Rule registry

API

The rule registry is in charge of keeping and executing security rules.

It is the core of this app, everything else is optionnal.

This module provides a variable, registry, which is just a module-level, default RuleRegistry instance.

A rule can be a callback or a variable that will be evaluated as bool.

class rules_light.registry.RuleRegistry[source]

Dict subclass to manage rules.

logger
The standard logging logger instance to use.
as_text(user, name, *args, **kwargs)[source]

Format a rule to be human readable for logging

require(user, name, *args, **kwargs)[source]

Run a rule, raise rules_light.Denied if returned False.

Log denials with warn-level.

run(user, name, *args, **kwargs)[source]

Run a rule, return True if whatever it returns evaluates to True.

Also logs calls with the info-level.

rules_light.registry.require(user, name, *args, **kwargs)[source]

Proxy rules_light.registry.require().

rules_light.registry.run(user, name, *args, **kwargs)[source]

Proxy rules_light.registry.run().

rules_light.registry.autodiscover()[source]

Check all apps in INSTALLED_APPS for stuff related to rules_light.

For each app, autodiscover imports app.rules_light_registry if available, resulting in execution of rules_light.registry[...] = ... statements in that module, filling registry.

Consider a standard app called ‘cities_light’ with such a structure:

cities_light/
    __init__.py
    models.py
    urls.py
    views.py
    rules_light_registry.py

With such a rules_light_registry.py:

import rules_light

rules_light.register('cities_light.city.read', True)
rules_light.register('cities_light.city.update',
    lambda user, rulename, country: user.is_staff)

When autodiscover() imports cities_light.rules_light_registry, both ‘cities_light.city.read’ and ‘cities_light.city.update’ will be registered.

Examples

import rules_light

rules_light.registry['auth.user.read'] = True
rules_light.registry['auth.user.update'] = lambda user, *args: user.is_staff

Even django-rules-light’s view uses a permission, it is registered in rules_light/rules_light_registry.py and thus is picked up by rules_light.autodiscover():

from __future__ import unicode_literals

import rules_light


rules_light.registry['rules_light.rule.read'] = rules_light.is_staff

Of course, you could use any callable instead of the lambda function.