variable.Global: "#000000", # class: 'vg' - to be revised 55 | Name.Variable.Instance: "#000000", # class: 'vi' - to be revised 56 | 57 | Number: "#990000", # class: 'm' 58 | 59 | Literal: "#000000", # class: 'l' 60 | Literal.Date: "#000000", # class: 'ld' 61 | 62 | String: "#4e9a06", # class: 's' 63 | String.Backtick: "#4e9a06", # class: 'sb' 64 | String.Char: "#4e9a06", # class: 'sc' 65 | String.Doc: "italic #8f5902", # class: 'sd' - like a comment 66 | String.Double: "#4e9a06", # class: 's2' 67 | String.Escape: "#4e9a06", # class: 'se' 68 | String.Heredoc: "#4e9a06", # class: 'sh' 69 | String.Interpol: "#4e9a06", # class: 'si' 70 | String.Other: "#4e9a06", # class: 'sx' 71 | String.Regex: "#4e9a06", # class: 'sr' 72 | String.Single: "#4e9a06", # class: 's1' 73 | String.Symbol: "#4e9a06", # class: 'ss' 74 | 75 | Generic: "#000000", # class: 'g' 76 | Generic.Deleted: "#a40000", # class: 'gd' 77 | Generic.Emph: "italic #000000", # class: 'ge' 78 | Generic.Error: "#ef2929", # class: 'gr' 79 | Generic.Heading: "bold #000080", # class: 'gh' 80 | Generic.Inserted: "#00A000", # class: 'gi' 81 | Generic.Output: "#888", # class: 'go' 82 | Generic.Prompt: "#745334", # class: 'gp' 83 | Generic.Strong: "bold #000000", # class: 'gs' 84 | Generic.Subheading: "bold #800080", # class: 'gu' 85 | Generic.Traceback: "bold #a40000", # class: 'gt' 86 | } 87 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # flask-bouncer documentation build configuration file, created by 4 | # sphinx-quickstart on Fri Apr 4 15:30:40 2014. 5 | # 6 | # This file is execfile()d with the current directory set to its 7 | # containing dir. 8 | # 9 | # Note that not all possible configuration values are present in this 10 | # autogenerated file. 11 | # 12 | # All configuration values have a default; values that are commented out 13 | # serve to show the default. 14 | 15 | import sys 16 | import os 17 | 18 | # If extensions (or modules to document with autodoc) are in another directory, 19 | # add these directories to sys.path here. If the directory is relative to the 20 | # documentation root, use os.path.abspath to make it absolute, like shown here. 21 | #sys.path.insert(0, os.path.abspath('.')) 22 | sys.path.append(os.path.abspath('_themes')) 23 | html_theme_path = ['_themes'] 24 | html_theme = 'flask_small' 25 | 26 | # -- General configuration ------------------------------------------------ 27 | 28 | # If your documentation needs a minimal Sphinx version, state it here. 29 | #needs_sphinx = '1.0' 30 | 31 | # Add any Sphinx extension module names here, as strings. They can be 32 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 33 | # ones. 34 | extensions = [ 35 | 'sphinx.ext.autodoc', 36 | ] 37 | 38 | # Add any paths that contain templates here, relative to this directory. 39 | templates_path = ['_templates'] 40 | 41 | # The suffix of source filenames. 42 | source_suffix = '.rst' 43 | 44 | # The encoding of source files. 45 | #source_encoding = 'utf-8-sig' 46 | 47 | # The master toctree document. 48 | master_doc = 'index' 49 | 50 | # General information about the project. 51 | project = u'flask-bouncer' 52 | copyright = u'2014, Jonathan Tushman' 53 | 54 | # The version info for the project you're documenting, acts as replacement for 55 | # |version| and |release|, also used in various other places throughout the 56 | # built documents. 57 | # 58 | # The short X.Y version. 59 | version = '0.1.12' 60 | # The full version, including alpha/beta/rc tags. 61 | release = '0.1.12' 62 | 63 | # The language for content autogenerated by Sphinx. Refer to documentation 64 | # for a list of supported languages. 65 | #language = None 66 | 67 | # There are two options for replacing |today|: either, you set today to some 68 | # non-false value, then it is used: 69 | #today = '' 70 | # Else, today_fmt is used as the format for a strftime call. 71 | #today_fmt = '%B %d, %Y' 72 | 73 | # List of patterns, relative to source directory, that match files and 74 | # directories to ignore when looking for source files. 75 | exclude_patterns = ['_build'] 76 | 77 | # The reST default role (used for this markup: `text`) to use for all 78 | # documents. 79 | #default_role = None 80 | 81 | # If true, '()' will be appended to :func: etc. cross-reference text. 82 | #add_function_parentheses = True 83 | 84 | # If true, the current module name will be prepended to all description 85 | # unit titles (such as .. function::). 86 | #add_module_names = True 87 | 88 | # If true, sectionauthor and moduleauthor directives will be shown in the 89 | # output. They are ignored by default. 90 | #show_authors = False 91 | 92 | # The name of the Pygments (syntax highlighting) style to use. 93 | pygments_style = 'sphinx' 94 | 95 | # A list of ignored prefixes for module index sorting. 96 | #modindex_common_prefix = [] 97 | 98 | # If true, keep warnings as "system message" paragraphs in the built documents. 99 | #keep_warnings = False 100 | 101 | 102 | # -- Options for HTML output ---------------------------------------------- 103 | 104 | # The theme to use for HTML and HTML Help pages. See the documentation for 105 | # a list of builtin themes. 106 | # html_theme = 'default' 107 | 108 | # Theme options are theme-specific and customize the look and feel of a theme 109 | # further. For a list of options available for each theme, see the 110 | # documentation. 111 | #html_theme_options = {} 112 | 113 | # Add any paths that contain custom themes here, relative to this directory. 114 | #html_theme_path = [] 115 | 116 | # The name for this set of Sphinx documents. If None, it defaults to 117 | # " v documentation". 118 | #html_title = None 119 | 120 | # A shorter title for the navigation bar. Default is the same as html_title. 121 | #html_short_title = None 122 | 123 | # The name of an image file (relative to this directory) to place at the top 124 | # of the sidebar. 125 | #html_logo = None 126 | 127 | # The name of an image file (within the static path) to use as favicon of the 128 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 129 | # pixels large. 130 | #html_favicon = None 131 | 132 | # Add any paths that contain custom static files (such as style sheets) here, 133 | # relative to this directory. They are copied after the builtin static files, 134 | # so a file named "default.css" will overwrite the builtin "default.css". 135 | html_static_path = ['_static'] 136 | 137 | # Add any extra paths that contain custom files (such as robots.txt or 138 | # .htaccess) here, relative to this directory. These files are copied 139 | # directly to the root of the documentation. 140 | #html_extra_path = [] 141 | 142 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, 143 | # using the given strftime format. 144 | #html_last_updated_fmt = '%b %d, %Y' 145 | 146 | # If true, SmartyPants will be used to convert quotes and dashes to 147 | # typographically correct entities. 148 | #html_use_smartypants = True 149 | 150 | # Custom sidebar templates, maps document names to template names. 151 | #html_sidebars = {} 152 | 153 | # Additional templates that should be rendered to pages, maps page names to 154 | # template names. 155 | #html_additional_pages = {} 156 | 157 | # If false, no module index is generated. 158 | #html_domain_indices = True 159 | 160 | # If false, no index is generated. 161 | #html_use_index = True 162 | 163 | # If true, the index is split into individual pages for each letter. 164 | #html_split_index = False 165 | 166 | # If true, links to the reST sources are added to the pages. 167 | #html_show_sourcelink = True 168 | 169 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 170 | #html_show_sphinx = True 171 | 172 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 173 | #html_show_copyright = True 174 | 175 | # If true, an OpenSearch description file will be output, and all pages will 176 | # contain a tag referring to it. The value of this option must be the 177 | # base URL from which the finished HTML is served. 178 | #html_use_opensearch = '' 179 | 180 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 181 | #html_file_suffix = None 182 | 183 | # Output file base name for HTML help builder. 184 | htmlhelp_basename = 'flask-bouncerdoc' 185 | 186 | 187 | # -- Options for LaTeX output --------------------------------------------- 188 | 189 | latex_elements = { 190 | # The paper size ('letterpaper' or 'a4paper'). 191 | #'papersize': 'letterpaper', 192 | 193 | # The font size ('10pt', '11pt' or '12pt'). 194 | #'pointsize': '10pt', 195 | 196 | # Additional stuff for the LaTeX preamble. 197 | #'preamble': '', 198 | } 199 | 200 | # Grouping the document tree into LaTeX files. List of tuples 201 | # (source start file, target name, title, 202 | # author, documentclass [howto, manual, or own class]). 203 | latex_documents = [ 204 | ('index', 'flask-bouncer.tex', u'flask-bouncer Documentation', 205 | u'Jonathan Tushman', 'manual'), 206 | ] 207 | 208 | # The name of an image file (relative to this directory) to place at the top of 209 | # the title page. 210 | #latex_logo = None 211 | 212 | # For "manual" documents, if this is true, then toplevel headings are parts, 213 | # not chapters. 214 | #latex_use_parts = False 215 | 216 | # If true, show page references after internal links. 217 | #latex_show_pagerefs = False 218 | 219 | # If true, show URL addresses after external links. 220 | #latex_show_urls = False 221 | 222 | # Documents to append as an appendix to all manuals. 223 | #latex_appendices = [] 224 | 225 | # If false, no module index is generated. 226 | #latex_domain_indices = True 227 | 228 | 229 | # -- Options for manual page output --------------------------------------- 230 | 231 | # One entry per manual page. List of tuples 232 | # (source start file, name, description, authors, manual section). 233 | man_pages = [ 234 | ('index', 'flask-bouncer', u'flask-bouncer Documentation', 235 | [u'Jonathan Tushman'], 1) 236 | ] 237 | 238 | # If true, show URL addresses after external links. 239 | #man_show_urls = False 240 | 241 | 242 | # -- Options for Texinfo output ------------------------------------------- 243 | 244 | # Grouping the document tree into Texinfo files. List of tuples 245 | # (source start file, target name, title, author, 246 | # dir menu entry, description, category) 247 | texinfo_documents = [ 248 | ('index', 'flask-bouncer', u'flask-bouncer Documentation', 249 | u'Jonathan Tushman', 'flask-bouncer', 'One line description of project.', 250 | 'Miscellaneous'), 251 | ] 252 | 253 | # Documents to append as an appendix to all manuals. 254 | #texinfo_appendices = [] 255 | 256 | # If false, no module index is generated. 257 | #texinfo_domain_indices = True 258 | 259 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 260 | #texinfo_show_urls = 'footnote' 261 | 262 | # If true, do not generate a @detailmenu in the "Top" node's menu. 263 | #texinfo_no_detailmenu = False 264 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | flask-bouncer 2 | ============= 3 | 4 | Flask declarative authorization leveraging `bouncer`_ 5 | 6 | |Build Status| 7 | 8 | **flask-bouncer** is an authorization library for Flask which restricts 9 | what resources a given user is allowed to access. All the permissions 10 | are defined in a **single location**. 11 | 12 | Enough chit-chat – show me the code … 13 | 14 | Installation 15 | ------------ 16 | 17 | .. code:: bash 18 | 19 | pip install flask-bouncer 20 | 21 | Usage 22 | ----- 23 | 24 | .. code:: python 25 | 26 | from flask_bouncer import requires, ensure, Bouncer 27 | app = Flask() 28 | bouncer = Bouncer(app) 29 | 30 | # Define your authorization in one place and in english ... 31 | @bouncer.authorization_method 32 | def define_authorization(user, they): 33 | if user.is_admin: 34 | they.can(MANAGE, ALL) 35 | else: 36 | they.can(READ, ('Article', 'BlogPost')) 37 | they.can(EDIT, 'Article', lambda a: a.author_id == user.id) 38 | 39 | # Then decorate your routes with your conditions. 40 | # If it fails it will return a 403 41 | @app.route("/articles") 42 | @requires(READ, Article) 43 | def articles_index(): 44 | return "A bunch of articles" 45 | 46 | @app.route("/topsecret") 47 | @requires(READ, TopSecretFile) 48 | def topsecret_index(): 49 | return "A bunch of top secret stuff that only admins should see" 50 | 51 | - When you are dealing with a specific resource, then use the 52 | ``ensure`` method 53 | 54 | .. code:: python 55 | 56 | from flask_bouncer import requires, ensure 57 | @app.route("/articles/") 58 | @requires(READ, Article) 59 | def show_article(article_id): 60 | article = Article.find_by_id(article_id) 61 | 62 | # can the current user 'read' the article, if not it will throw a 403 63 | ensure(READ,article) 64 | return render_template('article.html', article=article) 65 | 66 | - Check out `bouncer`_ with more details about defining Abilities 67 | - flask-bouncer by default looks for ``current_user`` or ``user`` 68 | stored in flask’s `g`_ 69 | 70 | Lock It Down 71 | ------------ 72 | You can use the `ensure_authorization` feature to ensure that all of your routes in your application have been 73 | authorized 74 | 75 | .. code:: python 76 | 77 | bouncer = Bouncer(app, ensure_authorization=True) 78 | 79 | This will check each request to ensure that an authorization check (either `ensure` or `requires`) has been made 80 | 81 | If you want to skip a certain route, decorate your route with `@skip_authorization`. Like so: 82 | 83 | .. code:: python 84 | 85 | @app.route("/articles") 86 | @skip_authorization 87 | def articles_index(): 88 | return "A bunch of articles" 89 | 90 | 91 | Flask-Classy Support 92 | -------------------- 93 | 94 | I ❤ `Flask-Classy`_ Like a lot. Flask-Classy is an extension that adds 95 | class-based REST views to Flask. 96 | 97 | 1) Define you View similarly as you would with flask-classy 98 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 99 | 100 | .. code:: python 101 | 102 | from flask_classy import FlaskView 103 | from yourapp.models import Article 104 | 105 | class ArticleView(FlaskView) 106 | 107 | # an additional class attribute that you need to add for flask-bouncer 108 | __target_model__ = Article 109 | 110 | def index(self) 111 | return "Index" 112 | 113 | def get(self, obj_id): 114 | return "Get " 115 | 116 | # ... methods for post, delete (and even put, and patch if you so like 117 | 118 | 119 | 2) Register the View with flask and bouncer 120 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 121 | 122 | .. code:: python 123 | 124 | # in your application.py or the like 125 | 126 | app = Flask("classy") 127 | bouncer = Bouncer(app) 128 | ArticleView.register(app) 129 | 130 | # Which classy views do you want to lock down, you can pass multiple 131 | bouncer.monitor(ArticleView) 132 | 133 | .. _bouncer: https://github.com/jtushman/bouncer 134 | .. _g: http://flask.pocoo.org/docs/api/#flask.g 135 | .. _Flask-Classy: https://pythonhosted.org/Flask-Classy/ 136 | 137 | .. |Build Status| image:: https://travis-ci.org/jtushman/flask-bouncer.svg?branch=master 138 | :target: https://travis-ci.org/jtushman/flask-bouncer 139 | 140 | Then voila – flask-bouncer will implicitly add the following conditions 141 | to the routes: 142 | 143 | - You need ‘READ’ privileges for ‘index’,‘show’ and ‘get’ 144 | - You need ‘CREATE’ privileges for ‘new’,‘put’ and ‘post’ 145 | - You need ‘UPDATE’ privileges for ‘edit’ and ‘patch’ 146 | 147 | If you want to over-write the default requirements, just add the 148 | ``@requires`` decorator to the function 149 | 150 | Configuration 151 | ------------- 152 | 153 | current\_user 154 | ~~~~~~~~~~~~~ 155 | 156 | By default flask-bouncer will inspect ``g`` for user or current\_user. 157 | You can add your custom loader by decorating a function with 158 | ``@bouncer.user_loader`` 159 | 160 | Other Features 161 | -------------- 162 | 163 | - Plays nice with `flask-login`_ 164 | - Plays nice with blueprints 165 | - Plays nice with `flask-classy`_ 166 | 167 | Notes 168 | ----- 169 | 170 | - This library focusing only on **Authorization**, we leave 171 | **Authentication** to other libraries such as `flask-login`_. 172 | 173 | Thank You! 174 | ---------- 175 | 176 | - Ryan Bates, and his excellent CanCan ruby library which this the 177 | inspiration for this library 178 | 179 | Questions / Issues 180 | ------------------ 181 | 182 | Feel free to ping me on twitter: `@tushman`_ 183 | or add issues or PRs at https://github.com/jtushman/flask-bouncer 184 | 185 | .. _flask-login: http://flask-login.readthedocs.org/en/latest/ 186 | .. _flask-classy: https://pythonhosted.org/Flask-Classy/ 187 | .. _@tushman: http://twitter.com/tushman 188 | -------------------------------------------------------------------------------- /flask_bouncer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | from functools import wraps 4 | 5 | from flask import request, g, current_app, _app_ctx_stack as stack 6 | from werkzeug.local import LocalProxy 7 | from werkzeug.exceptions import Forbidden 8 | from bouncer import Ability 9 | from bouncer.constants import * 10 | 11 | 12 | # Convenient references 13 | _bouncer = LocalProxy(lambda: current_app.extensions['bouncer']) 14 | 15 | 16 | def ensure(action, subject): 17 | request._authorized = True 18 | current_user = _bouncer.get_current_user() 19 | ability = Ability(current_user) 20 | ability.authorization_method = _bouncer.get_authorization_method() 21 | ability.aliased_actions = _bouncer.alias_actions 22 | if ability.cannot(action, subject): 23 | msg = "{0} does not have {1} access to {2}".format(current_user, action, subject) 24 | raise Forbidden(msg) 25 | 26 | 27 | def can(action, subject): 28 | request._authorized = True 29 | current_user = _bouncer.get_current_user() 30 | ability = Ability(current_user) 31 | ability.authorization_method = _bouncer.get_authorization_method() 32 | ability.aliased_actions = _bouncer.alias_actions 33 | return ability.can(action, subject) 34 | 35 | 36 | # alias 37 | bounce = ensure 38 | 39 | 40 | class Condition(object): 41 | 42 | def __init__(self, action, subject): 43 | self.action = action 44 | self.subject = subject 45 | 46 | def test(self): 47 | ensure(self.action, self.subject) 48 | 49 | 50 | def requires(action, subject): 51 | def decorator(f): 52 | f._explict_rule_set = True 53 | 54 | @wraps(f) 55 | def decorated_function(*args, **kwargs): 56 | Condition(action, subject).test() 57 | return f(*args, **kwargs) 58 | return decorated_function 59 | return decorator 60 | 61 | 62 | def skip_authorization(f): 63 | @wraps(f) 64 | def decorated_function(*args, **kwargs): 65 | request._authorized = True 66 | return f(*args, **kwargs) 67 | return decorated_function 68 | 69 | 70 | class Bouncer(object): 71 | 72 | """This class is used to control the Abilities Integration to one or more Flask applications""" 73 | 74 | special_methods = ["get", "put", "patch", "post", "delete", "index"] 75 | 76 | def __init__(self, app=None, **kwargs): 77 | 78 | self.authorization_method_callback = None 79 | self._alias_actions = self.default_alias_actions() 80 | self._authorization_method = None 81 | self.flask_classy_classes = list() 82 | self.explict_rules = list() 83 | self.get_current_user = self.default_user_loader 84 | 85 | self.app = None 86 | 87 | if app is not None: 88 | self.init_app(app, **kwargs) 89 | 90 | def get_app(self, reference_app=None): 91 | """Helper method that implements the logic to look up an application.""" 92 | 93 | if reference_app is not None: 94 | return reference_app 95 | 96 | if self.app is not None: 97 | return self.app 98 | 99 | ctx = stack.top 100 | 101 | if ctx is not None: 102 | return ctx.app 103 | 104 | raise RuntimeError('Application not registered on Bouncer' 105 | ' instance and no application bound' 106 | ' to current context') 107 | 108 | def init_app(self, app, **kwargs): 109 | """ Initializes the Flask-Bouncer extension for the specified application. 110 | 111 | :param app: The application. 112 | """ 113 | self.app = app 114 | 115 | self._init_extension() 116 | 117 | self.app.before_request(self.check_implicit_rules) 118 | 119 | if kwargs.get('ensure_authorization', False): 120 | self.app.after_request(self.check_authorization) 121 | 122 | def _init_extension(self): 123 | if not hasattr(self.app, 'extensions'): 124 | self.app.extensions = dict() 125 | 126 | self.app.extensions['bouncer'] = self 127 | 128 | def check_authorization(self, response): 129 | """checks that an authorization call has been made during the request""" 130 | if not hasattr(request, '_authorized'): 131 | raise Forbidden 132 | elif not request._authorized: 133 | raise Forbidden 134 | return response 135 | 136 | def check_implicit_rules(self): 137 | """ if you are using flask classy are using the standard index,new,put,post, etc ... type routes, we will 138 | automatically check the permissions for you 139 | """ 140 | if not self.request_is_managed_by_flask_classy(): 141 | return 142 | 143 | if self.method_is_explictly_overwritten(): 144 | return 145 | 146 | class_name, action = request.endpoint.split(':') 147 | clazz = [classy_class for classy_class in self.flask_classy_classes if classy_class.__name__ == class_name][0] 148 | Condition(action, clazz.__target_model__).test() 149 | 150 | def method_is_explictly_overwritten(self): 151 | view_func = current_app.view_functions[request.endpoint] 152 | return hasattr(view_func, '_explict_rule_set') and view_func._explict_rule_set is True 153 | 154 | def request_is_managed_by_flask_classy(self): 155 | if request.endpoint is None: 156 | return False 157 | if ':' not in request.endpoint: 158 | return False 159 | class_name, action = request.endpoint.split(':') 160 | return any(class_name == classy_class.__name__ for classy_class in self.flask_classy_classes) \ 161 | and action in self.special_methods 162 | 163 | def default_user_loader(self): 164 | if hasattr(g, 'current_user'): 165 | return g.current_user 166 | elif hasattr(g, 'user'): 167 | return g.user 168 | else: 169 | raise Exception("Excepting current_user on flask's g") 170 | 171 | def user_loader(self, value): 172 | """ 173 | Use this method decorator to overwrite the default user loader 174 | """ 175 | self.get_current_user = value 176 | return value 177 | 178 | @property 179 | def alias_actions(self): 180 | return self._alias_actions 181 | 182 | @alias_actions.setter 183 | def alias_actions(self, value): 184 | """if you want to override your actions""" 185 | self._alias_actions = value 186 | 187 | def default_alias_actions(self): 188 | return { 189 | READ: [INDEX, SHOW, GET], 190 | CREATE: [NEW, PUT, POST], 191 | UPDATE: [EDIT, PATCH] 192 | } 193 | 194 | def monitor(self, *classy_routes): 195 | self.flask_classy_classes.extend(classy_routes) 196 | 197 | def authorization_method(self, value): 198 | """ 199 | the callback for defining user abilities 200 | """ 201 | self._authorization_method = value 202 | return self._authorization_method 203 | 204 | def get_authorization_method(self): 205 | if self._authorization_method is not None: 206 | return self._authorization_method 207 | else: 208 | raise Exception('Expected authorication method to be set') 209 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [build_sphinx] 2 | source-dir = docs 3 | build-dir = docs/_build 4 | all_files = 1 5 | 6 | [upload_sphinx] 7 | upload-dir = docs/_build/html -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup 2 | 3 | required_modules = ['bouncer>=0.1.8', 'Flask>=0.9', 'blinker'] 4 | 5 | setup(name='flask-bouncer', 6 | version='0.3.0', 7 | description='Flask Simple Declarative Authentication based on Ryan Bates excellent cancan library', 8 | url='http://github.com/bouncer-app/flask-bouncer', 9 | author='Jonathan Tushman', 10 | author_email='jonathan@zefr.com', 11 | install_requires=required_modules, 12 | license='MIT', 13 | py_modules=['flask_bouncer'], 14 | zip_safe=False, 15 | platforms='any', 16 | tests_require=['nose', 'flask-classy>=0.6.10'], 17 | test_suite='nose.collector', 18 | classifiers=[ 19 | 'Environment :: Web Environment', 20 | 'Intended Audience :: Developers', 21 | 'License :: OSI Approved :: BSD License', 22 | 'Operating System :: OS Independent', 23 | 'Programming Language :: Python', 24 | 'Topic :: Internet :: WWW/HTTP :: Dynamic Content', 25 | 'Topic :: Software Development :: Libraries :: Python Modules' 26 | ]) 27 | -------------------------------------------------------------------------------- /test_flask_bouncer/__init__.py: -------------------------------------------------------------------------------- 1 | import nose 2 | 3 | if __name__ == "__main__": 4 | nose.run() -------------------------------------------------------------------------------- /test_flask_bouncer/helpers.py: -------------------------------------------------------------------------------- 1 | from contextlib import contextmanager 2 | from flask import appcontext_pushed, g 3 | 4 | # http://flask.pocoo.org/docs/testing/ 5 | @contextmanager 6 | def user_set(app, user): 7 | def handler(sender, **kwargs): 8 | g.current_user = user 9 | with appcontext_pushed.connected_to(handler, app): 10 | yield 11 | -------------------------------------------------------------------------------- /test_flask_bouncer/models.py: -------------------------------------------------------------------------------- 1 | from random import randint 2 | class User(object): 3 | 4 | def __init__(self, **kwargs): 5 | self.id = kwargs.get('id', randint(1, 10000000000)) 6 | self.name = kwargs['name'] 7 | self.admin = kwargs['admin'] 8 | pass 9 | 10 | @property 11 | def is_admin(self): 12 | return self.admin 13 | 14 | class Article(object): 15 | 16 | def __init__(self, **kwargs): 17 | self.author_id = kwargs['author_id'] 18 | 19 | 20 | class TopSecretFile(object): 21 | pass 22 | -------------------------------------------------------------------------------- /test_flask_bouncer/test_advanced_usage.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | from flask_bouncer import Bouncer, ensure, requires 3 | from bouncer.constants import * 4 | from nose.tools import * 5 | from .models import Article, TopSecretFile, User 6 | from .helpers import user_set 7 | 8 | def test_non_standard_names(): 9 | 10 | app = Flask("advanced") 11 | app.debug = True 12 | bouncer = Bouncer(app) 13 | 14 | @bouncer.authorization_method 15 | def define_authorization(user, they): 16 | they.can('browse', Article) 17 | 18 | @app.route("/articles") 19 | @requires('browse', Article) 20 | def articles_index(): 21 | return "A bunch of articles" 22 | 23 | client = app.test_client() 24 | 25 | jonathan = User(name='jonathan', admin=False) 26 | with user_set(app, jonathan): 27 | resp = client.get('/articles') 28 | eq_(b"A bunch of articles", resp.data) -------------------------------------------------------------------------------- /test_flask_bouncer/test_base.py: -------------------------------------------------------------------------------- 1 | from nose.tools import eq_ 2 | 3 | from flask import Flask 4 | from flask_bouncer import Bouncer 5 | 6 | 7 | def test_base_registration(): 8 | 9 | app = Flask(__name__) 10 | bouncer = Bouncer(app) 11 | 12 | eq_(bouncer.get_app(), app) 13 | 14 | 15 | def test_delayed_init(): 16 | app = Flask(__name__) 17 | bouncer = Bouncer() 18 | bouncer.init_app(app) 19 | 20 | eq_(bouncer.get_app(), app) 21 | -------------------------------------------------------------------------------- /test_flask_bouncer/test_basic_usage.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | from flask_bouncer import Bouncer, ensure, can, requires 3 | from bouncer.constants import * 4 | from nose.tools import * 5 | from .models import Article, TopSecretFile, User 6 | from .helpers import user_set 7 | 8 | app = Flask("basic") 9 | app.debug = True 10 | bouncer = Bouncer(app) 11 | 12 | 13 | @bouncer.authorization_method 14 | def define_authorization(user, they): 15 | 16 | if user.is_admin: 17 | # self.can_manage(ALL) 18 | they.can(MANAGE, ALL) 19 | else: 20 | they.can(READ, Article) 21 | they.can(EDIT, Article, author_id=user.id) 22 | 23 | 24 | @app.route("/") 25 | def hello(): 26 | return "Hello World" 27 | 28 | 29 | @app.route("/articles") 30 | @requires(READ, Article) 31 | def articles_index(): 32 | return "A bunch of articles" 33 | 34 | @app.route("/topsecret") 35 | @requires(READ, TopSecretFile) 36 | def topsecret_index(): 37 | return "A bunch of top secret stuff that only admins should see" 38 | 39 | 40 | @app.route("/article/", methods=['POST']) 41 | def edit_post(post_id): 42 | 43 | # Find an article form a db -- faking for testing 44 | mary = User(name='mary', admin=False) 45 | article = Article(author_id=mary.id) 46 | 47 | # bounce them out if they do not have access 48 | ensure(EDIT, article) 49 | # edit the post 50 | return "successfully edited post" 51 | 52 | 53 | @app.route("/article/", methods=['GET']) 54 | def view_post(post_id): 55 | # Find an article form a db -- faking for testing 56 | mary = User(id=1000, name='mary', admin=False) 57 | article = Article(author_id=mary.id) 58 | 59 | if can(EDIT, article): 60 | return "Click here to edit this article" 61 | else: 62 | return "Look at this pretty article" 63 | 64 | 65 | client = app.test_client() 66 | 67 | def test_default(): 68 | jonathan = User(name='jonathan', admin=False) 69 | with user_set(app, jonathan): 70 | resp = client.get('/') 71 | eq_(b"Hello World", resp.data) 72 | 73 | def test_allowed_index(): 74 | jonathan = User(name='jonathan', admin=False) 75 | with user_set(app, jonathan): 76 | resp = client.get('/articles') 77 | eq_(b"A bunch of articles", resp.data) 78 | 79 | def test_not_allowed_index(): 80 | doug = User(name='doug', admin=False) 81 | with user_set(app, doug): 82 | resp = client.get('/topsecret') 83 | eq_(resp.status_code, 403) 84 | 85 | def test_securing_specific_object(): 86 | doug = User(name='doug', admin=False) 87 | with user_set(app, doug): 88 | resp = client.post('/article/1') 89 | eq_(resp.status_code, 403) 90 | 91 | def test_no_custom_content_for_unauthorized_user(): 92 | doug = User(name='doug', admin=False) 93 | with user_set(app, doug): 94 | resp = client.get('/article/1') 95 | eq_(b"Look at this pretty article", resp.data) 96 | 97 | def test_custom_content_for_authorized_user(): 98 | mary = User(id=1000, name='mary', admin=False) 99 | with user_set(app, mary): 100 | resp = client.get('/article/1') 101 | eq_(b"Click here to edit this article", resp.data) 102 | -------------------------------------------------------------------------------- /test_flask_bouncer/test_blueprints.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, Blueprint 2 | from flask_bouncer import Bouncer, ensure, requires 3 | from bouncer.constants import * 4 | from nose.tools import * 5 | from .models import Article, TopSecretFile, User 6 | from .helpers import user_set 7 | 8 | def test_blueprints(): 9 | app = Flask("blueprints") 10 | app.debug = True 11 | bouncer = Bouncer(app) 12 | 13 | @bouncer.authorization_method 14 | def define_authorization(user, they): 15 | they.can('browse', Article) 16 | 17 | bp = Blueprint('bptest', 'bptest') 18 | 19 | @bp.route("/articles") 20 | @requires('browse', Article) 21 | def articles_index(): 22 | return "A bunch of articles" 23 | 24 | app.register_blueprint(bp) 25 | 26 | client = app.test_client() 27 | 28 | jonathan = User(name='jonathan', admin=False) 29 | with user_set(app, jonathan): 30 | resp = client.get('/articles') 31 | eq_(b"A bunch of articles", resp.data) -------------------------------------------------------------------------------- /test_flask_bouncer/test_classy/__init__.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, url_for 2 | from flask_bouncer import Bouncer, bounce 3 | from test_flask_bouncer.models import Article, User 4 | from test_flask_bouncer.helpers import user_set 5 | from bouncer.constants import * 6 | from .view_classes import ArticleView, OverwrittenView 7 | 8 | from nose.tools import * 9 | 10 | app = Flask("classy") 11 | bouncer = Bouncer(app) 12 | ArticleView.register(app) 13 | 14 | # Which classy views do you want to lock down, you can pass multiple 15 | bouncer.monitor(ArticleView) 16 | 17 | @bouncer.authorization_method 18 | def define_authorization(user, abilities): 19 | 20 | if user.is_admin: 21 | # self.can_manage(ALL) 22 | abilities.append(MANAGE, ALL) 23 | else: 24 | abilities.append([READ, CREATE], Article) 25 | abilities.append(EDIT, Article, author_id=user.id) 26 | 27 | client = app.test_client() 28 | 29 | jonathan = User(name='jonathan', admin=True) 30 | nancy = User(name='nancy', admin=False) 31 | 32 | def test_index(): 33 | 34 | # Admin should be able to view all articles 35 | with user_set(app, jonathan): 36 | resp = client.get("/article/") 37 | eq_(b"Index", resp.data) 38 | 39 | # Non Admin should be able to view all articles 40 | with user_set(app, nancy): 41 | resp = client.get("/article/") 42 | eq_(b"Index", resp.data) 43 | 44 | def test_post(): 45 | # Admin should be able to create articles 46 | # with user_set(app, jonathan): 47 | # resp = client.post("/article/") 48 | # eq_(b"Post", resp.data) 49 | 50 | # Basic Users should be able to create articles 51 | with user_set(app, nancy): 52 | resp = client.post("/article/") 53 | eq_(b"Post", resp.data) 54 | 55 | def test_delete(): 56 | # Admin should be able to delete articles 57 | with user_set(app, jonathan): 58 | resp = client.delete("/article/1234") 59 | eq_(b"Delete 1234", resp.data) 60 | 61 | # Non Admins should NOT be able to delete articles 62 | with user_set(app, nancy): 63 | resp = client.delete("/article/1234") 64 | eq_(resp.status_code, 403) 65 | 66 | def test_get(): 67 | # admins should be able to view 68 | with user_set(app, jonathan): 69 | resp = client.get("/article/1234") 70 | eq_(b"Get 1234", resp.data) 71 | 72 | # Non admins should be able to view 73 | with user_set(app, nancy): 74 | resp = client.get("/article/1234") 75 | eq_(b"Get 1234", resp.data) 76 | 77 | def test_put(): 78 | # admins should be able to view 79 | with user_set(app, jonathan): 80 | resp = client.put("/article/1234") 81 | eq_(b"Put 1234", resp.data) 82 | 83 | def test_patch(): 84 | # admins should be able to view 85 | with user_set(app, jonathan): 86 | resp = client.patch("/article/1234") 87 | eq_(b"Patch 1234", resp.data) 88 | 89 | def test_custom_read_method(): 90 | # admins should be able to view 91 | with user_set(app, jonathan): 92 | resp = client.get("/article/custom_read_method/") 93 | eq_(b"Custom Method", resp.data) 94 | 95 | # Non admins should be able to view 96 | with user_set(app, nancy): 97 | resp = client.get("/article/custom_read_method/") 98 | eq_(b"Custom Method", resp.data) 99 | 100 | def test_overwritten_get(): 101 | app = Flask("overwritten") 102 | bouncer = Bouncer(app) 103 | OverwrittenView.register(app) 104 | 105 | # Which classy views do you want to lock down, you can pass multiple 106 | bouncer.monitor(OverwrittenView) 107 | 108 | @bouncer.authorization_method 109 | def define_authorization(user, abilities): 110 | 111 | if user.is_admin: 112 | # self.can_manage(ALL) 113 | abilities.append(MANAGE, ALL) 114 | else: 115 | abilities.append([READ, CREATE], Article) 116 | abilities.append(EDIT, Article, author_id=user.id) 117 | 118 | client = app.test_client() 119 | 120 | jonathan = User(name='jonathan', admin=True) 121 | nancy = User(name='nancy', admin=False) 122 | 123 | # admins should be able to view 124 | with user_set(app, jonathan): 125 | resp = client.get("/overwritten/1234") 126 | eq_(b"Get 1234", resp.data) 127 | 128 | # Non admins not be able to do this 129 | with user_set(app, nancy): 130 | resp = client.get("/overwritten/1234") 131 | eq_(resp.status_code, 403) 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | -------------------------------------------------------------------------------- /test_flask_bouncer/test_classy/view_classes.py: -------------------------------------------------------------------------------- 1 | from flask_classy import FlaskView, route 2 | from test_flask_bouncer.models import Article 3 | from flask_bouncer import requires 4 | from bouncer.constants import * 5 | 6 | 7 | class ArticleView(FlaskView): 8 | 9 | # Used by Bouncer to know what object you are locking down 10 | # if not explictly set if will try to deduce it from the class name 11 | __target_model__ = Article 12 | 13 | def index(self): 14 | """A docstring for testing that docstrings are set""" 15 | return "Index" 16 | 17 | def get(self, obj_id): 18 | return "Get " + obj_id 19 | 20 | def put(self, id): 21 | return "Put " + id 22 | 23 | def patch(self, id): 24 | return "Patch " + id 25 | 26 | def post(self): 27 | return "Post" 28 | 29 | def delete(self, id): 30 | return "Delete " + id 31 | 32 | @requires(READ, Article) 33 | def custom_read_method(self): 34 | return "Custom Method" 35 | 36 | def custom_method_with_params(self, p_one, p_two): 37 | return "Custom Method %s %s" % (p_one, p_two,) 38 | 39 | @route("/routed/") 40 | def routed_method(self): 41 | return "Routed Method" 42 | 43 | @route("/route1/") 44 | @route("/route2/") 45 | def multi_routed_method(self): 46 | return "Multi Routed Method" 47 | 48 | @route("/noslash") 49 | def no_slash_method(self): 50 | return "No Slash Method" 51 | 52 | @route("/endpoint/", endpoint="basic_endpoint") 53 | def custom_endpoint(self): 54 | return "Custom Endpoint" 55 | 56 | @route("/route3/", methods=['POST']) 57 | def custom_http_method(self): 58 | return "Custom HTTP Method" 59 | 60 | 61 | class OverwrittenView(ArticleView): 62 | 63 | # adding stricker rules on this get 64 | # to test that you can overwrite the default behavior 65 | @requires(DELETE, Article) 66 | def get(self, obj_id): 67 | return "Get " + obj_id -------------------------------------------------------------------------------- /test_flask_bouncer/test_lock_it_down.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | from flask_bouncer import Bouncer, requires, skip_authorization, ensure 3 | from werkzeug.exceptions import Forbidden 4 | from bouncer.constants import * 5 | from nose.tools import * 6 | from .models import Article, User 7 | from .helpers import user_set 8 | 9 | @raises(Forbidden) 10 | def test_lock_it_down_raise_exception(): 11 | 12 | app = Flask("test_lock_it_down_raise_exception") 13 | app.debug = True 14 | bouncer = Bouncer(app, ensure_authorization=True) 15 | 16 | @bouncer.authorization_method 17 | def define_authorization(user, they): 18 | they.can('browse', Article) 19 | 20 | # Non decorated route -- should raise an Forbidden 21 | @app.route("/articles") 22 | def articles_index(): 23 | return "A bunch of articles" 24 | 25 | client = app.test_client() 26 | 27 | jonathan = User(name='jonathan', admin=False) 28 | with user_set(app, jonathan): 29 | resp = client.get('/articles') 30 | 31 | 32 | def test_ensure_and_requires_while_locked_down(): 33 | 34 | app = Flask("test_ensure_and_requires_while_locked_down") 35 | app.debug = True 36 | bouncer = Bouncer(app, ensure_authorization=True) 37 | 38 | 39 | @bouncer.authorization_method 40 | def define_authorization(user, they): 41 | they.can(READ, Article) 42 | they.can(EDIT, Article, author_id=user.id) 43 | 44 | @app.route("/articles") 45 | @requires(READ, Article) 46 | def articles_index(): 47 | return "A bunch of articles" 48 | 49 | @app.route("/article/", methods=['POST']) 50 | def edit_post(post_id): 51 | 52 | # Find an article form a db -- faking for testing 53 | jonathan = User(name='jonathan', admin=False, id=1) 54 | article = Article(author_id=jonathan.id) 55 | 56 | # bounce them out if they do not have access 57 | ensure(EDIT, article) 58 | # edit the post 59 | return "successfully edited post" 60 | 61 | client = app.test_client() 62 | 63 | jonathan = User(name='jonathan', admin=False, id=1) 64 | with user_set(app, jonathan): 65 | resp = client.get('/articles') 66 | eq_(b"A bunch of articles", resp.data) 67 | 68 | resp = client.post('/article/1') 69 | eq_(b"successfully edited post", resp.data) 70 | 71 | 72 | def test_bypass_route(): 73 | 74 | app = Flask("test_lock_it_down_raise_exception") 75 | app.debug = True 76 | bouncer = Bouncer(app, ensure_authorization=True) 77 | 78 | @bouncer.authorization_method 79 | def define_authorization(user, they): 80 | they.can('browse', Article) 81 | 82 | # Non decorated route -- should raise an Forbidden 83 | @app.route("/articles") 84 | @skip_authorization 85 | def articles_index(): 86 | return "A bunch of articles" 87 | 88 | client = app.test_client() 89 | 90 | jonathan = User(name='jonathan', admin=False) 91 | with user_set(app, jonathan): 92 | resp = client.get('/articles') 93 | eq_(b"A bunch of articles", resp.data) 94 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | envlist=pypy,py36,py37,py38 3 | [testenv] 4 | commands=python setup.py test 5 | [testenv:py36] 6 | basepython=python3.6 7 | [testenv:py37] 8 | basepython=python3.7 9 | [testenv:py38] 10 | basepython=python3.8 11 | [testenv:pypy] 12 | basepython=pypy 13 | --------------------------------------------------------------------------------