django-failclose

Release

Application that makes Django a failclose system

Homepage PyPI Python

License
Other
Install
pip install django-failclose

Documentation

Overview

django-failclose aims to provide the option to make Django a failclose system. That means that instead of giving free access to every view by default and then restricting it on a case by case basis, access to all views will be blocked by default and permissions are given on a case by case basis.

Installation

pip install django-failclose

Setup

  1. Add failclose to INSTALLED_APPS

  2. Add failclose.middlewares.FailCloseMiddlewares to your MIDDLEWARE_CLASSES setting

  3. If you want to redirect to a certain page instead of returning a HTTP 403, set the FORBIDDEN_URL setting

  4. To define a global permissions table, create a Python module with a RULES dictionary. Put the import path to that module in the PERMISSIONS_MODULE setting.

  5. Because the project name can be a key in the RULES dictionary, it needs to be easily accessible to django-failclose for checking. For that you can set PROJECT_NAME in your settings.py like this:

    PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__))
PROJECT_NAME = os.path.basename(PROJECT_ROOT)

    provided that your settings module is in your project's root. If PROJECT_NAME is not set, django-failclose will try to extract the project name from your ROOT_URLCONF.

Usage

Since by default all views are blocked, they need to be marked as safe. There are two ways to do that:

  1. Using the safe decorator on the view.
  2. Including the view in the permissions module's RULES dictionary. In the dict, keys are app names (or the project name in case of global views) and values are lists of views. The views in the lists are whitelisted and, in the case of empty lists, all the views of that app are whitelisted.

A permissions file will look like this:

RULES = {
    'app_name': ['view1', 'view2'],
    'app_name2': [], # all views are whitelisted
    'project_name': ['view1', 'view2'], # global views
}

TODO

#. Extend the system at the database level. By default, users shouldn't be able to access any objects. Permissions should be granted to users and groups on a per-instance or per-class level. #. Provide functionality that does login attempts throttling

Stats

Dependent repositories
0
Total releases
0
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
117 KB
SourceRank
5

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Contributors

Lucian Ursu


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-14 08:33:28 UTC

Login to resync this project