Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to protect Flask-RESTful with Flask-USER management?

Tags:

python

rest

authentication

roles

flask

I have a set of User roles laid out and protected on web page side with Flask-User. Now I want to allow them to make REST calls to my API which will be divided using @roles_required to filter requests. How to do REST login and pass token\credentials to Flask-USER for @roles_required to work?

like image 743
DuckQueen Avatar asked Jul 31 '17 15:07

DuckQueen

1 Answers

You must check the repository of Dillon Dixan, where he had proposed a very beautiful example, which can help you in achieving your query. Here is the sample code: 

from flask import Flask
from flask_basic_roles import BasicRoleAuth
app = Flask(__name__)
auth = BasicRoleAuth()

# Let's add some users.
auth.add_user(user='bob', password='secret123', roles='producer')
auth.add_user(user='alice', password='drowssap', roles=('producer','consumer'))
auth.add_user(user='bill', password='54321')
auth.add_user(user='steve', password='12345', roles='admin')

# Only producers and admins can post, while consumers can only get.
# Admins can also perform all other verbs.
@app.route("/task")
@auth.require(roles={
    'POST': 'producer',
    'GET': 'consumer',
    'DELETE,POST,PATCH,PUT,GET': 'admin'
})
def tasks_endpoint(methods=(...)):
    return "Here tasks get produced and consumed!"

# We can secure by user too. Steve can use any verb on this
# endpoint and everyone else is denied access.
@app.route("/task_status")
@auth.require(users='steve')
def task_status_endpoint(methods=(...)):
    return "Here are the task statuses!"

# Alice, Bill and users with an 'admin' role can access this, while everyone
# else is denied on all verbs.
@app.route("/task_failures")
@auth.require(users=('alice', 'bill'), roles='admin')
def task_failures(methods=(...)):
    return "Here are the task failures!"

# Everyone including unauthenticated users can view task results.
@app.route("/task_results")
def task_results(methods=(...)):
    return "Here are the task results!"

if __name__ == "__main__":
    app.run()

All you need to do is install the library flask_basic_roles using pip. Rest you can check in the example and certainly will help you.

In addition, you can also visit and see: https://github.com/raddevon/flask-permissions
Kindly read the flask permission from here : https://pythonhosted.org/Flask-Security/.

like image 124
Jaffer Wilson Avatar answered Sep 24 '22 00:09

Jaffer Wilson
Sign in to Comment

Related questions

Keras does not utilize 100% cpu
Python matplotlib ValueError for logit scale axis label
How can I optimize the calculation over this function in numpy?
TooManyRequests Overpass Error
PyYAML: load and dump yaml file and preserve tags ( !CustomTag )
use jupyter widgets to save clicks on a pandas dataframe
Panda's info() to HTML
Python Gensim how to make WMD similarity run faster with multiprocessing
OpenCV Python Error: error: (-215) (mtype == CV_8U || mtype == CV_8S) && _mask.sameSize(*psrc1) in function cv::binary_op
Python 2.7 and Pandas Boxplot connecting median values
Django: Update Page Information Without Refreshing
Show group on every record in groupby
Using the Django ORM, How can you create a unique hash for all possible combinations
url_for with _external=True on heroku doesn't append the server name on the URL
Why does the call method gets called at build time in Keras layers
Colorbar for each row in ImageGrid
Unit testing celery tasks directly
DeprecationWarning: Non-string object detected for the array ordering. Please pass in 'C', 'F', 'A', or 'K' instead
How to achieve TestNG like feature in Python Selenium or add multiple unit test in one test suite?
How to share the same instance for all methods of a pytest test class

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!