# Flask Principal *** **1. Role-Based Access Control:** ```python from flask_principal import RoleNeed, UserNeed, Permission # Define roles and permissions roles = { 'admin': Permission(RoleNeed('admin')), 'user': Permission(RoleNeed('user')) } # Protect views @app.route('/admin') @permission_required(roles['admin']) def admin_view(): pass @app.route('/user') @permission_required(roles['user']) def user_view(): pass ``` **2. Identity Loading:** ```python from flask_principal import IdentityLoader # Custom identity loader function def load_identity(): # Retrieve user from the database user = User.query.get(session.get('user_id')) return user # Register identity loader app.identity_loader(load_identity) ``` **3. Permission Checking:** ```python from flask_principal import Permission # Define permission permission = Permission(UserNeed(1)) # Check if the current user has the permission if not permission.can(): abort(401) ``` **4. Identity Providers:** ```python from flask_principal import identity_loaded # Register identity provider @app.before_request @identity_loaded.connect def load_user(): # Retrieve user from the request user = request.headers.get('X-User') # Update identity identity_changed.send(app, identity=user) ``` **5. Contextual Permissions:** ```python from flask_principal import Permission, PermissionDenied # Define contextual permission permission = Permission(UserNeed(1), context=request.path) # Check if the current user has the permission try: permission.test() except PermissionDenied: abort(401) ``` **6. Overriding Permissions:** ```python from flask_principal import Permission, PermissionOverride # Define permission override override = PermissionOverride(UserNeed(2), RoleNeed('admin')) # Check if the current user has the permission override.test() ``` **7. Custom Roles:** ```python from flask_principal import RoleNeed # Create a custom role class MyRole(RoleNeed): def __init__(self, name): super().__init__(name) # Assign role to user user.roles.append(MyRole('admin')) ``` **8. Conditional Permissions:** ```python from flask_principal import Permission, PermissionCondition # Define conditional permission permission = Permission(UserNeed(1), condition=lambda: request.method == 'GET') # Check if the current user has the permission permission.can() ``` **9. Multiple Permissions:** ```python from flask_principal import Permission, permission_required # Define permissions permissions = [ Permission(RoleNeed('admin')), Permission(RoleNeed('user')) ] # Protect view @app.route('/view') @permission_required(*permissions) def view(): pass ``` **10. Hierarchy of Roles:** ```python from flask_principal import RoleHierarchy # Define role hierarchy role_hierarchy = RoleHierarchy({ 'admin': ['user'], 'moderator': ['user'] }) # Check if the current user has the permission user.can(RoleNeed('moderator')) ``` **11. Role Resolution:** ```python from flask_principal import role_resolver # Custom role resolver function def resolve_roles(identity): # Retrieve roles from database roles = User.query.get(identity).roles # Return list of roles return roles # Register role resolver app.role_resolver(resolve_roles) ``` **12. Permission Factory:** ```python from flask_principal import Permission, PermissionFactory # Create permission factory permission_factory = PermissionFactory(RoleHierarchy()) # Create permission permission = permission_factory.create_permission(RoleNeed('user')) # Check if the current user has the permission permission.can() ``` **13. Identity Provider Token:** ```python from flask_principal import identity_loaded # Retrieve identity token from request def load_identity_token(): return request.headers.get('X-Identity-Token') # Register identity provider @app.before_request @identity_loaded.connect def load_user_from_token(identity): # Validate identity token user = validate_identity_token(identity) # Update identity identity_changed.send(app, identity=user) ``` **14. Permissions For Endpoints:** ```python from flask_principal import Permission, PermissionManager # Define permissions permissions = { '/admin': Permission(RoleNeed('admin')), '/user': Permission(RoleNeed('user')) } # Create permission manager permission_manager = PermissionManager() permission_manager.init_app(app, permissions) # Check if the current user has the permission if not permission_manager.has_permission('/admin'): abort(401) ``` **15. Identity Object:** ```python from flask_principal import Identity # Create identity object identity = Identity('John Doe') # Assign identity to the current request g.identity = identity ``` **16. Custom Identity Loader:** ```python from flask_principal import identity_loaded # Register custom identity loader function @identity_loaded.connect def load_user_from_session(): # Retrieve user from the session user = session['user'] # Update identity identity_changed.send(app, identity=user) ``` **17. Role Providers:** ```python from flask_principal import RoleProvider # Create role provider class MyRoleProvider(RoleProvider): def provide_roles(self, identity): # Retrieve roles from database roles = User.query.get(identity).roles # Return list of roles return roles # Register role provider app.role_provider(MyRoleProvider()) ``` **18. Scopes:** ```python from flask_principal import Permission, Scope # Define scope scope = Scope('admin') # Create permission with scope permission = Permission(UserNeed(1), scope=scope) # Check if the current user has the permission with the scope permission.can(scope=scope) ``` **19. Custom Permission Factory:** ```python from flask_principal import PermissionFactory # Create custom permission factory class MyPermissionFactory(PermissionFactory): def create_permission(self, need, scope=None): # Create custom permission permission = MyPermission(need, scope) # Return permission return permission # Register custom permission factory app.permission_factory(MyPermissionFactory()) ``` **20. Context Managers:** ```python from flask_principal import with_user # Create context manager with with_user('John Doe'): # The current user is now 'John Doe' pass ``` **21. Permission Negation:** ```python from flask_principal import Permission, NotPermission # Create permission permission = Permission(UserNeed(1)) # Create negated permission negated_permission = NotPermission(permission) # Check if the current user does not have the permission negated_permission.can() ``` **22. Permission Groups:** ```python from flask_principal import PermissionGroup # Create permission group permission_group = PermissionGroup([ Permission(RoleNeed('admin')), Permission(RoleNeed('user')) ]) # Check if the current user has any of the permissions in the group permission_group.can() ``` **23. In-Memory Identity Loader:** ```python from flask_principal import Identity, InMemoryIdentityLoader # Create identity loader identity_loader = InMemoryIdentityLoader() # Add identities to the loader identity_loader.add_identity('John Doe') identity_loader.add_identity('Jane Doe') # Register identity loader app.identity_loader(identity_loader) ``` **24. Identity Hashing:** ```python from flask_principal import Identity, identity_changed # Define hash function def hash_identity(identity): # Return hashed identity return str(hash(identity)) # Register identity hasher app.config['PRINCIPAL_IDENTITY_HASHER'] = hash_identity # Update identity on hash change @identity_changed.connect def update_identity_hash(app, identity): # Update identity hash in the session session['identity_hash'] = hash_identity(identity) ``` **25. Permission Aliases:** ```python from flask_principal import Permission # Create permission aliases permissions = { 'admin': Permission(RoleNeed('admin')), 'user': Permission(RoleNeed('user')) } # Alias permissions permission_manager = PermissionManager() permission_manager.register_permissions(app, permissions, aliases={ 'can_admin': 'admin', 'can_user': 'user' }) # Check if the current user has the aliased permission if permission_manager.has_permission('can_admin'): pass ``` **26. Plugin Registration:** ```python from flask_principal import Principal, identity_loaded # Register Flask-Principal plugin principal = Principal(app) # Register identity provider @identity_loaded.connect_via(app) def load_user_from_database(sender, identity): # Retrieve user from database user = User.query.get(identity) # Update identity identity_changed.send(app, identity=user) ``` **27. Accessing Identity in Templates:** ```python from flask_principal import current_identity # Access identity in a Jinja template {{ current_identity.name }} ``` **28. Identity and Role Helpers:** ```python from flask_principal import identity_loaded, role_need # Register identity and role helpers @identity_loaded.connect_via(app) def load_user_and_roles(sender, identity): # Retrieve user and roles from database user = User.query.get(identity) roles = user.roles # Update identity and roles identity_changed.send(app, identity=user, roles=roles) # Check if the current user has the specified role user.can(role_need('admin')) ``` **29. Role-Based Middleware:** ```python from flask_principal import FlaskPrincipal, RoleNeed # Create middleware class RoleMiddleware(FlaskPrincipal): def __init__(self, app, **config): # Customize configuration config.setdefault('ROLE_NEED_CLASS', RoleNeed) super().__init__(app, **config) # Register middleware app.wsgi_app = RoleMiddleware(app) ``` **30. Scoped Permissions:** ```python from flask_principal import scoped_permission # Define scoped permission permission = scoped_permission(UserNeed(1), 'profile') # Check if the current user has the scoped permission permission.can(scope='profile') ``` **31. Multi-Tenancy with Identity Providers:** ```python from flask_principal import identity_loaded # Register identity provider for each tenant @identity_loaded.connect_via(app) def load_user_from_tenant(sender, identity): tenant_id = request.headers.get('X-Tenant-ID') # Retrieve user from database based on tenant ID user = User.query.filter_by(tenant_id=tenant_id, identity=identity).first() # Update identity identity_changed.send(app, identity=user) ``` **32. Role-Based View Decorators:** ```python from flask_principal import Permission, permission_required # Define permission permission = Permission(RoleNeed('admin')) # Create view decorator def admin_required(view_func): @permission_required(permission) def decorated_view(*args, **kwargs): return view_func(*args, **kwargs) return decorated_view ``` **33. Identity Change Listeners:** ```python from flask_principal import identity_changed # Register identity change listener @identity_changed.connect_via(app) def log_identity_change(sender, identity): # Log identity change information print(f'Identity changed: {identity}') ``` **34. Identity and Role Transformers:** ```python from flask_principal import IdentityTransformer, RoleTransformer # Define identity transformer class MyIdentityTransformer(IdentityTransformer): def transform(self, identity): # Transform identity return identity.name # Define role transformer class MyRoleTransformer(RoleTransformer): def transform(self, role): # Transform role return role.name # Register transformers app.identity_transformer(MyIdentityTransformer()) app.role_transformer(MyRoleTransformer()) ``` **35. Role Hierarchy with Permissions:** ```python from flask_principal import RoleHierarchy, Permission # Define role hierarchy role_hierarchy = RoleHierarchy({ 'admin': ['user'], 'moderator': ['user'] }) # Create permissions permissions = { '/admin': Permission(RoleNeed('admin')), '/user': Permission(RoleNeed('user')) } # Check if the current user has the permission permission_manager = PermissionManager() permission_manager.init_app(app, permissions, role_hierarchy=role_hierarchy) if permission_manager.has_permission('/admin'): pass ``` **36. Contextually Scoped Permissions:** ```python from flask_principal import Permission, permission_required # Define permission permission = Permission(UserNeed(1), context=request.endpoint) # Protect view @app.route('/user') @permission_required(permission) def user_view(): pass ```