Awesome

Mara ACL

Default ACL implementation for mara with the following design choices:

• Authentication of users is handled externally, e.g. through a OAuth2 Proxy. An upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
• Each user is assigned a single role.
• Permissions are not based on urls, but on application-defined "resources". Thus, checking of permissions needs to be done in the application.

The ACL provides a single UI for both user and permission management. Users can be added / removed and their roles can be changed like this:

New roles are created by moving a user to a new role.

Permissions can be set for

• an individual user or a whole role,
• an individual resource, a group of resources or "All" resources.

Individual users inherit permissions from their role, and permissions on higher levels overwrite permissions on lower levels:

Each new user that is authenticated is automatically created with a default role in the acl:

This behavior can be switched off (so that only invited users can join). See config.py for details.

Please have a look at the mara example application for how to integrate this ACL implementation.

Links

• Documentation: https://mara-acl.readthedocs.io/
• Changes: https://mara-acl.readthedocs.io/en/stable/changes.html
• PyPI Releases: https://pypi.org/project/mara-acl/
• Source Code: https://github.com/mara/mara-acl
• Issue Tracker: https://github.com/mara/mara-acl/issues/