django-oso API Reference¶
- class django_oso.middleware.ReloadPolicyMiddleware(get_response)¶
Reloads all oso policies on every request when in DEBUG mode
- class django_oso.middleware.RequireAuthorization(get_response)¶
authorizewas called during the request.
oso.OsoError – If
authorizewas not called during request processing.
This check is performed at the end of request processing before returning a response. If any database modifications are committed during the request, but it was not authorized, an OsoError will be raised, but the database modifications will not be rolled back.
- class django_oso.middleware.RouteAuthorization(get_response)¶
Perform route authorization on every request.
A call to
authorize()will be made before view functions are called with the parameters
actor=request.user, action=request.method, resource=request.
Rules in oso policies can be written over requests using the
allow(actor, action, resource: HttpRequest) if # Access request properties to perform authorization request.path = "/";
If the view returns a 4**, or 5** HTTP status, this will be returned to the end user even if authorization was not performed.
Authorize view for
All three parameters must be constant for this decorator to be used. If actor or action are omitted, the defaults from
django_oso.auth.authorize(). are used.
Authorize the view function, using the request as the resource.
This performs route authorization, similarly to
RouteAuthorization, but on a single view.
View-decorator that marks a view as not requiring authorization.
Use in combination with
django_oso.middleware.RequireAuthorization(). Some views will not require authorization. This decorator marks those views so that the middleware can skip the check.