flask-permissions | A simple permissions system for Flask | Authorization library

Installs quickly and easily using PIP:.
Import Flask, Flask-SQLAlchemy, and, if you want, Flask-Login. Import the Permissions object. Instantiate the Permissions object passing in your Flask app, SQLAlchemy database, and a proxy for the current user. Sub-class the Flask-Permissions UserMixin. Call the UserMixin's __init__ in your own __init__. Add roles to your users and abilities to your roles. This can be done using convenience methods on the UserMixin and Role classes. You'll need a role to start adding abilities. Add abilities by passing string ability names to role.add_abilities(). You may pass existing or new abilities in this way. New abilities will be created for you. Add the role to the session and commit when you're done. Add roles on an instance of your UserMixin sub-class.
Import Flask, Flask-SQLAlchemy, and, if you want, Flask-Login. from flask import Flask from flask.ext.login import LoginManager, current_user from flask.ext.sqlalchemy import SQLAlchemy
Import the Permissions object. from flask.ext.permissions.core import Permissions
Instantiate the Permissions object passing in your Flask app, SQLAlchemy database, and a proxy for the current user. perms = Permissions(app, db, current_user)
Sub-class the Flask-Permissions UserMixin. Call the UserMixin's __init__ in your own __init__. from app import db from flask.ext.permissions.models import UserMixin class User(UserMixin): # Add whatever fields you need for your user class here. def __init__(self, ...): # Do your user init UserMixin.__init__(self, roles)
Add roles to your users and abilities to your roles. This can be done using convenience methods on the UserMixin and Role classes. You'll need a role to start adding abilities. my_role = Role('admin') Add abilities by passing string ability names to role.add_abilities(). You may pass existing or new abilities in this way. New abilities will be created for you. Add the role to the session and commit when you're done. my_role.add_abilities('create_users', 'delete_users', 'bring_about_world_peace') db.session.add(my_role) db.session.commit() Add roles on an instance of your UserMixin sub-class. my_user = User() The user.add_roles() method works just like role.add_abilities(). Pass in a string name or a series of string names. New roles will be created for you. Existing roles will simply be applied to the user. Don't forget to add and commit to the database! my_user.add_roles('admin', 'superadmin') db.session.add(my_user) db.session.commit() Similarly to the add methods, the classes also offer remove methods that work in the same way. Pass strings to role.remove_abilities() or user.remove_roles() to remove those attributes from the objects in question.
Put those decorators to work! Decorate any of your views with the user_is or user_has decorators from flask.ext.permissions.decorators to limit access. from flask.ext.permissions.decorators import user_is, user_has @user_is decorator: @app.route('/admin', methods=['GET', 'POST']) @user_is('admin') def admin(): return render_template('admin.html') @user_has decorator: @app.route('/delete-users', methods=['GET', 'POST']) @user_has('delete_users') def delete_users(): return render_template('delete-users.html')