AccessManager The AccessManager class provides role-based access control (RBAC) functionality for Framefox applications. It evaluates access control rules and determines whether users have the required permissions to access specific paths.
Source : framefox/core/security/access_manager.py:17Constructor AccessManager(settings: Settings)
The application settings containing access control configuration
Methods get_required_roles() Retrieves the required roles for a specific path from the access control configuration.
def get_required_roles ( self , path : str ) -> List[ str ]
The request path to evaluate
List of role names required to access the path. Empty list means no roles required.
How it works:
Checks if the path is a static resource (automatically allowed)
Iterates through access control rules in order
Matches path against regex patterns
Returns roles for the first matching rule
Falls back to default policy if no rules match
Example: from framefox.core.security.access_manager import AccessManager from framefox.core.config.settings import Settings settings = Settings() access_manager = AccessManager(settings) # Check required roles for a path roles = access_manager.get_required_roles( "/admin/dashboard" ) print (roles) # ['ROLE_ADMIN']
is_allowed() Checks if the user has at least one of the required roles.
def is_allowed ( self , user_roles : List[ str ], required_roles : List[ str ]) -> bool
List of roles the user possesses
List of roles required for access
True if access is allowed, False otherwise
Special Cases:
If IS_AUTHENTICATED_ANONYMOUSLY is in required_roles, access is always granted
If required_roles is empty, access is always granted
If user_roles is empty and roles are required, access is denied
Example: user_roles = [ "ROLE_USER" , "ROLE_EDITOR" ] required_roles = [ "ROLE_ADMIN" , "ROLE_EDITOR" ] if access_manager.is_allowed(user_roles, required_roles): print ( "Access granted" ) else : print ( "Access denied" )
Access Control Configuration Access control rules are defined in config/security.yaml:
access_control : - path : "^/admin" roles : [ ROLE_ADMIN ] - path : "^/api" roles : [ ROLE_USER ] - path : "^/public" roles : [ IS_AUTHENTICATED_ANONYMOUSLY ] default_access_policy : allow # or "deny"
Default Access Policy
allow (default): Paths without matching rules are accessible to all usersdeny : Paths without matching rules require ROLE_ADMIN
Complete Example from framefox.core.security.access_manager import AccessManager from framefox.core.config.settings import Settings # Initialize access manager settings = Settings() access_manager = AccessManager(settings) # Example user with roles user_roles = [ "ROLE_USER" , "ROLE_EDITOR" ] # Check access to different paths paths = [ "/admin/users" , "/api/posts" , "/public/about" , ] for path in paths: required_roles = access_manager.get_required_roles(path) allowed = access_manager.is_allowed(user_roles, required_roles) print ( f " { path } : { '✓ Allowed' if allowed else '✗ Denied' } (requires { required_roles } )" )
Integration with Middleware The AccessManager is automatically used by Framefox’s firewall middleware to enforce access control:
# In firewall middleware access_manager = container.get(AccessManager) required_roles = access_manager.get_required_roles(request.url.path) if not access_manager.is_allowed(user_roles, required_roles): raise HTTPException( status_code = 403 , detail = "Access denied" )
See Also
Authentication User authentication system
Security Guide Complete security documentation