Add Casbin middleware.

Author: hsluoyz

casbin_middleware/__init__.py

@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (g(r.sub, p.sub) || p.sub == "*") && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")

casbin_middleware/authz_model.conf

@@ -0,0 +1,3 @@
+p, anonymous, /, GET
+p, admin, *, *
+g, alice, admin

casbin_middleware/authz_policy.csv

@@ -0,0 +1,53 @@
+# Copyright 2019 The Casbin Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import casbin
+
+from django.core.exceptions import PermissionDenied
+
+
+class CasbinMiddleware:
+    """
+    Casbin middleware.
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+        self.enforcer = casbin.Enforcer("casbin_middleware/authz_model.conf", "casbin_middleware/authz_policy.csv")
+        # One-time configuration and initialization.
+
+    def __call__(self, request):
+        # Code to be executed for each request before
+        # the view (and later middleware) are called.
+
+        if not self.check_permission(request):
+            raise PermissionDenied
+
+        response = self.get_response(request)
+
+        # Code to be executed for each request/response after
+        # the view is called.
+
+        return response
+
+    def check_permission(self, request):
+        user = request.user.username
+        if request.user.is_anonymous:
+            user = 'anonymous'
+        path = request.path
+        method = request.method
+        return self.enforcer.enforce(user, path, method)
+
+    def require_permission(self,):
+        raise PermissionDenied

casbin_middleware/middleware.py

@@ -47,6 +47,7 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'casbin_middleware.middleware.CasbinMiddleware',
 ]
 
 ROOT_URLCONF = 'django_example.urls'