Flask Principal

1. Role-Based Access Control:

from flask_principal import RoleNeed, UserNeed, Permission

# Define roles and permissions
roles = {
    'admin': Permission(RoleNeed('admin')),
    'user': Permission(RoleNeed('user'))
}

# Protect views
@app.route('/admin')
@permission_required(roles['admin'])
def admin_view():
    pass

@app.route('/user')
@permission_required(roles['user'])
def user_view():
    pass

2. Identity Loading:

from flask_principal import IdentityLoader

# Custom identity loader function
def load_identity():
    # Retrieve user from the database
    user = User.query.get(session.get('user_id'))
    return user

# Register identity loader
app.identity_loader(load_identity)

3. Permission Checking:

from flask_principal import Permission

# Define permission
permission = Permission(UserNeed(1))

# Check if the current user has the permission
if not permission.can():
    abort(401)

4. Identity Providers:

from flask_principal import identity_loaded

# Register identity provider
@app.before_request
@identity_loaded.connect
def load_user():
    # Retrieve user from the request
    user = request.headers.get('X-User')
    # Update identity
    identity_changed.send(app, identity=user)

5. Contextual Permissions:

from flask_principal import Permission, PermissionDenied

# Define contextual permission
permission = Permission(UserNeed(1), context=request.path)

# Check if the current user has the permission
try:
    permission.test()
except PermissionDenied:
    abort(401)

6. Overriding Permissions:

from flask_principal import Permission, PermissionOverride

# Define permission override
override = PermissionOverride(UserNeed(2), RoleNeed('admin'))

# Check if the current user has the permission
override.test()

7. Custom Roles:

from flask_principal import RoleNeed

# Create a custom role
class MyRole(RoleNeed):
    def __init__(self, name):
        super().__init__(name)

# Assign role to user
user.roles.append(MyRole('admin'))

8. Conditional Permissions:

from flask_principal import Permission, PermissionCondition

# Define conditional permission
permission = Permission(UserNeed(1), condition=lambda: request.method == 'GET')

# Check if the current user has the permission
permission.can()

9. Multiple Permissions:

from flask_principal import Permission, permission_required

# Define permissions
permissions = [
    Permission(RoleNeed('admin')),
    Permission(RoleNeed('user'))
]

# Protect view
@app.route('/view')
@permission_required(*permissions)
def view():
    pass

10. Hierarchy of Roles:

from flask_principal import RoleHierarchy

# Define role hierarchy
role_hierarchy = RoleHierarchy({
    'admin': ['user'],
    'moderator': ['user']
})

# Check if the current user has the permission
user.can(RoleNeed('moderator'))

11. Role Resolution:

from flask_principal import role_resolver

# Custom role resolver function
def resolve_roles(identity):
    # Retrieve roles from database
    roles = User.query.get(identity).roles
    # Return list of roles
    return roles

# Register role resolver
app.role_resolver(resolve_roles)

12. Permission Factory:

from flask_principal import Permission, PermissionFactory

# Create permission factory
permission_factory = PermissionFactory(RoleHierarchy())

# Create permission
permission = permission_factory.create_permission(RoleNeed('user'))

# Check if the current user has the permission
permission.can()

13. Identity Provider Token:

from flask_principal import identity_loaded

# Retrieve identity token from request
def load_identity_token():
    return request.headers.get('X-Identity-Token')

# Register identity provider
@app.before_request
@identity_loaded.connect
def load_user_from_token(identity):
    # Validate identity token
    user = validate_identity_token(identity)
    # Update identity
    identity_changed.send(app, identity=user)

14. Permissions For Endpoints:

from flask_principal import Permission, PermissionManager

# Define permissions
permissions = {
    '/admin': Permission(RoleNeed('admin')),
    '/user': Permission(RoleNeed('user'))
}

# Create permission manager
permission_manager = PermissionManager()
permission_manager.init_app(app, permissions)

# Check if the current user has the permission
if not permission_manager.has_permission('/admin'):
    abort(401)

15. Identity Object:

from flask_principal import Identity

# Create identity object
identity = Identity('John Doe')

# Assign identity to the current request
g.identity = identity

16. Custom Identity Loader:

from flask_principal import identity_loaded

# Register custom identity loader function
@identity_loaded.connect
def load_user_from_session():
    # Retrieve user from the session
    user = session['user']
    # Update identity
    identity_changed.send(app, identity=user)

17. Role Providers:

from flask_principal import RoleProvider

# Create role provider
class MyRoleProvider(RoleProvider):
    def provide_roles(self, identity):
        # Retrieve roles from database
        roles = User.query.get(identity).roles
        # Return list of roles
        return roles

# Register role provider
app.role_provider(MyRoleProvider())

18. Scopes:

from flask_principal import Permission, Scope

# Define scope
scope = Scope('admin')

# Create permission with scope
permission = Permission(UserNeed(1), scope=scope)

# Check if the current user has the permission with the scope
permission.can(scope=scope)

19. Custom Permission Factory:

from flask_principal import PermissionFactory

# Create custom permission factory
class MyPermissionFactory(PermissionFactory):
    def create_permission(self, need, scope=None):
        # Create custom permission
        permission = MyPermission(need, scope)
        # Return permission
        return permission

# Register custom permission factory
app.permission_factory(MyPermissionFactory())

20. Context Managers:

from flask_principal import with_user

# Create context manager
with with_user('John Doe'):
    # The current user is now 'John Doe'
    pass

21. Permission Negation:

from flask_principal import Permission, NotPermission

# Create permission
permission = Permission(UserNeed(1))

# Create negated permission
negated_permission = NotPermission(permission)

# Check if the current user does not have the permission
negated_permission.can()

22. Permission Groups:

from flask_principal import PermissionGroup

# Create permission group
permission_group = PermissionGroup([
    Permission(RoleNeed('admin')),
    Permission(RoleNeed('user'))
])

# Check if the current user has any of the permissions in the group
permission_group.can()

23. In-Memory Identity Loader:

from flask_principal import Identity, InMemoryIdentityLoader

# Create identity loader
identity_loader = InMemoryIdentityLoader()

# Add identities to the loader
identity_loader.add_identity('John Doe')
identity_loader.add_identity('Jane Doe')

# Register identity loader
app.identity_loader(identity_loader)

24. Identity Hashing:

from flask_principal import Identity, identity_changed

# Define hash function
def hash_identity(identity):
    # Return hashed identity
    return str(hash(identity))

# Register identity hasher
app.config['PRINCIPAL_IDENTITY_HASHER'] = hash_identity

# Update identity on hash change
@identity_changed.connect
def update_identity_hash(app, identity):
    # Update identity hash in the session
    session['identity_hash'] = hash_identity(identity)

25. Permission Aliases:

from flask_principal import Permission

# Create permission aliases
permissions = {
    'admin': Permission(RoleNeed('admin')),
    'user': Permission(RoleNeed('user'))
}

# Alias permissions
permission_manager = PermissionManager()
permission_manager.register_permissions(app, permissions, aliases={
    'can_admin': 'admin',
    'can_user': 'user'
})

# Check if the current user has the aliased permission
if permission_manager.has_permission('can_admin'):
    pass

26. Plugin Registration:

from flask_principal import Principal, identity_loaded

# Register Flask-Principal plugin
principal = Principal(app)

# Register identity provider
@identity_loaded.connect_via(app)
def load_user_from_database(sender, identity):
    # Retrieve user from database
    user = User.query.get(identity)
    # Update identity
    identity_changed.send(app, identity=user)

27. Accessing Identity in Templates:

from flask_principal import current_identity

# Access identity in a Jinja template
{{ current_identity.name }}

28. Identity and Role Helpers:

from flask_principal import identity_loaded, role_need

# Register identity and role helpers
@identity_loaded.connect_via(app)
def load_user_and_roles(sender, identity):
    # Retrieve user and roles from database
    user = User.query.get(identity)
    roles = user.roles
    # Update identity and roles
    identity_changed.send(app, identity=user, roles=roles)

# Check if the current user has the specified role
user.can(role_need('admin'))

29. Role-Based Middleware:

from flask_principal import FlaskPrincipal, RoleNeed

# Create middleware
class RoleMiddleware(FlaskPrincipal):
    def __init__(self, app, **config):
        # Customize configuration
        config.setdefault('ROLE_NEED_CLASS', RoleNeed)
        super().__init__(app, **config)

# Register middleware
app.wsgi_app = RoleMiddleware(app)

30. Scoped Permissions:

from flask_principal import scoped_permission

# Define scoped permission
permission = scoped_permission(UserNeed(1), 'profile')

# Check if the current user has the scoped permission
permission.can(scope='profile')

31. Multi-Tenancy with Identity Providers:

from flask_principal import identity_loaded

# Register identity provider for each tenant
@identity_loaded.connect_via(app)
def load_user_from_tenant(sender, identity):
    tenant_id = request.headers.get('X-Tenant-ID')
    # Retrieve user from database based on tenant ID
    user = User.query.filter_by(tenant_id=tenant_id, identity=identity).first()
    # Update identity
    identity_changed.send(app, identity=user)

32. Role-Based View Decorators:

from flask_principal import Permission, permission_required

# Define permission
permission = Permission(RoleNeed('admin'))

# Create view decorator
def admin_required(view_func):
    @permission_required(permission)
    def decorated_view(*args, **kwargs):
        return view_func(*args, **kwargs)
    return decorated_view

33. Identity Change Listeners:

from flask_principal import identity_changed

# Register identity change listener
@identity_changed.connect_via(app)
def log_identity_change(sender, identity):
    # Log identity change information
    print(f'Identity changed: {identity}')

34. Identity and Role Transformers:

from flask_principal import IdentityTransformer, RoleTransformer

# Define identity transformer
class MyIdentityTransformer(IdentityTransformer):
    def transform(self, identity):
        # Transform identity
        return identity.name

# Define role transformer
class MyRoleTransformer(RoleTransformer):
    def transform(self, role):
        # Transform role
        return role.name

# Register transformers
app.identity_transformer(MyIdentityTransformer())
app.role_transformer(MyRoleTransformer())

35. Role Hierarchy with Permissions:

from flask_principal import RoleHierarchy, Permission

# Define role hierarchy
role_hierarchy = RoleHierarchy({
    'admin': ['user'],
    'moderator': ['user']
})

# Create permissions
permissions = {
    '/admin': Permission(RoleNeed('admin')),
    '/user': Permission(RoleNeed('user'))
}

# Check if the current user has the permission
permission_manager = PermissionManager()
permission_manager.init_app(app, permissions, role_hierarchy=role_hierarchy)
if permission_manager.has_permission('/admin'):
    pass

36. Contextually Scoped Permissions:

from flask_principal import Permission, permission_required

# Define permission
permission = Permission(UserNeed(1), context=request.endpoint)

# Protect view
@app.route('/user')
@permission_required(permission)
def user_view():
    pass

PreviousFlask RESTful reqparse NextFlask RESTful