ABAC — Aquilia Documentation
Comprehensive guide and documentation for ABAC in the Aquilia framework. View API reference, examples, and implementation patterns.
Security & Auth / Authorization / ABAC Attribute-Based Access Control Attribute-Based Access Control enables access decisions based on resource metadata, user parameters, and environment context. In Aquilia, this is driven by the ABACEngine and `PolicyBuilder` helper utilities. Registering & Evaluating Policies ABAC policies are callables that accept an `AuthzContext` and return an `AuthzResult`. Policies are registered with unique IDs in the ABACEngine : from aquilia.auth.authz import ABACEngine, Decision, AuthzResult, AuthzContext abac = ABACEngine() # Define and register a custom policy def check_owner(ctx: AuthzContext) -> AuthzResult: if ctx.attributes.get("owner_id") == ctx.identity.id: return AuthzResult(Decision.ALLOW, reason="Identity matches resource owner") return AuthzResult(Decision.ABSTAIN, reason="Identity is not owner") abac.register_policy("owner_can_edit", check_owner) # Evaluate the policy against a context ctx = AuthzContext(identity=user, resource="posts:123", action="edit", attributes= ) result = abac.evaluate(ctx, policy_id="owner_can_edit") print(result.decision) # Decision.ALLOW (if user.id == "user_42") Built-in Policy Builders Aquilia includes a static class `PolicyBuilder` providing pre-packaged ABAC configurations for common security requirements: , , , ].map((item, idx) => ( ))} from aquilia.auth.authz import PolicyBuilder # 1. Owner-only check (looks up attribute in context.attributes) owner_policy = PolicyBuilder.owner_only(attribute="owner_id") # 2. Admin role or resource owner check admin_or_owner_policy = PolicyBuilder.admin_or_owner( admin_role="administrator", attribute="owner_id", ) # 3. Restrict access to business hours (9 AM - 5 PM UTC) business_hours_policy = PolicyBuilder.time_based(allowed_hours=(9, 17)) RBAC Declarative Policy DSL )
Go to Homepage