Security Interface API

Interfaces

class security_interface.AuthorizationPolicyInterface

Bases: object

can(identity, permission)

You need to implement checking permission.

Returns:True if the identity is allowed the permission, else return False.
class security_interface.IdentityPolicyInterface

Bases: object

identify(identity)

You need return the checked claimed identity or None if check is fail.

Parameters:identity – Claim
Returns:Checked identity or None if check is failed.

Main API

class security_interface.api.Security(identity_policy: security_interface.IdentityPolicyInterface, autz_policy: security_interface.AuthorizationPolicyInterface)

Bases: object

can(identity, permission) → bool

Check user permissions.

Returns:True if the identity is allowed the permission, else return False.
check_authorized(identity)

Works like Security.identity(), but when check is failed UnauthorizedError() exception is raised.

Parameters:identity – Claim
Returns:Checked claim or return None
Raise:UnauthorizedError()
check_permission(identity, permission)

Works like Security.can(), but when check is failed ForbiddenError() exception is raised.

Parameters:
  • identity – Claim
  • permission – Permission
Returns:

Checked claim
Raise:

ForbiddenError()
identify(identity)

Return the claimed identity or None if check is failed.

Parameters:identity – Claim
Returns:Checked identity or None if check is failed.
is_anonymous(identity) → bool
Parameters:identity – Claim
Returns:True if user anonymous otherwise False

Exceptions

exception security_interface.exceptions.ForbiddenError

Bases: Exception

exception security_interface.exceptions.UnauthorizedError

Bases: Exception