Rules Reference
AreasBase
Base class for declaring business areas as typed attributes.
Subclass it and annotate each field as :class:Area. On instantiation,
all annotated fields are automatically created and accessible as typed
attributes:
import missil
bearer = missil.TokenBearer("Authorization", SECRET_KEY, "permissions")
class AppAreas(missil.AreasBase):
finances: missil.Area
it: missil.Area
areas = AppAreas(bearer)
@app.get("/report", dependencies=[areas.finances.READ])
def report(): ...
Annotations typed as anything other than :class:Area are silently ignored,
so you can freely add non-area class attributes to your subclass.
Instantiate all declared Area fields.
| PARAMETER | DESCRIPTION |
|---|---|
bearer
|
JWT token source shared by all areas in this group.
TYPE:
|
Source code in missil/rules.py
Area
Business area grouping READ and WRITE access rules.
An Area instance holds pre-built AccessRule objects for each access level, ready to be injected as FastAPI endpoint dependencies:
bearer = ...
finances = Area("finances", bearer)
@app.get("/finances/read", dependencies=[finances.READ])
def finances_read() -> dict[str, str]: ...
Create a business area.
| PARAMETER | DESCRIPTION |
|---|---|
name
|
Business area name.
TYPE:
|
bearer
|
JWT token source. See Bearers module.
TYPE:
|
Source code in missil/rules.py
AccessRule
Bases: Depends
FastAPI dependency that enforces an endpoint-level access rule.
Grant or deny user access to an endpoint.
Access is granted by verifying that the JWT token claims include the requested business area at the required access level.
| PARAMETER | DESCRIPTION |
|---|---|
area
|
Business area name, e.g. 'finances' or 'human_resources'.
TYPE:
|
level
|
Required access level: READ = 0 / WRITE = 1.
TYPE:
|
bearer
|
JWT token source. See Bearers module.
TYPE:
|
use_cache
|
FastAPI Depends cache parameter, by default True.
TYPE:
|
Source code in missil/rules.py
Role
Bases: Depends
A named group of AccessRules that must all be satisfied for access to be granted.
Use a Role to avoid repeating the same set of rules across multiple endpoints. Access is granted only when every constituent AccessRule passes:
bearer = missil.TokenBearer("Authorization", SECRET_KEY, "permissions")
class AppAreas(missil.AreasBase):
finances: missil.Area
it: missil.Area
areas = AppAreas(bearer)
analyst = missil.Role(areas.finances.READ, areas.it.READ)
@app.get("/dashboard", dependencies=[analyst])
def dashboard(): ...
If any rule fails, FastAPI raises HTTP 403 before the endpoint is reached.
Create a role from one or more AccessRules.
| PARAMETER | DESCRIPTION |
|---|---|
*rules
|
The access rules that must all pass for this role to be satisfied.
TYPE:
|
use_cache
|
FastAPI Depends cache parameter, by default True.
TYPE:
|
Source code in missil/rules.py
make_area
Deprecated
Use missil.Area(name, bearer) directly instead. See the Migration Guide.
Create a single business area.
| PARAMETER | DESCRIPTION |
|---|---|
bearer
|
JWT token source. See Bearers module.
TYPE:
|
area
|
Business area name.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
Area
|
Business area with READ and WRITE rules. |
Source code in missil/rules.py
make_areas
Deprecated
Use AreasBase instead. See the Migration Guide.
Create a Missil ruleset from a token source and business area names.
Deprecated
Use AreasBase instead:
| PARAMETER | DESCRIPTION |
|---|---|
bearer
|
JWT token source. See Bearers module.
TYPE:
|
*areas
|
Business area names to protect.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
dict[str, Area]
|
Mapping of area name to Area. |