openedx_authz.management.commands package#
Submodules#
openedx_authz.management.commands.enforcement module#
Django management command for interactive Casbin enforcement testing.
This command provides an interactive mode for testing authorization enforcement requests with two operational modes:
Database mode (default): Uses AuthzEnforcer with policies from the database
File mode: Uses a custom Casbin enforcer with policies from files - Activated when –policy-file-path and –model-file-path are provided - Reads policies directly from the specified CSV file
The command supports: - Interactive testing with format: subject action scope - Real-time enforcement results with visual feedback (✓ ALLOWED / ✗ DENIED) - Display of loaded policies, role assignments, and action grouping rules
- Example usage:
# Use policies from database with default model python manage.py lms enforcement
# Use custom model and policy files python manage.py lms enforcement -m /path/to/model.conf -p /path/to/policies.csv
- Example test input:
>>> alice content_libraries.view_library_team lib:OpenedX:CSPROB ✓ ALLOWED: alice content_libraries.view_library_team lib:OpenedX:CSPROB >>> bob content_libraries.manage_library_team lib:DemoX:LIB1 ✗ DENIED: bob content_libraries.manage_library_team lib:DemoX:LIB1
- class openedx_authz.management.commands.enforcement.Command(*args, **kwargs)
Bases:
BaseCommandDjango management command for interactive Casbin enforcement testing.
This command provides two operational modes for testing authorization:
Database mode (default): Uses AuthzEnforcer with policies from the database. This is the default behavior when no arguments are provided.
File mode: Uses a custom Casbin enforcer with policies from files. Activated when –policy-file-path and/or –model-file-path are provided.
The command provides an interactive shell for testing authorization requests in real-time with immediate feedback.
- add_arguments(parser: ArgumentParser) None
Add command-line arguments to the argument parser.
- Parameters:
parser (argparse.ArgumentParser) – The Django argument parser instance to configure.
- handle(*args, **options)
Execute the enforcement testing command.
Determines the operational mode based on provided arguments and creates the appropriate enforcer instance, then starts the interactive testing mode.
Operational modes: - Database mode: Uses AuthzEnforcer with policies from database (default) - File mode: Uses custom Enforcer with policies from files (when files provided)
- Parameters:
*args – Positional command arguments (unused).
**options – Command options including
--policy-file-pathand--model-file-path.
- help = 'Interactive mode for testing Casbin enforcement policies. By default, uses AuthzEnforcer with policies from the database. Use --policy-file-path and --model-file-path to test with custom files instead. Format: subject action scope.'
openedx_authz.management.commands.load_policies module#
Django management command to load policies into the authz Django model.
The command supports: - Specifying the path to the Casbin policy file. Default is ‘openedx_authz/engine/config/authz.policy’. - Specifying the Casbin model configuration file. Default is ‘openedx_authz/engine/config/model.conf’. - Optionally clearing existing policies in the database before loading new ones.
- class openedx_authz.management.commands.load_policies.Command(stdout=None, stderr=None, no_color=False, force_color=False)
Bases:
BaseCommandDjango management command to load policies into the authorization Django model.
This command reads policies from a specified Casbin policy file and loads them into the Django database model used by the Casbin adapter. This allows for easy management and persistence of authorization policies within the Django application.
- Example Usage:
python manage.py load_policies –policy-file-path /path/to/authz.policy python manage.py load_policies –policy-file-path /path/to/authz.policy –model-file-path /path/to/model.conf python manage.py load_policies
- add_arguments(parser) None
Add command-line arguments to the argument parser.
- Parameters:
parser – The Django argument parser instance to configure.
- handle(*args, **options)
Execute the policy loading command.
Loads policies from the specified Casbin policy file into the Django database model. Optionally clears existing policies before loading new ones.
- Parameters:
*args – Positional command arguments (unused).
**options – Command options including ‘policy_file_path’, ‘model_file_path’, and ‘clear_existing’.
- Raises:
CommandError – If the policy file is not found or loading fails.
- help = 'Load policies from a Casbin policy file into the Django database model.'
- migrate_policies(source_enforcer, target_enforcer)
Migrate policies from the source enforcer to the target enforcer.
This method copies all policies, role assignments, and action groupings from the source enforcer (file-based) to the target enforcer (database-backed). Optionally clears existing policies in the target before migration.
- Parameters:
source_enforcer – The Casbin enforcer instance to migrate policies from.
target_enforcer – The Casbin enforcer instance to migrate policies to.