python3-drf-access-policy-1.3.0-1.lbn36.noarch

Django REST - Access Policy

This project brings a declaritive, organized approach to managing access control in Django REST Framework projects. Each ViewSet or function-based view can be assigned an explicit policy for the exposed resource(s). No more digging through views or seralizers to understand access logic

it's all in one place in a format that less technical stakeholders can understand. If you're familiar with other declaritive access models, such as AWS' IAM, the syntax will be familiar. In short, you can start expressing your access rules like this: class ArticleAccessPolicy(AccessPolicy): statements = [ { "action": ["list", "retrieve"], "principal": "*", "effect": "allow" }, { "action": ["publish", "unpublish"], "principal": ["group:editor"], "effect": "allow" } ]

This project has complete test coverage and the base AccessPolicy class is only ~150 lines of co