Mirror
/
python-keycloak
mirror of https://github.com/marcospereirampj/python-keycloak.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 Commits
15 Branches
98 Tags
17 MiB
Tree: bae47f0761
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bae47f0761'
${ noResults }
python-keycloak/keycloak/authorization/policy.py

107 lines
3.2 KiB
Raw Normal View History

Added authorization services.
7 years ago
Fixed imports.
7 years ago
Added authorization services.
7 years ago
Added policies, permissions, roles, scopes and resources.
7 years ago
Added authorization services.
7 years ago
Added policies, permissions, roles, scopes and resources.
7 years ago
Added authorization services.
7 years ago
Added policies, permissions, roles, scopes and resources.
7 years ago
Added authorization services.
7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. from ..exceptions import KeycloakAuthorizationConfigError
  21. class Policy:
  22. """
  23. A policy defines the conditions that must be satisfied to grant access to an object.
  24. Unlike permissions, you do not specify the object being protected but rather the conditions
  25. that must be satisfied for access to a given object (for example, resource, scope, or both).
  26. Policies are strongly related to the different access control mechanisms (ACMs) that you can use to
  27. protect your resources. With policies, you can implement strategies for attribute-based access control
  28. (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.
  30. https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html
  32. """
  34. def __init__(self, name, type, logic, decision_strategy):
  35. self._name = name
  36. self._type = type
  37. self._logic = logic
  38. self._decision_strategy = decision_strategy
  39. self._roles = []
  40. self._permissions = []
  42. def __repr__(self):
  43. return "<Policy: %s (%s)>" % (self.name, self.type)
  45. def __str__(self):
  46. return "Policy: %s (%s)" % (self.name, self.type)
  48. @property
  49. def name(self):
  50. return self._name
  52. @name.setter
  53. def name(self, value):
  54. self._name = value
  56. @property
  57. def type(self):
  58. return self._type
  60. @type.setter
  61. def type(self, value):
  62. self._type = value
  64. @property
  65. def logic(self):
  66. return self._logic
  68. @logic.setter
  69. def logic(self, value):
  70. self._logic = value
  72. @property
  73. def decision_strategy(self):
  74. return self._decision_strategy
  76. @decision_strategy.setter
  77. def decision_strategy(self, value):
  78. self._decision_strategy = value
  80. @property
  81. def roles(self):
  82. return self._roles
  84. @property
  85. def permissions(self):
  86. return self._permissions
  88. def add_role(self, role):
  89. """
  90. Add keycloak role in policy.
  92. :param role: keycloak role.
  93. :return:
  94. """
  95. if self.type != 'role':
  96. raise KeycloakAuthorizationConfigError(
  97. "Can't add role. Policy type is different of role")
  98. self._roles.append(role)
  100. def add_permission(self, permission):
  101. """
  102. Add keycloak permission in policy.
  104. :param permission: keycloak permission.
  105. :return:
  106. """
  107. self._permissions.append(permission)