Question 1

How do I handle permissions for a list of resources with FastAPI Permissions?

Accepted Answer

The library's FAQ references issue #3 for this; you need to ensure each resource in the list has its own ACL, and use helper functions like has_permission in a loop or implement a custom dependency to check permissions collectively, as batch operations aren't natively supported.

Question 2

FastAPI Permissions or OAuth2 scopes: which should I use?

Accepted Answer

Use OAuth2 scopes if permissions are solely based on user roles and don't change with resource state. FastAPI Permissions is better when access depends on resource conditions, like edit rights varying between draft and published states, as explained in the README's 'Why not use Scopes?' section.

Question 3

How to define ACLs for SQLAlchemy models in FastAPI Permissions?

Accepted Answer

Add an __acl__ method or property to your SQLAlchemy model classes that returns an access control list based on instance attributes, similar to the Pydantic examples in the README, ensuring it integrates with your database queries.

Question 4

Can I use FastAPI Permissions with JWT authentication?

Accepted Answer

Yes, integrate it by extracting user principals from the JWT token in your get_active_principals dependency, then pass those to the permission system. This aligns with FastAPI's security dependencies, as shown in the OAuth2 example.

Question 5

What's the best way to test permissions in my app with this library?

Accepted Answer

Use the has_permission and list_permissions helper functions in unit tests to mock user principals and resources, verifying ACL behavior. The README includes a make test command for running tests in a virtual environment.

Question 6

How does FastAPI Permissions compare to other auth libraries like FastAPI-JWT-Auth?

Accepted Answer

FastAPI Permissions focuses on resource-level authorization, while libraries like FastAPI-JWT-Auth handle authentication and token management. They can be combined: use JWT for auth and this library for fine-grained, state-dependent permissions.

FastAPI Permissions

What is FastAPI Permissions?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions