Authorisation

A server module that provides user authentication and role based authorisation for server functions.

Installation

You will need to setup the Users and Data Table services in your app:

  • Ensure that you have added the ‘Users’ service to your app

  • In the ‘Data Tables’ service, add:

    • a table named ‘permissions’ with a text column named ‘name’

    • a table named ‘roles’ with a text column named ‘name’ and a ‘link to table’column named ‘permissions’ that links to multiple rows of the permissions table

    • a new ‘link to table’ column in the Users table named ‘roles’ that links to multiple rows of the ‘roles’ table

Usage

Users and Permissions

  • Add entries to the permissions table. (e.g. ‘can_view_stuff’, ‘can_edit_sensitive_thing’)

  • Add entries to the roles table (e.g. ‘admin’) with links to the relevant permissions

  • In the Users table, link users to the relevant roles

Server Functions

The module includes two decorators which you can use on your server functions:

authentication_required

Checks that a user is logged in to your app before the function is called and raises an error if not. e.g.:

import anvil.server
from anvil_extras.authorisation import authentication_required

@anvil.server.callable
@authentication_required
def sensitive_server_function():
  do_stuff()

authorisation_required

Checks that a user is logged in to your app and has sufficient permissions before the function is called and raises an error if not:

import anvil.server
from anvil_extras.authorisation import authorisation_required

@anvil.server.callable
@authorisation_required("can_edit_sensitive_thing")
def sensitive_server_function():
  do_stuff()

You can pass either a single string or a list of strings to the decorator. The function will only be called if the logged in user has ALL the permissions listed.

API

authentication_required(fn)

Use as a decorator for any server function that requires a logged in user

authorisation_required(permissions)

Use as a decorator above a server function permissions should be a string or iterable of strings

has_permission(permissions)

Returns True/False on whether a user is logged in and has valid permissions

check_permissions(permissions)

Raises a ValueError if there is no user or the user does not have valid permissions