Metadata-Version: 2.4
Name: django-rules-light
Version: 0.4.0
Summary: Rule registry for django
Author-email: James Pic <jamespic@gmail.com>
License-Expression: MIT
Project-URL: Homepage, https://github.com/yourlabs/django-rules-light
Project-URL: Documentation, https://django-rules-light.readthedocs.io/
Keywords: django,security,rules,acl,rbac
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Framework :: Django
Classifier: Framework :: Django :: 4.2
Classifier: Framework :: Django :: 5.1
Classifier: Framework :: Django :: 5.2
Classifier: Framework :: Django :: 6.0
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/x-rst
License-File: AUTHORS
Requires-Dist: Django>=4.2
Requires-Dist: django-classy-tags
Dynamic: license-file

.. image:: https://img.shields.io/pypi/v/django-rules-light.svg
    :target: https://pypi.org/project/django-rules-light/
.. image:: https://img.shields.io/github/actions/workflow/status/yourlabs/django-rules-light/ci.yml?branch=master
    :target: https://github.com/yourlabs/django-rules-light/actions

This is a simple alternative to django-rules. Its core difference is that
it does not rely on models. Instead, it uses a registry which can be
modified at runtime.

One of its goals is to enable developers of external apps to make rules,
depend on it, while allowing a project to override rules.

Example ``your_app/rules_light_registry.py``:

.. code-block:: python

    # Everybody can read a blog post (for now!):
    rules_light.registry['blog.post.read'] = True

    # Require authentication to create a blog post, using a shortcut:
    rules_light.registry['blog.post.create'] = rules_light.is_authenticated

    # But others shouldn't mess with my posts !
    def is_staff_or_mine(user, rule, obj):
        return user.is_staff or obj.author == user

    rules_light.registry['blog.post.update'] = is_staff_or_mine
    rules_light.registry['blog.post.delete'] = is_staff_or_mine

Example ``your_app/views.py``:

.. code-block:: python

    @rules_light.class_decorator
    class PostDetailView(generic.DetailView):
        model = Post

    @rules_light.class_decorator
    class PostCreateView(generic.CreateView):
        model = Post

    @rules_light.class_decorator
    class PostUpdateView(generic.UpdateView):
        model = Post

    @rules_light.class_decorator
    class PostDeleteView(generic.DeleteView):
        model = Post

You might want to read the `tutorial
<https://django-rules-light.readthedocs.org/en/latest/tutorial.html>`_ for
more.

What's the catch ?
------------------

The catch is that this approach does not offer any feature to get secure
querysets.

This means you have to:

- think about security when making querysets,
- `override
  <http://blog.yourlabs.org/post/19777151073/how-to-override-a-view-from-an-external-django-app>`_
  eventual external app ListViews,

Requirements
------------

- Python 3.10+
- Django 4.2+

Quick Install
-------------

- Install module: ``pip install django-rules-light``,
- Add to ``settings.INSTALLED_APPS``: ``rules_light``,
- Add in ``settings.MIDDLEWARE``: ``rules_light.middleware.Middleware``,


You might want to read the `tutorial
<https://django-rules-light.readthedocs.org/en/latest/tutorial.html>`_.

There is also a lot of documentation, from the core to the tools, including
pointers to debug, log and test your security.

Contributing
------------

Run tests with the `tox
<https://pypi.python.org/pypi/tox>`_ command. Documented patches passing all
tests have a better chance to get merged in. See the `contributing guidelines
<https://github.com/yourlabs/django-rules-light/blob/master/CONTRIBUTING.rst>`_ for details.

Resources
---------

To ask questions or just get informed about package updates, you could
subscribe to the mailing list.

- `Mailing list graciously hosted
  <http://groups.google.com/group/yourlabs>`_ by `Google
  <http://groups.google.com>`_
- `Git graciously hosted
  <https://github.com/yourlabs/django-rules-light/>`_ by `GitHub
  <http://github.com>`_,
- `Documentation graciously hosted
  <http://django-rules-light.rtfd.org>`_ by `RTFD
  <http://rtfd.org>`_,
- `Package graciously hosted
  <http://pypi.python.org/pypi/django-rules-light/>`_ by `PyPi
  <http://pypi.python.org/pypi>`_,
- `Continuous integration graciously hosted
  <https://github.com/yourlabs/django-rules-light/actions>`_ by `GitHub Actions
  <https://github.com/features/actions>`_
