├── docs ├── .gitignore ├── _themes │ ├── .gitignore │ ├── flask_small │ │ ├── theme.conf │ │ ├── layout.html │ │ └── static │ │ │ └── flasky.css_t │ ├── flask │ │ ├── theme.conf │ │ ├── relations.html │ │ ├── layout.html │ │ └── static │ │ │ └── flasky.css_t │ ├── README │ ├── LICENSE │ └── flask_theme_support.py ├── changelog.rst ├── installation.rst.inc ├── api.rst.inc ├── index.rst ├── Makefile ├── make.bat ├── quickstart.rst.inc └── conf.py ├── requirements.txt ├── .bumpversion.cfg ├── AUTHORS ├── MANIFEST.in ├── Makefile ├── .travis.yml ├── .gitignore ├── CHANGES ├── README.rst ├── LICENSE ├── setup.py ├── flask_rbac ├── model.py └── __init__.py └── test_rbac.py /docs/.gitignore: -------------------------------------------------------------------------------- 1 | _build -------------------------------------------------------------------------------- /docs/_themes/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.pyo 3 | .DS_Store 4 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.2.5 2 | Flask-Login==0.5.0 3 | -------------------------------------------------------------------------------- /docs/changelog.rst: -------------------------------------------------------------------------------- 1 | Change Logs 2 | =========== 3 | 4 | .. include:: ../CHANGES 5 | :start-line: 4 6 | -------------------------------------------------------------------------------- /docs/installation.rst.inc: -------------------------------------------------------------------------------- 1 | Your can use pip to install Flask-RBAC:: 2 | 3 | $ pip install flask-rbac 4 | -------------------------------------------------------------------------------- /.bumpversion.cfg: -------------------------------------------------------------------------------- 1 | [bumpversion] 2 | files = setup.py 3 | tag = True 4 | commit = True 5 | current_version = 0.5.0 6 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Author & Contributor 2 | ==================== 3 | 4 | - Yaoda Liu 5 | - tonyseek 6 | - lixxu 7 | - aurigadl 8 | - trendsetter37 9 | - hieuvo 10 | - carlosgalvez-tiendeo 11 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = basic 3 | stylesheet = flasky.css 4 | nosidebar = true 5 | pygments_style = flask_theme_support.FlaskyStyle 6 | 7 | [options] 8 | github_fork = shonenada/flask-rbac 9 | -------------------------------------------------------------------------------- /docs/_themes/flask/theme.conf: -------------------------------------------------------------------------------- 1 | [theme] 2 | inherit = basic 3 | stylesheet = flasky.css 4 | pygments_style = flask_theme_support.FlaskyStyle 5 | 6 | [options] 7 | index_logo = '' 8 | index_logo_height = 120px 9 | touch_icon = 10 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.rst AUTHORS CHANGES LICENSE Makefile test_rbac.py 2 | recursive-include docs *.html *.css *.jpg *.png *.gif 3 | recursive-exclude docs *.pyc 4 | recursive-exclude docs *.pyo 5 | recursive-exclude ./ *.pyc 6 | recursive-exclude ./ *.pyo 7 | prune docs/_build -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: clean test 2 | 3 | clean: 4 | @find . -name '*.pyc' -exec rm -f {} + 5 | @find . -name '*.pyo' -exec rm -f {} + 6 | @find . '.coverage' -exec rm -f {} 7 | 8 | test: 9 | @nosetests 10 | 11 | coverage: 12 | @nosetests --with-coverage --cover-package=flask_rbac 13 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | 3 | python: 4 | - "3.6" 5 | - "3.7" 6 | - "3.8" 7 | - "3.9" 8 | 9 | # command to install dependencies 10 | install: 11 | - pip install -r requirements.txt 12 | - pip install coveralls 13 | 14 | # command to run tests 15 | script: 16 | - nosetests 17 | - coverage run --source=flask_rbac setup.py -q nosetests 18 | 19 | after_success: 20 | - coveralls 21 | -------------------------------------------------------------------------------- /docs/api.rst.inc: -------------------------------------------------------------------------------- 1 | Flask.ext.rbac.RBAC 2 | -------------- 3 | 4 | .. autoclass:: flask_rbac.__init__.RBAC 5 | :members: 6 | :inherited-members: 7 | 8 | 9 | Flask.ext.rbac.model.RoleMixin 10 | ------------------------------ 11 | 12 | .. autoclass:: flask_rbac.model.RoleMixin 13 | :members: 14 | :inherited-members: 15 | 16 | 17 | Flask.ext.rbac.model.UserMixin 18 | ------------------------------ 19 | 20 | .. autoclass:: flask_rbac.model.UserMixin 21 | :members: 22 | :inherited-members: 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.py[cod] 2 | 3 | # C extensions 4 | *.so 5 | 6 | # Packages 7 | *.egg 8 | *.egg-info 9 | dist 10 | build 11 | eggs 12 | parts 13 | bin 14 | var 15 | sdist 16 | develop-eggs 17 | .installed.cfg 18 | lib 19 | lib64 20 | __pycache__ 21 | 22 | # Installer logs 23 | pip-log.txt 24 | 25 | # Unit test / coverage reports 26 | .coverage 27 | .tox 28 | nosetests.xml 29 | 30 | # Translations 31 | *.mo 32 | 33 | # Mr Developer 34 | .mr.developer.cfg 35 | .project 36 | .pydevproject 37 | 38 | # IDE 39 | .vscode 40 | -------------------------------------------------------------------------------- /docs/_themes/flask/relations.html: -------------------------------------------------------------------------------- 1 |

Related Topics

2 | 20 | -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- 1 | ========== 2 | Flask-RBAC 3 | ========== 4 | 5 | Flask-RBAC provides a Role-based Access Control module in Flask applications. 6 | It can help you to control different role of users to access your website. 7 | 8 | .. contents:: 9 | :local: 10 | :backlinks: none 11 | 12 | 13 | Installation 14 | ============ 15 | 16 | .. include:: installation.rst.inc 17 | 18 | 19 | Quick Start 20 | =========== 21 | 22 | .. include:: quickstart.rst.inc 23 | 24 | 25 | API Reference 26 | ============== 27 | 28 | .. include:: api.rst.inc 29 | 30 | 31 | Release Changes 32 | =============== 33 | 34 | .. toctree:: 35 | :maxdepth: 2 36 | 37 | changelog 38 | 39 | 40 | Author & Contributor 41 | ==================== 42 | 43 | .. include:: ../AUTHORS 44 | :start-line: 2 45 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "basic/layout.html" %} 2 | {% block header %} 3 | {{ super() }} 4 | {% if pagename == 'index' %} 5 |
6 | {% endif %} 7 | {% endblock %} 8 | {% block footer %} 9 | {% if pagename == 'index' %} 10 |
11 | {% endif %} 12 | {% endblock %} 13 | {# do not display relbars #} 14 | {% block relbar1 %}{% endblock %} 15 | {% block relbar2 %} 16 | {% if theme_github_fork %} 17 | Fork me on GitHub 19 | {% endif %} 20 | {% endblock %} 21 | {% block sidebar1 %}{% endblock %} 22 | {% block sidebar2 %}{% endblock %} 23 | -------------------------------------------------------------------------------- /docs/_themes/flask/layout.html: -------------------------------------------------------------------------------- 1 | {%- extends "basic/layout.html" %} 2 | {%- block extrahead %} 3 | {{ super() }} 4 | {% if theme_touch_icon %} 5 | 6 | {% endif %} 7 | 8 | {% endblock %} 9 | {%- block relbar2 %}{% endblock %} 10 | {% block header %} 11 | {{ super() }} 12 | {% if pagename == 'index' %} 13 |
14 | {% endif %} 15 | {% endblock %} 16 | {%- block footer %} 17 |
18 | © Copyright {{ copyright }}. 19 | Created using Sphinx. 20 |
21 | {% if pagename == 'index' %} 22 |
23 | {% endif %} 24 | {%- endblock %} 25 | -------------------------------------------------------------------------------- /CHANGES: -------------------------------------------------------------------------------- 1 | Flask-RBAC Changelog 2 | ==================== 3 | 4 | Release 0.5.0 (Jun 8, 2021) 5 | --------------------------- 6 | 7 | - Introduce `endpoint` in `allow` and `deny` methods. 8 | - Deprecate Python2.x, upgrade to Python3.x 9 | 10 | Release 0.4.0 (Dec 8, 2020) 11 | --------------------------- 12 | 13 | - Improve performance of `_check_permission`. 14 | 15 | Release 0.3.0 (Mar 13, 2017) 16 | --------------------------- 17 | 18 | - Fix `AnonymouseUserMixin` 19 | 20 | Release 0.2.1 (Apr 4, 2014) 21 | --------------------------- 22 | (Thanks suggestion from tonyseek) 23 | 24 | - Make flask.ext.login.current_user to be default user. 25 | - Add `as_role_model` and `as_user_model` decorator to set role and user model. 26 | 27 | Release 0.2.0 (Jan 31, 2014) 28 | ---------------------------- 29 | 30 | - Add `exempt` method. 31 | 32 | 33 | Release 0.1.0 (Jan 27, 2014) 34 | ---------------------------- 35 | 36 | - First public release. 37 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | |Build Status| |Coverage Status| |PyPI Version| 2 | 3 | Flask-RBAC 4 | ========== 5 | 6 | Adds RBAC support to Flask 7 | 8 | 9 | Installation 10 | ------------ 11 | 12 | :: 13 | 14 | $ pip install flask-rbac 15 | 16 | 17 | Links 18 | ----- 19 | 20 | - `Document `_ 21 | - `Issue Track `_ 22 | 23 | 24 | Contributes 25 | ----------- 26 | 27 | You can send a pull request on 28 | `GitHub `_. 29 | 30 | 31 | .. |Build Status| image:: https://travis-ci.org/shonenada/flask-rbac.png?branch=develop 32 | :target: https://travis-ci.org/shonenada/flask-rbac 33 | .. |Coverage Status| image:: https://coveralls.io/repos/shonenada/flask-rbac/badge.png?branch=develop 34 | :target: https://coveralls.io/r/shonenada/flask-rbac 35 | .. |PyPI Version| image:: https://img.shields.io/pypi/v/flask-rbac.svg?style=flat 36 | :target: https://pypi.python.org/pypi/flask-rbac 37 | :alt: PyPI Version 38 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2013 shonenada 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), 7 | to deal in the Software without restriction, including without limitation 8 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | and/or sell copies of the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | -------------------------------------------------------------------------------- /docs/_themes/README: -------------------------------------------------------------------------------- 1 | Flask Sphinx Styles 2 | =================== 3 | 4 | This repository contains sphinx styles for Flask and Flask related 5 | projects. To use this style in your Sphinx documentation, follow 6 | this guide: 7 | 8 | 1. put this folder as _themes into your docs folder. Alternatively 9 | you can also use git submodules to check out the contents there. 10 | 2. add this to your conf.py: 11 | 12 | sys.path.append(os.path.abspath('_themes')) 13 | html_theme_path = ['_themes'] 14 | html_theme = 'flask' 15 | 16 | The following themes exist: 17 | 18 | - 'flask' - the standard flask documentation theme for large 19 | projects 20 | - 'flask_small' - small one-page theme. Intended to be used by 21 | very small addon libraries for flask. 22 | 23 | The following options exist for the flask_small theme: 24 | 25 | [options] 26 | index_logo = '' filename of a picture in _static 27 | to be used as replacement for the 28 | h1 in the index.rst file. 29 | index_logo_height = 120px height of the index logo 30 | github_fork = '' repository name on github for the 31 | "fork me" badge 32 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import setup, find_packages 2 | from os.path import dirname, realpath, join 3 | 4 | CURRENT_DIR = dirname(realpath(__file__)) 5 | 6 | with open(join(CURRENT_DIR, "README.rst")) as long_description_file: 7 | long_description = long_description_file.read() 8 | 9 | 10 | setup( 11 | name="Flask-RBAC", 12 | version="0.5.0", 13 | url="https://github.com/shonenada/flask-rbac", 14 | author="Yaoda Liu", 15 | author_email="shonenada@gmail.com", 16 | description="RBAC support for Flask", 17 | long_description=long_description, 18 | zip_safe=False, 19 | packages=find_packages(exclude=["docs"]), 20 | include_package_data=True, 21 | platforms="any", 22 | install_requires=["Flask>=0.10"], 23 | classifiers=[ 24 | "Framework :: Flask", 25 | "Environment :: Web Environment", 26 | "License :: OSI Approved :: MIT License", 27 | "Operating System :: OS Independent", 28 | "Programming Language :: Python", 29 | "Programming Language :: Python :: 3", 30 | "Development Status :: 3 - Alpha", 31 | "Intended Audience :: Developers", 32 | "Topic :: Internet :: WWW/HTTP :: Dynamic Content", 33 | ] 34 | ) 35 | -------------------------------------------------------------------------------- /docs/_themes/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2010 by Armin Ronacher. 2 | 3 | Some rights reserved. 4 | 5 | Redistribution and use in source and binary forms of the theme, with or 6 | without modification, are permitted provided that the following conditions 7 | are met: 8 | 9 | * Redistributions of source code must retain the above copyright 10 | notice, this list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above 13 | copyright notice, this list of conditions and the following 14 | disclaimer in the documentation and/or other materials provided 15 | with the distribution. 16 | 17 | * The names of the contributors may not be used to endorse or 18 | promote products derived from this software without specific 19 | prior written permission. 20 | 21 | We kindly ask you to only use these themes in an unmodified manner just 22 | for Flask and Flask-related products, not for unrelated projects. If you 23 | like the visual style and want to use it for your own projects, please 24 | consider making some larger changes to the themes (such as changing 25 | font faces, sizes, colors or margins). 26 | 27 | THIS THEME IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 28 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 | ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 31 | LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 32 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 33 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 34 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 35 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 36 | ARISING IN ANY WAY OUT OF THE USE OF THIS THEME, EVEN IF ADVISED OF THE 37 | POSSIBILITY OF SUCH DAMAGE. 38 | -------------------------------------------------------------------------------- /flask_rbac/model.py: -------------------------------------------------------------------------------- 1 | class RoleMixin(object): 2 | """This provides implementations for the methods that Flask-RBAC wants 3 | the role model to have. 4 | 5 | :param name: The name of role. 6 | """ 7 | 8 | roles = {} 9 | 10 | def __init__(self, name=None): 11 | self.name = name 12 | if not hasattr(self.__class__, 'parents'): 13 | self.parents = set() 14 | if not hasattr(self.__class__, 'children'): 15 | self.children = set() 16 | RoleMixin.roles[name] = self 17 | 18 | def get_name(self): 19 | """Return the name of this role""" 20 | return self.name 21 | 22 | def add_parent(self, parent): 23 | """Add a parent to this role, 24 | and add role itself to the parent's children set. 25 | you should override this function if neccessary. 26 | 27 | Example:: 28 | 29 | logged_user = RoleMixin('logged_user') 30 | student = RoleMixin('student') 31 | student.add_parent(logged_user) 32 | 33 | :param parent: Parent role to add in. 34 | """ 35 | parent.children.add(self) 36 | self.parents.add(parent) 37 | 38 | def add_parents(self, *parents): 39 | """Add parents to this role. Also should override if neccessary. 40 | Example:: 41 | 42 | editor_of_articles = RoleMixin('editor_of_articles') 43 | editor_of_photonews = RoleMixin('editor_of_photonews') 44 | editor_of_all = RoleMixin('editor_of_all') 45 | editor_of_all.add_parents(editor_of_articles, editor_of_photonews) 46 | 47 | :param parents: Parents to add. 48 | """ 49 | for parent in parents: 50 | self.add_parent(parent) 51 | 52 | def get_parents(self): 53 | for parent in self.parents: 54 | yield parent 55 | for grandparent in parent.get_parents(): 56 | yield grandparent 57 | 58 | def get_children(self): 59 | for child in self.children: 60 | yield child 61 | for grandchild in child.get_children(): 62 | yield grandchild 63 | 64 | @staticmethod 65 | def get_by_name(name): 66 | """A static method to return the role which has the input name. 67 | 68 | :param name: The name of role. 69 | """ 70 | return RoleMixin.roles.get(name) 71 | 72 | @classmethod 73 | def get_all(cls): 74 | """Return all existing roles 75 | """ 76 | return cls.roles 77 | 78 | 79 | class UserMixin(object): 80 | """This provides implementations for the methods that Flask-RBAC wants 81 | the user model to have. 82 | 83 | :param roles: The roles of this user should have. 84 | """ 85 | 86 | def __init__(self, roles=[]): 87 | self.roles = set(roles) 88 | 89 | def add_role(self, role): 90 | """Add a role to this user. 91 | 92 | :param role: Role to add. 93 | """ 94 | self.roles.add(role) 95 | 96 | def add_roles(self, *roles): 97 | """Add roles to this user. 98 | 99 | :param roles: Roles to add. 100 | """ 101 | for role in roles: 102 | self.add_role(role) 103 | 104 | def get_roles(self): 105 | for role in self.roles: 106 | yield role 107 | 108 | 109 | anonymous = RoleMixin('anonymous') 110 | -------------------------------------------------------------------------------- /docs/_themes/flask_theme_support.py: -------------------------------------------------------------------------------- 1 | # flasky extensions. flasky pygments style based on tango style 2 | from pygments.style import Style 3 | from pygments.token import Keyword, Name, Comment, String, Error, \ 4 | Number, Operator, Generic, Whitespace, Punctuation, Other, Literal 5 | 6 | 7 | class FlaskyStyle(Style): 8 | background_color = "#f8f8f8" 9 | default_style = "" 10 | 11 | styles = { 12 | # No corresponding class for the following: 13 | #Text: "", # class: '' 14 | Whitespace: "underline #f8f8f8", # class: 'w' 15 | Error: "#a40000 border:#ef2929", # class: 'err' 16 | Other: "#000000", # class 'x' 17 | 18 | Comment: "italic #8f5902", # class: 'c' 19 | Comment.Preproc: "noitalic", # class: 'cp' 20 | 21 | Keyword: "bold #004461", # class: 'k' 22 | Keyword.Constant: "bold #004461", # class: 'kc' 23 | Keyword.Declaration: "bold #004461", # class: 'kd' 24 | Keyword.Namespace: "bold #004461", # class: 'kn' 25 | Keyword.Pseudo: "bold #004461", # class: 'kp' 26 | Keyword.Reserved: "bold #004461", # class: 'kr' 27 | Keyword.Type: "bold #004461", # class: 'kt' 28 | 29 | Operator: "#582800", # class: 'o' 30 | Operator.Word: "bold #004461", # class: 'ow' - like keywords 31 | 32 | Punctuation: "bold #000000", # class: 'p' 33 | 34 | # because special names such as Name.Class, Name.Function, etc. 35 | # are not recognized as such later in the parsing, we choose them 36 | # to look the same as ordinary variables. 37 | Name: "#000000", # class: 'n' 38 | Name.Attribute: "#c4a000", # class: 'na' - to be revised 39 | Name.Builtin: "#004461", # class: 'nb' 40 | Name.Builtin.Pseudo: "#3465a4", # class: 'bp' 41 | Name.Class: "#000000", # class: 'nc' - to be revised 42 | Name.Constant: "#000000", # class: 'no' - to be revised 43 | Name.Decorator: "#888", # class: 'nd' - to be revised 44 | Name.Entity: "#ce5c00", # class: 'ni' 45 | Name.Exception: "bold #cc0000", # class: 'ne' 46 | Name.Function: "#000000", # class: 'nf' 47 | Name.Property: "#000000", # class: 'py' 48 | Name.Label: "#f57900", # class: 'nl' 49 | Name.Namespace: "#000000", # class: 'nn' - to be revised 50 | Name.Other: "#000000", # class: 'nx' 51 | Name.Tag: "bold #004461", # class: 'nt' - like a keyword 52 | Name.Variable: "#000000", # class: 'nv' - to be revised 53 | Name.Variable.Class: "#000000", # class: 'vc' - to be revised 54 | Name.Variable.Global: "#000000", # class: 'vg' - to be revised 55 | Name.Variable.Instance: "#000000", # class: 'vi' - to be revised 56 | 57 | Number: "#990000", # class: 'm' 58 | 59 | Literal: "#000000", # class: 'l' 60 | Literal.Date: "#000000", # class: 'ld' 61 | 62 | String: "#4e9a06", # class: 's' 63 | String.Backtick: "#4e9a06", # class: 'sb' 64 | String.Char: "#4e9a06", # class: 'sc' 65 | String.Doc: "italic #8f5902", # class: 'sd' - like a comment 66 | String.Double: "#4e9a06", # class: 's2' 67 | String.Escape: "#4e9a06", # class: 'se' 68 | String.Heredoc: "#4e9a06", # class: 'sh' 69 | String.Interpol: "#4e9a06", # class: 'si' 70 | String.Other: "#4e9a06", # class: 'sx' 71 | String.Regex: "#4e9a06", # class: 'sr' 72 | String.Single: "#4e9a06", # class: 's1' 73 | String.Symbol: "#4e9a06", # class: 'ss' 74 | 75 | Generic: "#000000", # class: 'g' 76 | Generic.Deleted: "#a40000", # class: 'gd' 77 | Generic.Emph: "italic #000000", # class: 'ge' 78 | Generic.Error: "#ef2929", # class: 'gr' 79 | Generic.Heading: "bold #000080", # class: 'gh' 80 | Generic.Inserted: "#00A000", # class: 'gi' 81 | Generic.Output: "#888", # class: 'go' 82 | Generic.Prompt: "#745334", # class: 'gp' 83 | Generic.Strong: "bold #000000", # class: 'gs' 84 | Generic.Subheading: "bold #800080", # class: 'gu' 85 | Generic.Traceback: "bold #a40000", # class: 'gt' 86 | } 87 | -------------------------------------------------------------------------------- /docs/_themes/flask_small/static/flasky.css_t: -------------------------------------------------------------------------------- 1 | /* 2 | * flasky.css_t 3 | * ~~~~~~~~~~~~ 4 | * 5 | * Sphinx stylesheet -- flasky theme based on nature theme. 6 | * 7 | * :copyright: Copyright 2007-2010 by the Sphinx team, see AUTHORS. 8 | * :license: BSD, see LICENSE for details. 9 | * 10 | */ 11 | 12 | @import url("basic.css"); 13 | 14 | /* -- page layout ----------------------------------------------------------- */ 15 | 16 | body { 17 | font-family: 'Georgia', serif; 18 | font-size: 17px; 19 | color: #000; 20 | background: white; 21 | margin: 0; 22 | padding: 0; 23 | } 24 | 25 | div.documentwrapper { 26 | float: left; 27 | width: 100%; 28 | } 29 | 30 | div.bodywrapper { 31 | margin: 40px auto 0 auto; 32 | width: 700px; 33 | } 34 | 35 | hr { 36 | border: 1px solid #B1B4B6; 37 | } 38 | 39 | div.body { 40 | background-color: #ffffff; 41 | color: #3E4349; 42 | padding: 0 30px 30px 30px; 43 | } 44 | 45 | img.floatingflask { 46 | padding: 0 0 10px 10px; 47 | float: right; 48 | } 49 | 50 | div.footer { 51 | text-align: right; 52 | color: #888; 53 | padding: 10px; 54 | font-size: 14px; 55 | width: 650px; 56 | margin: 0 auto 40px auto; 57 | } 58 | 59 | div.footer a { 60 | color: #888; 61 | text-decoration: underline; 62 | } 63 | 64 | div.related { 65 | line-height: 32px; 66 | color: #888; 67 | } 68 | 69 | div.related ul { 70 | padding: 0 0 0 10px; 71 | } 72 | 73 | div.related a { 74 | color: #444; 75 | } 76 | 77 | /* -- body styles ----------------------------------------------------------- */ 78 | 79 | a { 80 | color: #004B6B; 81 | text-decoration: underline; 82 | } 83 | 84 | a:hover { 85 | color: #6D4100; 86 | text-decoration: underline; 87 | } 88 | 89 | div.body { 90 | padding-bottom: 40px; /* saved for footer */ 91 | } 92 | 93 | div.body h1, 94 | div.body h2, 95 | div.body h3, 96 | div.body h4, 97 | div.body h5, 98 | div.body h6 { 99 | font-family: 'Garamond', 'Georgia', serif; 100 | font-weight: normal; 101 | margin: 30px 0px 10px 0px; 102 | padding: 0; 103 | } 104 | 105 | {% if theme_index_logo %} 106 | div.indexwrapper h1 { 107 | text-indent: -999999px; 108 | background: url({{ theme_index_logo }}) no-repeat center center; 109 | height: {{ theme_index_logo_height }}; 110 | } 111 | {% endif %} 112 | 113 | div.body h2 { font-size: 180%; } 114 | div.body h3 { font-size: 150%; } 115 | div.body h4 { font-size: 130%; } 116 | div.body h5 { font-size: 100%; } 117 | div.body h6 { font-size: 100%; } 118 | 119 | a.headerlink { 120 | color: white; 121 | padding: 0 4px; 122 | text-decoration: none; 123 | } 124 | 125 | a.headerlink:hover { 126 | color: #444; 127 | background: #eaeaea; 128 | } 129 | 130 | div.body p, div.body dd, div.body li { 131 | line-height: 1.4em; 132 | } 133 | 134 | div.admonition { 135 | background: #fafafa; 136 | margin: 20px -30px; 137 | padding: 10px 30px; 138 | border-top: 1px solid #ccc; 139 | border-bottom: 1px solid #ccc; 140 | } 141 | 142 | div.admonition p.admonition-title { 143 | font-family: 'Garamond', 'Georgia', serif; 144 | font-weight: normal; 145 | font-size: 24px; 146 | margin: 0 0 10px 0; 147 | padding: 0; 148 | line-height: 1; 149 | } 150 | 151 | div.admonition p.last { 152 | margin-bottom: 0; 153 | } 154 | 155 | div.highlight{ 156 | background-color: white; 157 | } 158 | 159 | dt:target, .highlight { 160 | background: #FAF3E8; 161 | } 162 | 163 | div.note { 164 | background-color: #eee; 165 | border: 1px solid #ccc; 166 | } 167 | 168 | div.seealso { 169 | background-color: #ffc; 170 | border: 1px solid #ff6; 171 | } 172 | 173 | div.topic { 174 | background-color: #eee; 175 | } 176 | 177 | div.warning { 178 | background-color: #ffe4e4; 179 | border: 1px solid #f66; 180 | } 181 | 182 | p.admonition-title { 183 | display: inline; 184 | } 185 | 186 | p.admonition-title:after { 187 | content: ":"; 188 | } 189 | 190 | pre, tt { 191 | font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace; 192 | font-size: 0.85em; 193 | } 194 | 195 | img.screenshot { 196 | } 197 | 198 | tt.descname, tt.descclassname { 199 | font-size: 0.95em; 200 | } 201 | 202 | tt.descname { 203 | padding-right: 0.08em; 204 | } 205 | 206 | img.screenshot { 207 | -moz-box-shadow: 2px 2px 4px #eee; 208 | -webkit-box-shadow: 2px 2px 4px #eee; 209 | box-shadow: 2px 2px 4px #eee; 210 | } 211 | 212 | table.docutils { 213 | border: 1px solid #888; 214 | -moz-box-shadow: 2px 2px 4px #eee; 215 | -webkit-box-shadow: 2px 2px 4px #eee; 216 | box-shadow: 2px 2px 4px #eee; 217 | } 218 | 219 | table.docutils td, table.docutils th { 220 | border: 1px solid #888; 221 | padding: 0.25em 0.7em; 222 | } 223 | 224 | table.field-list, table.footnote { 225 | border: none; 226 | -moz-box-shadow: none; 227 | -webkit-box-shadow: none; 228 | box-shadow: none; 229 | } 230 | 231 | table.footnote { 232 | margin: 15px 0; 233 | width: 100%; 234 | border: 1px solid #eee; 235 | } 236 | 237 | table.field-list th { 238 | padding: 0 0.8em 0 0; 239 | } 240 | 241 | table.field-list td { 242 | padding: 0; 243 | } 244 | 245 | table.footnote td { 246 | padding: 0.5em; 247 | } 248 | 249 | dl { 250 | margin: 0; 251 | padding: 0; 252 | } 253 | 254 | dl dd { 255 | margin-left: 30px; 256 | } 257 | 258 | pre { 259 | padding: 0; 260 | margin: 15px -30px; 261 | padding: 8px; 262 | line-height: 1.3em; 263 | padding: 7px 30px; 264 | background: #eee; 265 | border-radius: 2px; 266 | -moz-border-radius: 2px; 267 | -webkit-border-radius: 2px; 268 | } 269 | 270 | dl pre { 271 | margin-left: -60px; 272 | padding-left: 60px; 273 | } 274 | 275 | tt { 276 | background-color: #ecf0f3; 277 | color: #222; 278 | /* padding: 1px 2px; */ 279 | } 280 | 281 | tt.xref, a tt { 282 | background-color: #FBFBFB; 283 | } 284 | 285 | a:hover tt { 286 | background: #EEE; 287 | } 288 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | PAPER = 8 | BUILDDIR = _build 9 | 10 | # User-friendly check for sphinx-build 11 | ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) 12 | $(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) 13 | endif 14 | 15 | # Internal variables. 16 | PAPEROPT_a4 = -D latex_paper_size=a4 17 | PAPEROPT_letter = -D latex_paper_size=letter 18 | ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 19 | # the i18n builder cannot share the environment and doctrees with the others 20 | I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . 21 | 22 | .PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext 23 | 24 | help: 25 | @echo "Please use \`make ' where is one of" 26 | @echo " html to make standalone HTML files" 27 | @echo " dirhtml to make HTML files named index.html in directories" 28 | @echo " singlehtml to make a single large HTML file" 29 | @echo " pickle to make pickle files" 30 | @echo " json to make JSON files" 31 | @echo " htmlhelp to make HTML files and a HTML help project" 32 | @echo " qthelp to make HTML files and a qthelp project" 33 | @echo " devhelp to make HTML files and a Devhelp project" 34 | @echo " epub to make an epub" 35 | @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" 36 | @echo " latexpdf to make LaTeX files and run them through pdflatex" 37 | @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" 38 | @echo " text to make text files" 39 | @echo " man to make manual pages" 40 | @echo " texinfo to make Texinfo files" 41 | @echo " info to make Texinfo files and run them through makeinfo" 42 | @echo " gettext to make PO message catalogs" 43 | @echo " changes to make an overview of all changed/added/deprecated items" 44 | @echo " xml to make Docutils-native XML files" 45 | @echo " pseudoxml to make pseudoxml-XML files for display purposes" 46 | @echo " linkcheck to check all external links for integrity" 47 | @echo " doctest to run all doctests embedded in the documentation (if enabled)" 48 | 49 | clean: 50 | rm -rf $(BUILDDIR)/* 51 | 52 | html: 53 | $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html 54 | @echo 55 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." 56 | 57 | dirhtml: 58 | $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml 59 | @echo 60 | @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." 61 | 62 | singlehtml: 63 | $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml 64 | @echo 65 | @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." 66 | 67 | pickle: 68 | $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle 69 | @echo 70 | @echo "Build finished; now you can process the pickle files." 71 | 72 | json: 73 | $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json 74 | @echo 75 | @echo "Build finished; now you can process the JSON files." 76 | 77 | htmlhelp: 78 | $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp 79 | @echo 80 | @echo "Build finished; now you can run HTML Help Workshop with the" \ 81 | ".hhp project file in $(BUILDDIR)/htmlhelp." 82 | 83 | qthelp: 84 | $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp 85 | @echo 86 | @echo "Build finished; now you can run "qcollectiongenerator" with the" \ 87 | ".qhcp project file in $(BUILDDIR)/qthelp, like this:" 88 | @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Flask-RBAC.qhcp" 89 | @echo "To view the help file:" 90 | @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Flask-RBAC.qhc" 91 | 92 | devhelp: 93 | $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp 94 | @echo 95 | @echo "Build finished." 96 | @echo "To view the help file:" 97 | @echo "# mkdir -p $$HOME/.local/share/devhelp/Flask-RBAC" 98 | @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Flask-RBAC" 99 | @echo "# devhelp" 100 | 101 | epub: 102 | $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub 103 | @echo 104 | @echo "Build finished. The epub file is in $(BUILDDIR)/epub." 105 | 106 | latex: 107 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 108 | @echo 109 | @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." 110 | @echo "Run \`make' in that directory to run these through (pdf)latex" \ 111 | "(use \`make latexpdf' here to do that automatically)." 112 | 113 | latexpdf: 114 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 115 | @echo "Running LaTeX files through pdflatex..." 116 | $(MAKE) -C $(BUILDDIR)/latex all-pdf 117 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 118 | 119 | latexpdfja: 120 | $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex 121 | @echo "Running LaTeX files through platex and dvipdfmx..." 122 | $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja 123 | @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." 124 | 125 | text: 126 | $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text 127 | @echo 128 | @echo "Build finished. The text files are in $(BUILDDIR)/text." 129 | 130 | man: 131 | $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man 132 | @echo 133 | @echo "Build finished. The manual pages are in $(BUILDDIR)/man." 134 | 135 | texinfo: 136 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 137 | @echo 138 | @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." 139 | @echo "Run \`make' in that directory to run these through makeinfo" \ 140 | "(use \`make info' here to do that automatically)." 141 | 142 | info: 143 | $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo 144 | @echo "Running Texinfo files through makeinfo..." 145 | make -C $(BUILDDIR)/texinfo info 146 | @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." 147 | 148 | gettext: 149 | $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale 150 | @echo 151 | @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." 152 | 153 | changes: 154 | $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes 155 | @echo 156 | @echo "The overview file is in $(BUILDDIR)/changes." 157 | 158 | linkcheck: 159 | $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck 160 | @echo 161 | @echo "Link check complete; look for any errors in the above output " \ 162 | "or in $(BUILDDIR)/linkcheck/output.txt." 163 | 164 | doctest: 165 | $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest 166 | @echo "Testing of doctests in the sources finished, look at the " \ 167 | "results in $(BUILDDIR)/doctest/output.txt." 168 | 169 | xml: 170 | $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml 171 | @echo 172 | @echo "Build finished. The XML files are in $(BUILDDIR)/xml." 173 | 174 | pseudoxml: 175 | $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml 176 | @echo 177 | @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." 178 | -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- 1 | @ECHO OFF 2 | 3 | REM Command file for Sphinx documentation 4 | 5 | if "%SPHINXBUILD%" == "" ( 6 | set SPHINXBUILD=sphinx-build 7 | ) 8 | set BUILDDIR=_build 9 | set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% . 10 | set I18NSPHINXOPTS=%SPHINXOPTS% . 11 | if NOT "%PAPER%" == "" ( 12 | set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS% 13 | set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS% 14 | ) 15 | 16 | if "%1" == "" goto help 17 | 18 | if "%1" == "help" ( 19 | :help 20 | echo.Please use `make ^` where ^ is one of 21 | echo. html to make standalone HTML files 22 | echo. dirhtml to make HTML files named index.html in directories 23 | echo. singlehtml to make a single large HTML file 24 | echo. pickle to make pickle files 25 | echo. json to make JSON files 26 | echo. htmlhelp to make HTML files and a HTML help project 27 | echo. qthelp to make HTML files and a qthelp project 28 | echo. devhelp to make HTML files and a Devhelp project 29 | echo. epub to make an epub 30 | echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter 31 | echo. text to make text files 32 | echo. man to make manual pages 33 | echo. texinfo to make Texinfo files 34 | echo. gettext to make PO message catalogs 35 | echo. changes to make an overview over all changed/added/deprecated items 36 | echo. xml to make Docutils-native XML files 37 | echo. pseudoxml to make pseudoxml-XML files for display purposes 38 | echo. linkcheck to check all external links for integrity 39 | echo. doctest to run all doctests embedded in the documentation if enabled 40 | goto end 41 | ) 42 | 43 | if "%1" == "clean" ( 44 | for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i 45 | del /q /s %BUILDDIR%\* 46 | goto end 47 | ) 48 | 49 | 50 | %SPHINXBUILD% 2> nul 51 | if errorlevel 9009 ( 52 | echo. 53 | echo.The 'sphinx-build' command was not found. Make sure you have Sphinx 54 | echo.installed, then set the SPHINXBUILD environment variable to point 55 | echo.to the full path of the 'sphinx-build' executable. Alternatively you 56 | echo.may add the Sphinx directory to PATH. 57 | echo. 58 | echo.If you don't have Sphinx installed, grab it from 59 | echo.http://sphinx-doc.org/ 60 | exit /b 1 61 | ) 62 | 63 | if "%1" == "html" ( 64 | %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html 65 | if errorlevel 1 exit /b 1 66 | echo. 67 | echo.Build finished. The HTML pages are in %BUILDDIR%/html. 68 | goto end 69 | ) 70 | 71 | if "%1" == "dirhtml" ( 72 | %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml 73 | if errorlevel 1 exit /b 1 74 | echo. 75 | echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml. 76 | goto end 77 | ) 78 | 79 | if "%1" == "singlehtml" ( 80 | %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml 81 | if errorlevel 1 exit /b 1 82 | echo. 83 | echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml. 84 | goto end 85 | ) 86 | 87 | if "%1" == "pickle" ( 88 | %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle 89 | if errorlevel 1 exit /b 1 90 | echo. 91 | echo.Build finished; now you can process the pickle files. 92 | goto end 93 | ) 94 | 95 | if "%1" == "json" ( 96 | %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json 97 | if errorlevel 1 exit /b 1 98 | echo. 99 | echo.Build finished; now you can process the JSON files. 100 | goto end 101 | ) 102 | 103 | if "%1" == "htmlhelp" ( 104 | %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp 105 | if errorlevel 1 exit /b 1 106 | echo. 107 | echo.Build finished; now you can run HTML Help Workshop with the ^ 108 | .hhp project file in %BUILDDIR%/htmlhelp. 109 | goto end 110 | ) 111 | 112 | if "%1" == "qthelp" ( 113 | %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp 114 | if errorlevel 1 exit /b 1 115 | echo. 116 | echo.Build finished; now you can run "qcollectiongenerator" with the ^ 117 | .qhcp project file in %BUILDDIR%/qthelp, like this: 118 | echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Flask-RBAC.qhcp 119 | echo.To view the help file: 120 | echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Flask-RBAC.ghc 121 | goto end 122 | ) 123 | 124 | if "%1" == "devhelp" ( 125 | %SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp 126 | if errorlevel 1 exit /b 1 127 | echo. 128 | echo.Build finished. 129 | goto end 130 | ) 131 | 132 | if "%1" == "epub" ( 133 | %SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub 134 | if errorlevel 1 exit /b 1 135 | echo. 136 | echo.Build finished. The epub file is in %BUILDDIR%/epub. 137 | goto end 138 | ) 139 | 140 | if "%1" == "latex" ( 141 | %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex 142 | if errorlevel 1 exit /b 1 143 | echo. 144 | echo.Build finished; the LaTeX files are in %BUILDDIR%/latex. 145 | goto end 146 | ) 147 | 148 | if "%1" == "latexpdf" ( 149 | %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex 150 | cd %BUILDDIR%/latex 151 | make all-pdf 152 | cd %BUILDDIR%/.. 153 | echo. 154 | echo.Build finished; the PDF files are in %BUILDDIR%/latex. 155 | goto end 156 | ) 157 | 158 | if "%1" == "latexpdfja" ( 159 | %SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex 160 | cd %BUILDDIR%/latex 161 | make all-pdf-ja 162 | cd %BUILDDIR%/.. 163 | echo. 164 | echo.Build finished; the PDF files are in %BUILDDIR%/latex. 165 | goto end 166 | ) 167 | 168 | if "%1" == "text" ( 169 | %SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text 170 | if errorlevel 1 exit /b 1 171 | echo. 172 | echo.Build finished. The text files are in %BUILDDIR%/text. 173 | goto end 174 | ) 175 | 176 | if "%1" == "man" ( 177 | %SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man 178 | if errorlevel 1 exit /b 1 179 | echo. 180 | echo.Build finished. The manual pages are in %BUILDDIR%/man. 181 | goto end 182 | ) 183 | 184 | if "%1" == "texinfo" ( 185 | %SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo 186 | if errorlevel 1 exit /b 1 187 | echo. 188 | echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo. 189 | goto end 190 | ) 191 | 192 | if "%1" == "gettext" ( 193 | %SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale 194 | if errorlevel 1 exit /b 1 195 | echo. 196 | echo.Build finished. The message catalogs are in %BUILDDIR%/locale. 197 | goto end 198 | ) 199 | 200 | if "%1" == "changes" ( 201 | %SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes 202 | if errorlevel 1 exit /b 1 203 | echo. 204 | echo.The overview file is in %BUILDDIR%/changes. 205 | goto end 206 | ) 207 | 208 | if "%1" == "linkcheck" ( 209 | %SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck 210 | if errorlevel 1 exit /b 1 211 | echo. 212 | echo.Link check complete; look for any errors in the above output ^ 213 | or in %BUILDDIR%/linkcheck/output.txt. 214 | goto end 215 | ) 216 | 217 | if "%1" == "doctest" ( 218 | %SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest 219 | if errorlevel 1 exit /b 1 220 | echo. 221 | echo.Testing of doctests in the sources finished, look at the ^ 222 | results in %BUILDDIR%/doctest/output.txt. 223 | goto end 224 | ) 225 | 226 | if "%1" == "xml" ( 227 | %SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml 228 | if errorlevel 1 exit /b 1 229 | echo. 230 | echo.Build finished. The XML files are in %BUILDDIR%/xml. 231 | goto end 232 | ) 233 | 234 | if "%1" == "pseudoxml" ( 235 | %SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml 236 | if errorlevel 1 exit /b 1 237 | echo. 238 | echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml. 239 | goto end 240 | ) 241 | 242 | :end 243 | -------------------------------------------------------------------------------- /docs/quickstart.rst.inc: -------------------------------------------------------------------------------- 1 | This documents show how to create Flask-RBAC extension easily and quickly. 2 | 3 | 4 | Configuration Your Application 5 | ------------------------------ 6 | 7 | As same as many Flask extensions, you need to configuration your application:: 8 | 9 | from flask import Flask 10 | from flask_rbac import RBAC 11 | 12 | app = Flask(__name__) 13 | rbac = RBAC(app) 14 | 15 | or you can configuration using factory method:: 16 | 17 | from flask import Flask 18 | from flask_rbac import RBAC 19 | 20 | rbac = RBAC() 21 | 22 | def create_app(): 23 | app = Flask(__name__) 24 | 25 | rbac.init_app(app) 26 | 27 | return app 28 | 29 | Mode Setting 30 | ------------ 31 | 32 | There are two modes for Flask-RBAC, `RBAC_USE_WHITE` decide whether use 33 | white list to check the permission. And it set `False` to default. 34 | 35 | ============================ ================================================ 36 | `RBAC_USE_WHITE = True` Only allowing rules can access the resources. 37 | This means, all deny rules and rules 38 | you did not add cannot access the resources. 39 | `RBAC_USE_WHITE = False` Only denying rules cannot access the resources. 40 | In case you set an allow rule, denying rules will 41 | also be automatically created for existing 42 | non-added roles in this route. 43 | ============================ ================================================ 44 | 45 | Change it using:: 46 | 47 | app.config['RBAC_USE_WHITE'] = True 48 | 49 | 50 | Set Role Model 51 | -------------- 52 | 53 | Flask-RBAC implements some methods need by Flask-RBAC in RoleMixin_ class. 54 | You can use RoleMixin as your role model:: 55 | 56 | class Role(RoleMixin): 57 | pass 58 | 59 | anonymous = Role('anonymous') 60 | 61 | However, if your application is working under SQLAlchemy, 62 | and you want to save the roles in database, you need to override 63 | the Role class to adapt your application, here is an example:: 64 | 65 | from flask_rbac import RoleMixin 66 | from your_package.app import db 67 | 68 | roles_parents = db.Table( 69 | 'roles_parents', 70 | db.Column('role_id', db.Integer, db.ForeignKey('role.id')), 71 | db.Column('parent_id', db.Integer, db.ForeignKey('role.id')) 72 | ) 73 | 74 | class Role(db.Model, RoleMixin): 75 | id = db.Column(db.Integer, primary_key=True) 76 | name = db.Column(db.String(20)) 77 | parents = db.relationship( 78 | 'Role', 79 | secondary=roles_parents, 80 | primaryjoin=(id == roles_parents.c.role_id), 81 | secondaryjoin=(id == roles_parents.c.parent_id), 82 | backref=db.backref('children', lazy='dynamic') 83 | ) 84 | 85 | def __init__(self, name): 86 | RoleMixin.__init__(self) 87 | self.name = name 88 | 89 | def add_parent(self, parent): 90 | # You don't need to add this role to parent's children set, 91 | # relationship between roles would do this work automatically 92 | self.parents.append(parent) 93 | 94 | def add_parents(self, *parents): 95 | for parent in parents: 96 | self.add_parent(parent) 97 | 98 | @staticmethod 99 | def get_by_name(name): 100 | return Role.query.filter_by(name=name).first() 101 | 102 | After create role model, you can add your model to Flask-RBAC:: 103 | 104 | rbac.set_role_model(Role) 105 | 106 | Or use decorator to set role model for Flask-RBAC:: 107 | 108 | @rbac.as_role_model 109 | class Role(RoleMixin): 110 | # codes go here 111 | 112 | 113 | Set User Model 114 | -------------- 115 | 116 | Same as the RoleMixin, UserMixin_ implements some methods for Flask-RBAC, 117 | You can extend it directly:: 118 | 119 | from flask_rbac import UserMixin 120 | 121 | class User(UserMixin): 122 | pass 123 | 124 | a_user = User() 125 | 126 | Well, if your application works under SQLAlchemy:: 127 | 128 | from flask_rbac import UserMixin 129 | from your_package.app import db 130 | 131 | users_roles = db.Table( 132 | 'users_roles', 133 | db.Column('user_id', db.Integer, db.ForeignKey('user.id')), 134 | db.Column('role_id', db.Integer, db.ForeignKey('role.id')) 135 | ) 136 | 137 | class User(db.Model, UserMixin): 138 | id = db.Column(db.Integer, primary_key=True) 139 | username = db.Column(db.String(30), unllable=True) 140 | # Other columns 141 | roles = db.relationship( 142 | 'Role', 143 | secondary=users_roles, 144 | backref=db.backref('roles', lazy='dynamic') 145 | ) 146 | 147 | def add_role(self, role): 148 | self.roles.append(role) 149 | 150 | def add_roles(self, roles): 151 | for role in roles: 152 | self.add_role(role) 153 | 154 | def get_roles(self): 155 | for role in self.roles: 156 | yield role 157 | 158 | Same as role model, you should add user model to Flask-RBAC:: 159 | 160 | rbac.set_user_model(User) 161 | 162 | Or using decorator:: 163 | 164 | @rbac.as_user_model 165 | class User(UserMixin): 166 | # codes go here 167 | 168 | 169 | Set User Loader 170 | --------------- 171 | 172 | Flask-RBAC need to know who is current user, so it requires you to provide a 173 | function which tells it who is current user. 174 | 175 | Flask-RBAC will load current user from `Flask-Login`_ if you have install it 176 | by default. 177 | 178 | If you save current user in 179 | `flask.g`, here is an example for you:: 180 | 181 | from flask import g, current_app 182 | 183 | @app.route('/signin', methods=['POST']) 184 | @rbac.allow(['anonymous'], methods=['POST']) 185 | def signin(): 186 | # Sign in logic... 187 | g.current_user = user 188 | 189 | def get_current_user(): 190 | with current_app.request_context(): 191 | return g.current_user 192 | 193 | rbac.set_user_loader(get_current_user) 194 | 195 | 196 | Set Access Rules 197 | ---------------- 198 | 199 | You can use `allow` and `deny` to add rules to Flask-RBAC:: 200 | 201 | @app.route('/') 202 | @rbac.allow(['anonymous'], methods=['GET']) 203 | def index(): 204 | # your codes. 205 | pass 206 | 207 | @app.route('/account/signin', methods=['GET', 'POST']) 208 | @rbac.deny(['logged_user'], methods=['GET', 'POST']) 209 | def signin(): 210 | # show sign in page or handle sign in request. 211 | pass 212 | 213 | 214 | The code above adding two rules: 215 | 216 | - Allows user of *anonymous* role to *GET* /. 217 | 218 | - Deny user of *logged_user* role to *GET* and *POST* */account/signin*. 219 | 220 | `Flask`_ itself assumes the name of the view function as the endpoint for the 221 | registered URL rule, that's why in rules validation by default we use the decorated function 222 | name to check against the endpoint of the input request. But, in case you specified 223 | a different endpoint or you use the decorators inside a blueprint or 224 | abstracted blueprints extensions like `Flask-Admin`_ you can directly specify to the decorator 225 | the endpoint used in your route. 226 | 227 | .. code-block:: python 228 | 229 | @app.route('/signin', methods=['GET', 'POST'], endpoint='account.signin') 230 | @rbac.deny(['logged_user'], methods=['GET', 'POST'], 231 | endpoint='account.signin') 232 | def signin(): 233 | # show sign in page or handle sign in request. 234 | pass 235 | 236 | 237 | .. _RoleMixin: api.html#flask-ext-rbac-model-rolemixin 238 | .. _UserMixin: api.html#flask-ext-rbac-model-usermixin 239 | .. _Flask-Login: https://flask-login.readthedocs.org/en/latest/ 240 | .. _Flask: https://flask-admin.readthedocs.io/en/latest/introduction/?highlight=endpoint#generating-urls 241 | .. _Flask-Admin: https://flask-admin.readthedocs.io/en/latest/introduction/?highlight=endpoint#generating-urls 242 | -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # 3 | # Flask-RBAC documentation build configuration file, created by 4 | # sphinx-quickstart on Sun Jan 26 23:57:34 2014. 5 | # 6 | # This file is execfile()d with the current directory set to its 7 | # containing dir. 8 | # 9 | # Note that not all possible configuration values are present in this 10 | # autogenerated file. 11 | # 12 | # All configuration values have a default; values that are commented out 13 | # serve to show the default. 14 | 15 | import sys 16 | import os 17 | 18 | # If extensions (or modules to document with autodoc) are in another directory, 19 | # add these directories to sys.path here. If the directory is relative to the 20 | # documentation root, use os.path.abspath to make it absolute, like shown here. 21 | sys.path.insert(0, os.path.abspath('..')) 22 | 23 | # -- General configuration ------------------------------------------------ 24 | 25 | # If your documentation needs a minimal Sphinx version, state it here. 26 | #needs_sphinx = '1.0' 27 | 28 | # Add any Sphinx extension module names here, as strings. They can be 29 | # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom 30 | # ones. 31 | extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx'] 32 | 33 | # Add any paths that contain templates here, relative to this directory. 34 | templates_path = ['_templates'] 35 | 36 | # The suffix of source filenames. 37 | source_suffix = '.rst' 38 | 39 | # The encoding of source files. 40 | #source_encoding = 'utf-8-sig' 41 | 42 | # The master toctree document. 43 | master_doc = 'index' 44 | 45 | # General information about the project. 46 | project = 'Flask-RBAC' 47 | copyright = '2014, shonenada' 48 | 49 | # The version info for the project you're documenting, acts as replacement for 50 | # |version| and |release|, also used in various other places throughout the 51 | # built documents. 52 | # 53 | # The short X.Y version. 54 | version = '0.2.0' 55 | # The full version, including alpha/beta/rc tags. 56 | release = '0.2.0' 57 | 58 | # The language for content autogenerated by Sphinx. Refer to documentation 59 | # for a list of supported languages. 60 | #language = None 61 | 62 | # There are two options for replacing |today|: either, you set today to some 63 | # non-false value, then it is used: 64 | #today = '' 65 | # Else, today_fmt is used as the format for a strftime call. 66 | #today_fmt = '%B %d, %Y' 67 | 68 | # List of patterns, relative to source directory, that match files and 69 | # directories to ignore when looking for source files. 70 | exclude_patterns = ['_build'] 71 | 72 | # The reST default role (used for this markup: `text`) to use for all 73 | # documents. 74 | #default_role = None 75 | 76 | # If true, '()' will be appended to :func: etc. cross-reference text. 77 | #add_function_parentheses = True 78 | 79 | # If true, the current module name will be prepended to all description 80 | # unit titles (such as .. function::). 81 | #add_module_names = True 82 | 83 | # If true, sectionauthor and moduleauthor directives will be shown in the 84 | # output. They are ignored by default. 85 | #show_authors = False 86 | 87 | # The name of the Pygments (syntax highlighting) style to use. 88 | pygments_style = 'flask_theme_support.FlaskyStyle' 89 | 90 | # A list of ignored prefixes for module index sorting. 91 | #modindex_common_prefix = [] 92 | 93 | # If true, keep warnings as "system message" paragraphs in the built documents. 94 | #keep_warnings = False 95 | 96 | 97 | # -- Options for HTML output ---------------------------------------------- 98 | 99 | # The theme to use for HTML and HTML Help pages. See the documentation for 100 | # a list of builtin themes. 101 | 102 | sys.path.append(os.path.abspath('_themes')) 103 | html_theme_path = ['_themes'] 104 | html_theme = 'flask_small' 105 | 106 | # Theme options are theme-specific and customize the look and feel of a theme 107 | # further. For a list of options available for each theme, see the 108 | # documentation. 109 | #html_theme_options = {} 110 | 111 | # Add any paths that contain custom themes here, relative to this directory. 112 | #html_theme_path = [] 113 | 114 | # The name for this set of Sphinx documents. If None, it defaults to 115 | # " v documentation". 116 | #html_title = None 117 | 118 | # A shorter title for the navigation bar. Default is the same as html_title. 119 | #html_short_title = None 120 | 121 | # The name of an image file (relative to this directory) to place at the top 122 | # of the sidebar. 123 | #html_logo = None 124 | 125 | # The name of an image file (within the static path) to use as favicon of the 126 | # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 127 | # pixels large. 128 | #html_favicon = None 129 | 130 | # Add any paths that contain custom static files (such as style sheets) here, 131 | # relative to this directory. They are copied after the builtin static files, 132 | # so a file named "default.css" will overwrite the builtin "default.css". 133 | html_static_path = ['_static'] 134 | 135 | # Add any extra paths that contain custom files (such as robots.txt or 136 | # .htaccess) here, relative to this directory. These files are copied 137 | # directly to the root of the documentation. 138 | #html_extra_path = [] 139 | 140 | # If not '', a 'Last updated on:' timestamp is inserted at every page bottom, 141 | # using the given strftime format. 142 | #html_last_updated_fmt = '%b %d, %Y' 143 | 144 | # If true, SmartyPants will be used to convert quotes and dashes to 145 | # typographically correct entities. 146 | #html_use_smartypants = True 147 | 148 | # Custom sidebar templates, maps document names to template names. 149 | #html_sidebars = {} 150 | 151 | # Additional templates that should be rendered to pages, maps page names to 152 | # template names. 153 | #html_additional_pages = {} 154 | 155 | # If false, no module index is generated. 156 | #html_domain_indices = True 157 | 158 | # If false, no index is generated. 159 | #html_use_index = True 160 | 161 | # If true, the index is split into individual pages for each letter. 162 | #html_split_index = False 163 | 164 | # If true, links to the reST sources are added to the pages. 165 | #html_show_sourcelink = True 166 | 167 | # If true, "Created using Sphinx" is shown in the HTML footer. Default is True. 168 | #html_show_sphinx = True 169 | 170 | # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. 171 | #html_show_copyright = True 172 | 173 | # If true, an OpenSearch description file will be output, and all pages will 174 | # contain a tag referring to it. The value of this option must be the 175 | # base URL from which the finished HTML is served. 176 | #html_use_opensearch = '' 177 | 178 | # This is the file name suffix for HTML files (e.g. ".xhtml"). 179 | #html_file_suffix = None 180 | 181 | # Output file base name for HTML help builder. 182 | htmlhelp_basename = 'Flask-RBACdoc' 183 | 184 | 185 | # -- Options for LaTeX output --------------------------------------------- 186 | 187 | latex_elements = { 188 | # The paper size ('letterpaper' or 'a4paper'). 189 | #'papersize': 'letterpaper', 190 | 191 | # The font size ('10pt', '11pt' or '12pt'). 192 | #'pointsize': '10pt', 193 | 194 | # Additional stuff for the LaTeX preamble. 195 | #'preamble': '', 196 | } 197 | 198 | # Grouping the document tree into LaTeX files. List of tuples 199 | # (source start file, target name, title, 200 | # author, documentclass [howto, manual, or own class]). 201 | latex_documents = [ 202 | ('index', 'Flask-RBAC.tex', 'Flask-RBAC Documentation', 203 | 'shonenada', 'manual'), 204 | ] 205 | 206 | # The name of an image file (relative to this directory) to place at the top of 207 | # the title page. 208 | #latex_logo = None 209 | 210 | # For "manual" documents, if this is true, then toplevel headings are parts, 211 | # not chapters. 212 | #latex_use_parts = False 213 | 214 | # If true, show page references after internal links. 215 | #latex_show_pagerefs = False 216 | 217 | # If true, show URL addresses after external links. 218 | #latex_show_urls = False 219 | 220 | # Documents to append as an appendix to all manuals. 221 | #latex_appendices = [] 222 | 223 | # If false, no module index is generated. 224 | #latex_domain_indices = True 225 | 226 | 227 | # -- Options for manual page output --------------------------------------- 228 | 229 | # One entry per manual page. List of tuples 230 | # (source start file, name, description, authors, manual section). 231 | man_pages = [ 232 | ('index', 'flask-rbac', 'Flask-RBAC Documentation', 233 | ['shonenada'], 1) 234 | ] 235 | 236 | # If true, show URL addresses after external links. 237 | #man_show_urls = False 238 | 239 | 240 | # -- Options for Texinfo output ------------------------------------------- 241 | 242 | # Grouping the document tree into Texinfo files. List of tuples 243 | # (source start file, target name, title, author, 244 | # dir menu entry, description, category) 245 | texinfo_documents = [ 246 | ('index', 'Flask-RBAC', 'Flask-RBAC Documentation', 247 | 'shonenada', 'Flask-RBAC', 'One line description of project.', 248 | 'Miscellaneous'), 249 | ] 250 | 251 | # Documents to append as an appendix to all manuals. 252 | #texinfo_appendices = [] 253 | 254 | # If false, no module index is generated. 255 | #texinfo_domain_indices = True 256 | 257 | # How to display URL addresses: 'footnote', 'no', or 'inline'. 258 | #texinfo_show_urls = 'footnote' 259 | 260 | # If true, do not generate a @detailmenu in the "Top" node's menu. 261 | #texinfo_no_detailmenu = False 262 | 263 | 264 | # fall back if theme is not there 265 | try: 266 | __import__('flask_theme_support') 267 | except ImportError as e: 268 | print('-' * 74) 269 | print('Warning: Flask themes unavailable. Building with default theme') 270 | print('If you want the Flask themes, run this command and build again:') 271 | print() 272 | print(' git submodule update --init') 273 | print('-' * 74) 274 | 275 | pygments_style = 'tango' 276 | html_theme = 'default' 277 | html_theme_options = {} 278 | -------------------------------------------------------------------------------- /docs/_themes/flask/static/flasky.css_t: -------------------------------------------------------------------------------- 1 | /* 2 | * flasky.css_t 3 | * ~~~~~~~~~~~~ 4 | * 5 | * :copyright: Copyright 2010 by Armin Ronacher. 6 | * :license: Flask Design License, see LICENSE for details. 7 | */ 8 | 9 | {% set page_width = '940px' %} 10 | {% set sidebar_width = '220px' %} 11 | 12 | @import url("basic.css"); 13 | 14 | /* -- page layout ----------------------------------------------------------- */ 15 | 16 | body { 17 | font-family: 'Georgia', serif; 18 | font-size: 17px; 19 | background-color: white; 20 | color: #000; 21 | margin: 0; 22 | padding: 0; 23 | } 24 | 25 | div.document { 26 | width: {{ page_width }}; 27 | margin: 30px auto 0 auto; 28 | } 29 | 30 | div.documentwrapper { 31 | float: left; 32 | width: 100%; 33 | } 34 | 35 | div.bodywrapper { 36 | margin: 0 0 0 {{ sidebar_width }}; 37 | } 38 | 39 | div.sphinxsidebar { 40 | width: {{ sidebar_width }}; 41 | } 42 | 43 | hr { 44 | border: 1px solid #B1B4B6; 45 | } 46 | 47 | div.body { 48 | background-color: #ffffff; 49 | color: #3E4349; 50 | padding: 0 30px 0 30px; 51 | } 52 | 53 | img.floatingflask { 54 | padding: 0 0 10px 10px; 55 | float: right; 56 | } 57 | 58 | div.footer { 59 | width: {{ page_width }}; 60 | margin: 20px auto 30px auto; 61 | font-size: 14px; 62 | color: #888; 63 | text-align: right; 64 | } 65 | 66 | div.footer a { 67 | color: #888; 68 | } 69 | 70 | div.related { 71 | display: none; 72 | } 73 | 74 | div.sphinxsidebar a { 75 | color: #444; 76 | text-decoration: none; 77 | border-bottom: 1px dotted #999; 78 | } 79 | 80 | div.sphinxsidebar a:hover { 81 | border-bottom: 1px solid #999; 82 | } 83 | 84 | div.sphinxsidebar { 85 | font-size: 14px; 86 | line-height: 1.5; 87 | } 88 | 89 | div.sphinxsidebarwrapper { 90 | padding: 18px 10px; 91 | } 92 | 93 | div.sphinxsidebarwrapper p.logo { 94 | padding: 0 0 20px 0; 95 | margin: 0; 96 | text-align: center; 97 | } 98 | 99 | div.sphinxsidebar h3, 100 | div.sphinxsidebar h4 { 101 | font-family: 'Garamond', 'Georgia', serif; 102 | color: #444; 103 | font-size: 24px; 104 | font-weight: normal; 105 | margin: 0 0 5px 0; 106 | padding: 0; 107 | } 108 | 109 | div.sphinxsidebar h4 { 110 | font-size: 20px; 111 | } 112 | 113 | div.sphinxsidebar h3 a { 114 | color: #444; 115 | } 116 | 117 | div.sphinxsidebar p.logo a, 118 | div.sphinxsidebar h3 a, 119 | div.sphinxsidebar p.logo a:hover, 120 | div.sphinxsidebar h3 a:hover { 121 | border: none; 122 | } 123 | 124 | div.sphinxsidebar p { 125 | color: #555; 126 | margin: 10px 0; 127 | } 128 | 129 | div.sphinxsidebar ul { 130 | margin: 10px 0; 131 | padding: 0; 132 | color: #000; 133 | } 134 | 135 | div.sphinxsidebar input { 136 | border: 1px solid #ccc; 137 | font-family: 'Georgia', serif; 138 | font-size: 1em; 139 | } 140 | 141 | /* -- body styles ----------------------------------------------------------- */ 142 | 143 | a { 144 | color: #004B6B; 145 | text-decoration: underline; 146 | } 147 | 148 | a:hover { 149 | color: #6D4100; 150 | text-decoration: underline; 151 | } 152 | 153 | div.body h1, 154 | div.body h2, 155 | div.body h3, 156 | div.body h4, 157 | div.body h5, 158 | div.body h6 { 159 | font-family: 'Garamond', 'Georgia', serif; 160 | font-weight: normal; 161 | margin: 30px 0px 10px 0px; 162 | padding: 0; 163 | } 164 | 165 | {% if theme_index_logo %} 166 | div.indexwrapper h1 { 167 | text-indent: -999999px; 168 | background: url({{ theme_index_logo }}) no-repeat center center; 169 | height: {{ theme_index_logo_height }}; 170 | } 171 | {% endif %} 172 | div.body h1 { margin-top: 0; padding-top: 0; font-size: 240%; } 173 | div.body h2 { font-size: 180%; } 174 | div.body h3 { font-size: 150%; } 175 | div.body h4 { font-size: 130%; } 176 | div.body h5 { font-size: 100%; } 177 | div.body h6 { font-size: 100%; } 178 | 179 | a.headerlink { 180 | color: #ddd; 181 | padding: 0 4px; 182 | text-decoration: none; 183 | } 184 | 185 | a.headerlink:hover { 186 | color: #444; 187 | background: #eaeaea; 188 | } 189 | 190 | div.body p, div.body dd, div.body li { 191 | line-height: 1.4em; 192 | } 193 | 194 | div.admonition { 195 | background: #fafafa; 196 | margin: 20px -30px; 197 | padding: 10px 30px; 198 | border-top: 1px solid #ccc; 199 | border-bottom: 1px solid #ccc; 200 | } 201 | 202 | div.admonition tt.xref, div.admonition a tt { 203 | border-bottom: 1px solid #fafafa; 204 | } 205 | 206 | dd div.admonition { 207 | margin-left: -60px; 208 | padding-left: 60px; 209 | } 210 | 211 | div.admonition p.admonition-title { 212 | font-family: 'Garamond', 'Georgia', serif; 213 | font-weight: normal; 214 | font-size: 24px; 215 | margin: 0 0 10px 0; 216 | padding: 0; 217 | line-height: 1; 218 | } 219 | 220 | div.admonition p.last { 221 | margin-bottom: 0; 222 | } 223 | 224 | div.highlight { 225 | background-color: white; 226 | } 227 | 228 | dt:target, .highlight { 229 | background: #FAF3E8; 230 | } 231 | 232 | div.note { 233 | background-color: #eee; 234 | border: 1px solid #ccc; 235 | } 236 | 237 | div.seealso { 238 | background-color: #ffc; 239 | border: 1px solid #ff6; 240 | } 241 | 242 | div.topic { 243 | background-color: #eee; 244 | } 245 | 246 | p.admonition-title { 247 | display: inline; 248 | } 249 | 250 | p.admonition-title:after { 251 | content: ":"; 252 | } 253 | 254 | pre, tt { 255 | font-family: 'Consolas', 'Menlo', 'Deja Vu Sans Mono', 'Bitstream Vera Sans Mono', monospace; 256 | font-size: 0.9em; 257 | } 258 | 259 | img.screenshot { 260 | } 261 | 262 | tt.descname, tt.descclassname { 263 | font-size: 0.95em; 264 | } 265 | 266 | tt.descname { 267 | padding-right: 0.08em; 268 | } 269 | 270 | img.screenshot { 271 | -moz-box-shadow: 2px 2px 4px #eee; 272 | -webkit-box-shadow: 2px 2px 4px #eee; 273 | box-shadow: 2px 2px 4px #eee; 274 | } 275 | 276 | table.docutils { 277 | border: 1px solid #888; 278 | -moz-box-shadow: 2px 2px 4px #eee; 279 | -webkit-box-shadow: 2px 2px 4px #eee; 280 | box-shadow: 2px 2px 4px #eee; 281 | } 282 | 283 | table.docutils td, table.docutils th { 284 | border: 1px solid #888; 285 | padding: 0.25em 0.7em; 286 | } 287 | 288 | table.field-list, table.footnote { 289 | border: none; 290 | -moz-box-shadow: none; 291 | -webkit-box-shadow: none; 292 | box-shadow: none; 293 | } 294 | 295 | table.footnote { 296 | margin: 15px 0; 297 | width: 100%; 298 | border: 1px solid #eee; 299 | background: #fdfdfd; 300 | font-size: 0.9em; 301 | } 302 | 303 | table.footnote + table.footnote { 304 | margin-top: -15px; 305 | border-top: none; 306 | } 307 | 308 | table.field-list th { 309 | padding: 0 0.8em 0 0; 310 | } 311 | 312 | table.field-list td { 313 | padding: 0; 314 | } 315 | 316 | table.footnote td.label { 317 | width: 0px; 318 | padding: 0.3em 0 0.3em 0.5em; 319 | } 320 | 321 | table.footnote td { 322 | padding: 0.3em 0.5em; 323 | } 324 | 325 | dl { 326 | margin: 0; 327 | padding: 0; 328 | } 329 | 330 | dl dd { 331 | margin-left: 30px; 332 | } 333 | 334 | blockquote { 335 | margin: 0 0 0 30px; 336 | padding: 0; 337 | } 338 | 339 | ul, ol { 340 | margin: 10px 0 10px 30px; 341 | padding: 0; 342 | } 343 | 344 | pre { 345 | background: #eee; 346 | padding: 7px 30px; 347 | margin: 15px -30px; 348 | line-height: 1.3em; 349 | } 350 | 351 | dl pre, blockquote pre, li pre { 352 | margin-left: -60px; 353 | padding-left: 60px; 354 | } 355 | 356 | dl dl pre { 357 | margin-left: -90px; 358 | padding-left: 90px; 359 | } 360 | 361 | tt { 362 | background-color: #ecf0f3; 363 | color: #222; 364 | /* padding: 1px 2px; */ 365 | } 366 | 367 | tt.xref, a tt { 368 | background-color: #FBFBFB; 369 | border-bottom: 1px solid white; 370 | } 371 | 372 | a.reference { 373 | text-decoration: none; 374 | border-bottom: 1px dotted #004B6B; 375 | } 376 | 377 | a.reference:hover { 378 | border-bottom: 1px solid #6D4100; 379 | } 380 | 381 | a.footnote-reference { 382 | text-decoration: none; 383 | font-size: 0.7em; 384 | vertical-align: top; 385 | border-bottom: 1px dotted #004B6B; 386 | } 387 | 388 | a.footnote-reference:hover { 389 | border-bottom: 1px solid #6D4100; 390 | } 391 | 392 | a:hover tt { 393 | background: #EEE; 394 | } 395 | 396 | 397 | @media screen and (max-width: 870px) { 398 | 399 | div.sphinxsidebar { 400 | display: none; 401 | } 402 | 403 | div.document { 404 | width: 100%; 405 | 406 | } 407 | 408 | div.documentwrapper { 409 | margin-left: 0; 410 | margin-top: 0; 411 | margin-right: 0; 412 | margin-bottom: 0; 413 | } 414 | 415 | div.bodywrapper { 416 | margin-top: 0; 417 | margin-right: 0; 418 | margin-bottom: 0; 419 | margin-left: 0; 420 | } 421 | 422 | ul { 423 | margin-left: 0; 424 | } 425 | 426 | .document { 427 | width: auto; 428 | } 429 | 430 | .footer { 431 | width: auto; 432 | } 433 | 434 | .bodywrapper { 435 | margin: 0; 436 | } 437 | 438 | .footer { 439 | width: auto; 440 | } 441 | 442 | .github { 443 | display: none; 444 | } 445 | 446 | 447 | 448 | } 449 | 450 | 451 | 452 | @media screen and (max-width: 875px) { 453 | 454 | body { 455 | margin: 0; 456 | padding: 20px 30px; 457 | } 458 | 459 | div.documentwrapper { 460 | float: none; 461 | background: white; 462 | } 463 | 464 | div.sphinxsidebar { 465 | display: block; 466 | float: none; 467 | width: 102.5%; 468 | margin: 50px -30px -20px -30px; 469 | padding: 10px 20px; 470 | background: #333; 471 | color: white; 472 | } 473 | 474 | div.sphinxsidebar h3, div.sphinxsidebar h4, div.sphinxsidebar p, 475 | div.sphinxsidebar h3 a { 476 | color: white; 477 | } 478 | 479 | div.sphinxsidebar a { 480 | color: #aaa; 481 | } 482 | 483 | div.sphinxsidebar p.logo { 484 | display: none; 485 | } 486 | 487 | div.document { 488 | width: 100%; 489 | margin: 0; 490 | } 491 | 492 | div.related { 493 | display: block; 494 | margin: 0; 495 | padding: 10px 0 20px 0; 496 | } 497 | 498 | div.related ul, 499 | div.related ul li { 500 | margin: 0; 501 | padding: 0; 502 | } 503 | 504 | div.footer { 505 | display: none; 506 | } 507 | 508 | div.bodywrapper { 509 | margin: 0; 510 | } 511 | 512 | div.body { 513 | min-height: 0; 514 | padding: 0; 515 | } 516 | 517 | .rtd_doc_footer { 518 | display: none; 519 | } 520 | 521 | .document { 522 | width: auto; 523 | } 524 | 525 | .footer { 526 | width: auto; 527 | } 528 | 529 | .footer { 530 | width: auto; 531 | } 532 | 533 | .github { 534 | display: none; 535 | } 536 | } 537 | 538 | 539 | /* scrollbars */ 540 | 541 | ::-webkit-scrollbar { 542 | width: 6px; 543 | height: 6px; 544 | } 545 | 546 | ::-webkit-scrollbar-button:start:decrement, 547 | ::-webkit-scrollbar-button:end:increment { 548 | display: block; 549 | height: 10px; 550 | } 551 | 552 | ::-webkit-scrollbar-button:vertical:increment { 553 | background-color: #fff; 554 | } 555 | 556 | ::-webkit-scrollbar-track-piece { 557 | background-color: #eee; 558 | -webkit-border-radius: 3px; 559 | } 560 | 561 | ::-webkit-scrollbar-thumb:vertical { 562 | height: 50px; 563 | background-color: #ccc; 564 | -webkit-border-radius: 3px; 565 | } 566 | 567 | ::-webkit-scrollbar-thumb:horizontal { 568 | width: 50px; 569 | background-color: #ccc; 570 | -webkit-border-radius: 3px; 571 | } 572 | 573 | /* misc. */ 574 | 575 | .revsys-inline { 576 | display: none!important; 577 | } -------------------------------------------------------------------------------- /test_rbac.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | from flask import Flask, Response, make_response 4 | from flask_login import current_user as login_user 5 | 6 | from flask_rbac import RBAC, UserMixin, RoleMixin 7 | 8 | import functools 9 | 10 | 11 | class Role(RoleMixin): 12 | def __repr__(self): 13 | return '' % self.name 14 | 15 | class User(UserMixin): 16 | def __repr__(self): 17 | return '' % self.roles 18 | 19 | everyone = Role('everyone') 20 | logged_role = Role('logged_role') 21 | staff_role = Role('staff_role') 22 | other_role = Role('other_role') 23 | special = Role('special') 24 | 25 | logged_role.add_parent(everyone) 26 | staff_role.add_parents(everyone, logged_role) 27 | 28 | anonymous = User(roles=[everyone]) 29 | normal_user = User(roles=[logged_role]) 30 | staff_role_user = User(roles=[staff_role]) 31 | special_user = User(roles=[special]) 32 | many_roles_user = User(roles=[logged_role, other_role, everyone]) 33 | 34 | current_user = anonymous 35 | 36 | def rewrite_decorator(viewfunc): 37 | @functools.wraps(viewfunc) 38 | def newfunc(*args, **kwargs): 39 | return viewfunc(*args, **kwargs) 40 | return newfunc 41 | 42 | def makeapp(with_factory, use_white, before_decorator, after_decorator): 43 | global current_user 44 | app = Flask(__name__) 45 | app.debug = True 46 | 47 | if use_white: 48 | app.config['RBAC_USE_WHITE'] = True 49 | else: 50 | app.config['RBAC_USE_WHITE'] = False 51 | 52 | if with_factory: 53 | rbac = RBAC() 54 | rbac.init_app(app) 55 | else: 56 | rbac = RBAC(app) 57 | 58 | rbac.set_user_loader(lambda: current_user) 59 | rbac.set_user_model(User) 60 | rbac.set_role_model(Role) 61 | 62 | @app.route('/') 63 | @after_decorator 64 | @rbac.allow(roles=['everyone'], methods=['GET']) 65 | @before_decorator 66 | def index(): 67 | return Response('index') 68 | 69 | @app.route('/a') 70 | @after_decorator 71 | @rbac.allow(roles=['special'], methods=['GET']) 72 | @before_decorator 73 | def a(): 74 | return Response('Hello') 75 | 76 | @app.route('/b', methods=['GET', 'POST']) 77 | @after_decorator 78 | @rbac.allow(roles=['logged_role'], methods=['GET']) 79 | @rbac.allow(roles=['staff_role', 'special'], methods=['POST']) 80 | @before_decorator 81 | def b(): 82 | return Response('Hello from /b') 83 | 84 | @app.route('/c') 85 | @after_decorator 86 | @rbac.allow(roles=['everyone'], methods=['GET']) 87 | @rbac.deny(roles=['logged_role'], methods=['GET'], with_children=False) 88 | @rbac.allow(roles=['staff_role'], methods=['GET']) 89 | @before_decorator 90 | def c(): 91 | return Response('Hello from /c') 92 | 93 | @app.route('/d') 94 | @after_decorator 95 | @rbac.deny(roles=['everyone'], methods=['GET']) 96 | @before_decorator 97 | def d(): 98 | return Response('Hello from /d') 99 | 100 | @app.route('/e') 101 | @after_decorator 102 | @rbac.deny(roles=['everyone'], methods=['GET'], with_children=True) 103 | @before_decorator 104 | def e(): 105 | return Response('Hello from /e') 106 | 107 | @app.route('/f', methods=['POST']) 108 | @after_decorator 109 | @rbac.deny(roles=['logged_role'], methods=['POST']) 110 | @before_decorator 111 | def f(): 112 | return Response('Hello from /f') 113 | 114 | @app.route('/g', methods=['GET']) 115 | @after_decorator 116 | @rbac.exempt 117 | @before_decorator 118 | def g(): 119 | return Response('Hello from /g') 120 | 121 | @app.route('/h', methods=['GET']) 122 | @after_decorator 123 | @rbac.allow(['anonymous'], methods=['GET'], with_children=False) 124 | @before_decorator 125 | def h(): 126 | return Response('Hello from /h') 127 | 128 | @app.route('/i', methods=['GET']) 129 | @after_decorator 130 | @rbac.allow(['nonexistent'], methods=['GET'], with_children=False) 131 | @before_decorator 132 | def i(): 133 | return Response('Hello from /i') 134 | 135 | @app.route('/j', methods=['GET']) 136 | @after_decorator 137 | @rbac.deny(['nonexistent'], methods=['GET'], with_children=False) 138 | @before_decorator 139 | def j(): 140 | return Response('Hello from /j') 141 | 142 | return app 143 | 144 | class UseWhiteApplicationUnitTests(unittest.TestCase): 145 | 146 | def setUp(self): 147 | self.app = makeapp(with_factory=False, use_white=True, before_decorator=rewrite_decorator, after_decorator=rewrite_decorator) 148 | self.client = self.app.test_client() 149 | self.rbac = self.app.extensions['rbac'].rbac 150 | 151 | def test_set_user_loader(self): 152 | global current_user 153 | self.assertEqual(self.rbac._user_loader(), current_user) 154 | self.rbac.set_user_loader(lambda: staff_role_user) 155 | self.assertEqual(self.rbac._user_loader(), staff_role_user) 156 | # Restore 157 | self.rbac.set_user_loader(lambda: current_user) 158 | 159 | def test_allow_get_view(self): 160 | global current_user 161 | current_user = anonymous 162 | self.assertEqual(self.client.open('/').data.decode('utf-8'), 'index') 163 | 164 | current_user = normal_user 165 | self.assertEqual(self.client.open('/').data.decode('utf-8'), 'index') 166 | self.assertEqual(self.client.open('/b').data.decode('utf-8'), 'Hello from /b') 167 | 168 | current_user = staff_role_user 169 | self.assertEqual(self.client.open('/').data.decode('utf-8'), 'index') 170 | self.assertEqual(self.client.open('/b').data.decode('utf-8'), 'Hello from /b') 171 | 172 | current_user = special_user 173 | self.assertEqual(self.client.open('/a').data.decode('utf-8'), 'Hello') 174 | 175 | def test_deny_get_view(self): 176 | global current_user 177 | current_user = special_user 178 | self.assertEqual(self.client.open('/').status_code, 403) 179 | self.assertEqual(self.client.open('/b').status_code, 403) 180 | 181 | current_user = anonymous 182 | self.assertEqual(self.client.open('/a').status_code, 403) 183 | 184 | current_user = normal_user 185 | self.assertEqual(self.client.open('/a').status_code, 403) 186 | 187 | current_user = staff_role_user 188 | self.assertEqual(self.client.open('/a').status_code, 403) 189 | 190 | def test_allow_post_view(self): 191 | global current_user 192 | current_user = staff_role_user 193 | self.assertEqual(self.client.post('/b').data.decode('utf-8'), 'Hello from /b') 194 | 195 | current_user = special_user 196 | self.assertEqual(self.client.post('/b').data.decode('utf-8'), 'Hello from /b') 197 | 198 | def test_deny_post_view(self): 199 | global current_user 200 | current_user = anonymous 201 | self.assertEqual(self.client.post('/b').status_code, 403) 202 | 203 | current_user = normal_user 204 | self.assertEqual(self.client.post('/b').status_code, 403) 205 | 206 | def test_complicate_get_view(self): 207 | global current_user 208 | current_user = anonymous 209 | self.assertEqual(self.client.open('/c').data.decode('utf-8'), 'Hello from /c') 210 | 211 | current_user = normal_user 212 | self.assertEqual(self.client.open('/c').status_code, 403) 213 | 214 | current_user = staff_role_user 215 | self.assertEqual(self.client.open('/c').data.decode('utf-8'), 'Hello from /c') 216 | 217 | def test_hook(self): 218 | global current_user 219 | current_user = special_user 220 | self.rbac.set_hook(lambda: make_response('Permission Denied', 403)) 221 | self.assertEqual(self.client.open('/').status_code, 403) 222 | self.assertEqual(self.client.open('/').data.decode('utf-8'), 'Permission Denied') 223 | 224 | def test_has_permission(self): 225 | global current_user 226 | 227 | current_user = anonymous 228 | self.assertTrue(self.rbac.has_permission('GET', 'index')) 229 | self.assertTrue(self.rbac.has_permission('GET', 'c')) 230 | self.assertFalse(self.rbac.has_permission('GET', 'a')) 231 | self.assertFalse(self.rbac.has_permission('POST', 'index')) 232 | 233 | current_user = special_user 234 | self.assertTrue(self.rbac.has_permission('GET', 'a')) 235 | self.assertTrue(self.rbac.has_permission('POST', 'b')) 236 | self.assertFalse(self.rbac.has_permission('GET', 'c')) 237 | 238 | current_user = anonymous 239 | self.assertTrue(self.rbac.has_permission('POST', 'b', special_user)) 240 | 241 | current_user = None 242 | self.assertTrue(self.rbac.has_permission('GET', 'h')) 243 | self.assertEqual(self.client.open('/h').data.decode('utf-8'), 'Hello from /h') 244 | 245 | 246 | def test_exempt(self): 247 | global current_user 248 | 249 | current_user = anonymous 250 | self.assertEqual(self.client.open('/g').data.decode('utf-8'), 'Hello from /g') 251 | 252 | current_user = special_user 253 | self.assertEqual(self.client.open('/g').data.decode('utf-8'), 'Hello from /g') 254 | 255 | current_user = normal_user 256 | self.assertEqual(self.client.open('/g').data.decode('utf-8'), 'Hello from /g') 257 | 258 | def test_allow_nonexistent_role(self): 259 | current_user = normal_user 260 | self.assertEqual(self.client.open('/i').status_code, 403) 261 | 262 | def test_deny_nonexistent_role(self): 263 | current_user = normal_user 264 | self.assertEqual(self.client.open('/j').status_code, 403) 265 | 266 | 267 | 268 | class NoWhiteApplicationUnitTests(unittest.TestCase): 269 | 270 | def setUp(self): 271 | self.app = makeapp(with_factory=False, use_white=False, before_decorator=rewrite_decorator, after_decorator=rewrite_decorator) 272 | self.client = self.app.test_client() 273 | self.rbac = self.app.extensions['rbac'].rbac 274 | 275 | def test_allow_get_view(self): 276 | global current_user 277 | current_user = normal_user 278 | self.assertEqual(self.client.open('/d').data.decode('utf-8'), 'Hello from /d') 279 | 280 | current_user = staff_role_user 281 | self.assertEqual(self.client.open('/d').data.decode('utf-8'), 'Hello from /d') 282 | 283 | def test_deny_get_view(self): 284 | global current_user 285 | current_user = anonymous 286 | self.assertEqual(self.client.open('/d').status_code, 403) 287 | self.assertEqual(self.client.open('/e').status_code, 403) 288 | 289 | current_user = normal_user 290 | self.assertEqual(self.client.open('/e').status_code, 403) 291 | 292 | current_user = staff_role_user 293 | self.assertEqual(self.client.open('/e').status_code, 403) 294 | 295 | def test_allow_post_view(self): 296 | global current_user 297 | current_user = anonymous 298 | self.assertEqual(self.client.post('/f').data.decode('utf-8'), 'Hello from /f') 299 | 300 | current_user = staff_role_user 301 | self.assertEqual(self.client.post('/f').data.decode('utf-8'), 'Hello from /f') 302 | 303 | def test_deny_post_view(self): 304 | global current_user 305 | current_user = normal_user 306 | self.assertEqual(self.client.post('/f').status_code, 403) 307 | 308 | def test_has_permission(self): 309 | global current_user 310 | current_user = normal_user 311 | self.assertTrue(self.rbac.has_permission('GET', 'd')) 312 | self.assertFalse(self.rbac.has_permission('POST', 'f')) 313 | 314 | def test_deny_nonexistent_role(self): 315 | current_user = normal_user 316 | self.assertEqual(self.client.open('/j').data.decode('utf-8'), 'Hello from /j') 317 | 318 | 319 | class RoleMixInUnitTests(unittest.TestCase): 320 | 321 | def test_role_get_name(self): 322 | self.assertEqual(everyone.get_name(), 'everyone') 323 | self.assertEqual(logged_role.get_name(), 'logged_role') 324 | self.assertEqual(staff_role.get_name(), 'staff_role') 325 | 326 | def test_add_parent(self): 327 | normal_role = Role('normal') 328 | base_role = Role('base') 329 | normal_role.add_parent(base_role) 330 | 331 | self.assertIn(base_role, normal_role.parents) 332 | 333 | def test_add_parents(self): 334 | normal_role = Role('normal') 335 | parent_role = Role('parent') 336 | another_parent_role = Role('another_parent') 337 | normal_role.add_parents(parent_role, another_parent_role) 338 | 339 | self.assertIn(parent_role, normal_role.parents) 340 | self.assertIn(another_parent_role, normal_role.parents) 341 | 342 | def test_get_parents(self): 343 | everyone_parents = set() 344 | logged_role_parents = set() 345 | staff_role_parents = set() 346 | 347 | for p in everyone.get_parents(): 348 | everyone_parents.add(p) 349 | for p in logged_role.get_parents(): 350 | logged_role_parents.add(p) 351 | for p in staff_role.get_parents(): 352 | staff_role_parents.add(p) 353 | 354 | self.assertEqual(everyone_parents, set([])) 355 | self.assertEqual(logged_role_parents, set([everyone])) 356 | self.assertEqual(staff_role_parents, set([everyone, logged_role])) 357 | 358 | def test_get_children(self): 359 | everyone_children = set() 360 | logged_role_children = set() 361 | staff_role_children = set() 362 | 363 | for c in everyone.get_children(): 364 | everyone_children.add(c) 365 | for c in logged_role.get_children(): 366 | logged_role_children.add(c) 367 | for c in staff_role.get_children(): 368 | staff_role_children.add(c) 369 | 370 | self.assertEqual(everyone_children, set([logged_role, staff_role])) 371 | self.assertEqual(logged_role_children, set([staff_role])) 372 | self.assertEqual(staff_role_children, set([])) 373 | 374 | 375 | class UserMixInUnitTests(unittest.TestCase): 376 | 377 | def test_add_role(self): 378 | new_role = Role('new_for_test') 379 | another_role = Role('for_test') 380 | the_third_role = Role('The_third_man') 381 | 382 | user_one = User() 383 | user_two = User() 384 | user_three = User() 385 | 386 | user_one.add_role(another_role) 387 | user_three.add_role(new_role) 388 | user_three.add_role(another_role) 389 | 390 | self.assertEqual(user_one.roles, set([another_role])) 391 | self.assertEqual(user_two.roles, set([])) 392 | self.assertEqual(user_three.roles, set([new_role, another_role])) 393 | 394 | def test_get_roles(self): 395 | normal_user_roles = set() 396 | staff_role_user_roles = set() 397 | many_roles_user_roles = set() 398 | 399 | for r in normal_user.get_roles(): 400 | normal_user_roles.add(r) 401 | for r in staff_role_user.get_roles(): 402 | staff_role_user_roles.add(r) 403 | for r in many_roles_user.get_roles(): 404 | many_roles_user_roles.add(r) 405 | 406 | self.assertEqual(normal_user_roles, set([logged_role])) 407 | self.assertEqual(staff_role_user_roles, set([staff_role])) 408 | self.assertEqual(many_roles_user_roles, set([everyone, logged_role, other_role])) 409 | 410 | 411 | class DecoratorUnitTests(unittest.TestCase): 412 | 413 | def setUp(self): 414 | self.rbac = RBAC() 415 | 416 | @self.rbac.as_role_model 417 | class RoleModel(RoleMixin): 418 | pass 419 | 420 | @self.rbac.as_user_model 421 | class UserModel(UserMixin): 422 | pass 423 | 424 | self.rm = RoleModel 425 | self.um = UserModel 426 | 427 | def test_as_role_model(self): 428 | self.assertTrue(self.rbac._role_model is self.rm) 429 | 430 | def test_as_user_model(self): 431 | self.assertTrue(self.rbac._user_model is self.um) 432 | 433 | 434 | class DefaultUserLoaderUnitTests(unittest.TestCase): 435 | 436 | def setUp(self): 437 | self.rbac = RBAC() 438 | 439 | def test_default_user_loader(self): 440 | self.assertEqual(self.rbac._user_loader(), login_user) 441 | -------------------------------------------------------------------------------- /flask_rbac/__init__.py: -------------------------------------------------------------------------------- 1 | # -*-coding: utf-8 2 | """ 3 | flaskext.rbac 4 | ~~~~~~~~~~~~~ 5 | 6 | Adds Role-based Access Control modules to application 7 | """ 8 | 9 | import itertools 10 | from collections import defaultdict 11 | 12 | from flask import request, abort, _request_ctx_stack 13 | 14 | try: 15 | from flask import _app_ctx_stack 16 | except ImportError: 17 | _app_ctx_stack = None 18 | 19 | try: 20 | from flask_login import (current_user, 21 | AnonymousUserMixin as anonymous_model) 22 | except ImportError: 23 | current_user, anonymous_model = None, None 24 | 25 | from .model import RoleMixin, UserMixin, anonymous 26 | 27 | 28 | __all__ = ['RBAC', 'RoleMixin', 'UserMixin'] 29 | 30 | 31 | connection_stack = _app_ctx_stack or _request_ctx_stack 32 | 33 | 34 | class AccessControlList(object): 35 | """ 36 | This class record rules for access controling. 37 | """ 38 | 39 | def __init__(self): 40 | self._allowed = [] 41 | self._denied = [] 42 | self._exempt = [] 43 | self.seted = False 44 | 45 | def allow(self, role, method, resource, with_children=True): 46 | """Add allowing rules. 47 | 48 | :param role: Role of this rule. 49 | :param method: Method to allow in rule, include GET, POST, PUT etc. 50 | :param resource: Resource also view function. 51 | :param with_children: Allow role's children in rule as well 52 | if with_children is `True` 53 | """ 54 | if with_children: 55 | for r in role.get_children(): 56 | permission = (r.get_name(), method, resource) 57 | if permission not in self._allowed: 58 | self._allowed.append(permission) 59 | if role == 'anonymous': 60 | permission = (role, method, resource) 61 | else: 62 | permission = (role.get_name(), method, resource) 63 | if permission not in self._allowed: 64 | self._allowed.append(permission) 65 | 66 | def deny(self, role, method, resource, with_children=False): 67 | """Add denying rules. 68 | 69 | :param role: Role of this rule. 70 | :param method: Method to deny in rule, include GET, POST, PUT etc. 71 | :param resource: Resource also view function. 72 | :param with_children: Deny role's children in rule as well 73 | if with_children is `True` 74 | """ 75 | if with_children: 76 | for r in role.get_children(): 77 | permission = (r.get_name(), method, resource) 78 | if permission not in self._denied: 79 | self._denied.append(permission) 80 | permission = (role.get_name(), method, resource) 81 | if permission not in self._denied: 82 | self._denied.append(permission) 83 | 84 | def exempt(self, resource): 85 | """Exempt a view function from being checked permission 86 | 87 | :param resource: The view function exempt from checking. 88 | """ 89 | if resource not in self._exempt: 90 | self._exempt.append(resource) 91 | 92 | def is_allowed(self, role, method, resource): 93 | """Check whether role is allowed to access resource 94 | 95 | :param role: Role to be checked. 96 | :param method: Method to be checked. 97 | :param resource: View function to be checked. 98 | """ 99 | return (role, method, resource) in self._allowed 100 | 101 | def is_denied(self, role, method, resource): 102 | """Check wherther role is denied to access resource 103 | 104 | :param role: Role to be checked. 105 | :param method: Method to be checked. 106 | :param resource: View function to be checked. 107 | """ 108 | return (role, method, resource) in self._denied 109 | 110 | def is_exempt(self, resource): 111 | """Return whether resource is exempted. 112 | 113 | :param resource: View function to be checked. 114 | """ 115 | return resource in self._exempt 116 | 117 | 118 | class _RBACState(object): 119 | '''Records configuration for Flask-RBAC''' 120 | def __init__(self, rbac, app): 121 | self.rbac = rbac 122 | self.app = app 123 | 124 | 125 | class RBAC(object): 126 | """This class implements role-based access control module in Flask. 127 | There are two way to initialize Flask-RBAC:: 128 | 129 | app = Flask(__name__) 130 | rbac = RBAC(app) 131 | 132 | or:: 133 | 134 | rbac = RBAC 135 | def create_app(): 136 | app = Flask(__name__) 137 | rbac.init_app(app) 138 | return app 139 | 140 | :param app: the Flask object 141 | :param role_model: custom role model 142 | :param user_model: custom user model 143 | :param user_loader: custom user loader, used to load current user 144 | :param permission_failed_hook: called when permission denied. 145 | """ 146 | 147 | def __init__(self, app=None, **kwargs): 148 | """Initialize with app.""" 149 | self.acl = AccessControlList() 150 | self.before_acl = {'allow': [], 'deny': []} 151 | 152 | self._role_model = kwargs.get('role_model', RoleMixin) 153 | self._user_model = kwargs.get('user_model', UserMixin) 154 | self._user_loader = kwargs.get('user_loader', lambda: current_user) 155 | self.permission_failed_hook = kwargs.get('permission_failed_hook') 156 | 157 | if app is not None: 158 | self.app = app 159 | self.init_app(app) 160 | else: 161 | self.app = None 162 | 163 | def init_app(self, app): 164 | """Initialize application in Flask-RBAC. 165 | Adds (RBAC, app) to flask extensions. 166 | Adds hook to authenticate permission before request. 167 | 168 | :param app: Flask object 169 | """ 170 | 171 | app.config.setdefault('RBAC_USE_WHITE', False) 172 | self.use_white = app.config['RBAC_USE_WHITE'] 173 | 174 | if not hasattr(app, 'extensions'): 175 | app.extensions = {} 176 | app.extensions['rbac'] = _RBACState(self, app) 177 | 178 | self.acl.allow(anonymous, 'GET', 'static') 179 | app.before_first_request(self._setup_acl) 180 | 181 | app.before_request(self._authenticate) 182 | 183 | def as_role_model(self, model_cls): 184 | """A decorator to set custom model or role. 185 | 186 | :param model_cls: Model of role. 187 | """ 188 | self._role_model = model_cls 189 | return model_cls 190 | 191 | def as_user_model(self, model_cls): 192 | """A decorator to set custom model or user. 193 | 194 | :param model_cls: Model of user. 195 | """ 196 | self._user_model = model_cls 197 | return model_cls 198 | 199 | def set_role_model(self, model): 200 | """Set custom model of role. 201 | 202 | :param model: Model of role. 203 | """ 204 | self._role_model = model 205 | 206 | def set_user_model(self, model): 207 | """Set custom model of User 208 | 209 | :param model: Model of user 210 | """ 211 | self._user_model = model 212 | 213 | def set_user_loader(self, loader): 214 | """Set user loader, which is used to load current user. 215 | An example:: 216 | 217 | from flask_login import current_user 218 | rbac.set_user_loader(lambda: current_user) 219 | 220 | :param loader: Current user function. 221 | """ 222 | self._user_loader = loader 223 | 224 | def set_hook(self, hook): 225 | """Set hook which called when permission is denied 226 | If you haven't set any hook, Flask-RBAC will call:: 227 | 228 | abort(403) 229 | 230 | :param hook: Hook function 231 | """ 232 | self.permission_failed_hook = hook 233 | 234 | def has_permission(self, method, endpoint, user=None): 235 | """Return does the current user can access the resource. 236 | Example:: 237 | 238 | @app.route('/some_url', methods=['GET', 'POST']) 239 | @rbac.allow(['anonymous'], ['GET']) 240 | def a_view_func(): 241 | return Response('Blah Blah...') 242 | 243 | If you are not logged. 244 | 245 | `rbac.has_permission('GET', 'a_view_func')` return True. 246 | `rbac.has_permission('POST', 'a_view_func')` return False. 247 | 248 | :param method: The method wait to check. 249 | :param endpoint: The application endpoint. 250 | :param user: user who you need to check. Current user by default. 251 | """ 252 | app = self.get_app() 253 | _user = user or self._user_loader() 254 | if not hasattr(_user, 'get_roles'): 255 | roles = [anonymous] 256 | else: 257 | roles = _user.get_roles() 258 | return self._check_permission(roles, method, endpoint) 259 | 260 | def allow(self, roles, methods, with_children=True, endpoint=None): 261 | """This is a decorator function. 262 | 263 | You can allow roles to access the view func with it. 264 | 265 | An example:: 266 | 267 | @app.route('/website/setting', methods=['GET', 'POST']) 268 | @rbac.allow(['administrator', 'super_user'], ['GET', 'POST']) 269 | def website_setting(): 270 | return Response('Setting page.') 271 | 272 | :param roles: List, each name of roles. Please note that, 273 | `anonymous` is refered to anonymous. 274 | If you add `anonymous` to the rule, 275 | everyone can access the resource, 276 | unless you deny other roles. 277 | :param methods: List, each name of methods. 278 | methods is valid in ['GET', 'POST', 'PUT', 'DELETE'] 279 | :param with_children: Whether allow children of roles as well. 280 | True by default. 281 | """ 282 | def decorator(view_func): 283 | _methods = [m.upper() for m in methods] 284 | resource = [endpoint or view_func.__name__] 285 | for r, m, v in itertools.product(roles, _methods, resource): 286 | self.before_acl['allow'].append((r, m, v, with_children)) 287 | return view_func 288 | return decorator 289 | 290 | def deny(self, roles, methods, with_children=False, endpoint=None): 291 | """This is a decorator function. 292 | 293 | You can deny roles to access the view func with it. 294 | 295 | An example:: 296 | 297 | @app.route('/article/post', methods=['GET', 'POST']) 298 | @rbac.deny(['anonymous', 'unactivated_role'], ['GET', 'POST']) 299 | def article_post(): 300 | return Response('post page.') 301 | 302 | :param roles: List, each name of roles. 303 | :param methods: List, each name of methods. 304 | methods is valid in ['GET', 'POST', 'PUT', 'DELETE'] 305 | :param with_children: Whether allow children of roles as well. 306 | True by default. 307 | """ 308 | def decorator(view_func): 309 | _methods = [m.upper() for m in methods] 310 | resource = [endpoint or view_func.__name__] 311 | for r, m, v in itertools.product(roles, _methods, resource): 312 | self.before_acl['deny'].append((r, m, v, with_children)) 313 | return view_func 314 | return decorator 315 | 316 | def exempt(self, view_func): 317 | """Exempt a view function from being checked permission. 318 | It is useful when you are using white list checking. 319 | 320 | Example:: 321 | 322 | @app.route('/everyone/can/access') 323 | @rbac.exempt 324 | def everyone_can_access(): 325 | return 'Hello~' 326 | 327 | :param view_func: The view function going to be exempted. 328 | """ 329 | self.acl.exempt(view_func.__name__) 330 | return view_func 331 | 332 | def get_app(self, reference_app=None): 333 | """Helper method that implements the logic to look up an application. 334 | """ 335 | if reference_app is not None: 336 | return reference_app 337 | if self.app is not None: 338 | return self.app 339 | ctx = connection_stack.top 340 | if ctx is not None: 341 | return ctx.app 342 | raise RuntimeError('application not registered on rbac ' 343 | 'instance and no application bound ' 344 | 'to current context') 345 | 346 | def _authenticate(self): 347 | app = self.get_app() 348 | assert app, "Please initialize your application into Flask-RBAC." 349 | assert self._role_model, "Please set role model before authenticate." 350 | assert self._user_model, "Please set user model before authenticate." 351 | assert self._user_loader, "Please set user loader before authenticate." 352 | 353 | current_user = self._user_loader() 354 | 355 | # Compatible with flask-login anonymous user 356 | if hasattr(current_user, '_get_current_object'): 357 | current_user = current_user._get_current_object() 358 | 359 | if (current_user is not None 360 | and not isinstance(current_user, 361 | (self._user_model, anonymous_model))): 362 | raise TypeError( 363 | "%s is not an instance of %s" % 364 | (current_user, self._user_model.__class__)) 365 | 366 | resource = request.endpoint 367 | if not resource: 368 | abort(404) 369 | 370 | method = request.method 371 | 372 | if not hasattr(current_user, 'get_roles'): 373 | roles = [anonymous] 374 | else: 375 | roles = current_user.get_roles() 376 | 377 | permit = self._check_permission(roles, method, resource) 378 | 379 | if not permit: 380 | return self._deny_hook() 381 | 382 | def _check_permission(self, roles, method, resource): 383 | 384 | if self.acl.is_exempt(resource): 385 | return True 386 | 387 | _roles = set() 388 | _methods = set(['*', method]) 389 | _resources = set([None, resource]) 390 | 391 | if self.use_white: 392 | _roles.add(anonymous) 393 | 394 | is_allowed = None 395 | _roles.update(roles) 396 | 397 | if not self.acl.seted: 398 | self._setup_acl() 399 | 400 | for r, m, res in itertools.product(_roles, _methods, _resources): 401 | if not r or self.acl.is_denied(r.get_name(), m, res): 402 | return False 403 | 404 | if not is_allowed and self.acl.is_allowed(r.get_name(), m, res): 405 | is_allowed = True 406 | break 407 | 408 | if self.use_white: 409 | permit = (is_allowed is True) 410 | else: 411 | permit = (is_allowed is not False) 412 | 413 | return permit 414 | 415 | def _deny_hook(self): 416 | if self.permission_failed_hook: 417 | return self.permission_failed_hook() 418 | else: 419 | abort(403) 420 | 421 | def _setup_acl(self): 422 | for rn, method, resource, with_children in self.before_acl['allow']: 423 | if rn == 'anonymous': 424 | role = anonymous 425 | else: 426 | role = self._role_model.get_by_name(rn) 427 | if not role: 428 | continue 429 | self.acl.allow(role, method, resource, with_children) 430 | 431 | if not self.use_white: 432 | to_deny_map = defaultdict(list) 433 | all_roles = {x.get_name() if not isinstance(x, str) 434 | else x for x in self._role_model.get_all()} 435 | 436 | for role, method, resource, in self.acl._allowed: 437 | to_deny_map[(resource, role, False)].append(method) 438 | for k, methods in to_deny_map.items(): 439 | view, role, with_children, = k 440 | for r, m in itertools.product(all_roles - {role}, methods): 441 | rule = (r, m, view) 442 | if rule not in self.acl._allowed: 443 | self.before_acl['deny'].append(rule + (False,)) 444 | 445 | for rn, method, resource, with_children in self.before_acl['deny']: 446 | role = self._role_model.get_by_name(rn) 447 | if not role: 448 | continue 449 | self.acl.deny(role, method, resource, with_children) 450 | self.acl.seted = True 451 | --------------------------------------------------------------------------------