panda-authz

Reusable authorization library for PanDA WMS services built on top of PyCasbin.

panda-authz provides:

• A shared Casbin model
• Standard matcher functions
• File-based policy loading
• A simple AuthorizationService API
• Reusable authorization logic across multiple PanDA WMS components

---

Installation

pip install panda-authz

Quick Start

Create a policy file, more about the policy format in the documentation:

# policy.csv
p, atlas-adc-pandamon, user_contact, read, {}, {}, allow
p, atlas-adc-pandamon, task, update, {"tasktype": "prod"}, {"priority": [500, 999]}, allow

Create and use the authorization service:

from panda_authz.service import AuthorizationService
authz = AuthorizationService("policy.csv")
allowed = authz.enforce(
    ["atlas-adc-pandamon"],
    {"type": "user_contact"},
    "read",
    {},
)

print(allowed)  # True

more examples in the documentation.

Django Integration

# oauth/authz.py
from django.conf import settings
from panda_authz.service import AuthorizationService
authz = AuthorizationService(settings.AUTHZ_POLICY_FILE)

Then use it in views or service code:

from oauth.authz import authz
if not authz.enforce(
    request.user_roles,
    {"type": "user_contact"},
    "read",
    {},
):
    raise PermissionDenied()