• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site
For visually-impairedUser profile (HSE staff only)SearchMenu

Flask Web Framework Extension for Dynamic Role Based Access Control

Student: Daniil Krainov

Supervisor: Alexander Breyman

Faculty: Faculty of Computer Science

Educational Programme: Software Engineering (Bachelor)

Final Grade: 9

Year of Graduation: 2020

Due to the constantly growing architectural complexity of modern web services and software projects, a need has arisen to create more flexible and extensible development tools and libraries that would allow for cleaner and more scalable code. One of the most popular web frameworks, Flask, written in Python, has been developed with possibility of creation of third-party extensions for various tasks in mind. The purpose of this work is to implement a full-fledged role-based access control method using the mechanism of Flask extensions and a domain model which is fully conformant to the appropriate standards. Existing solutions, as well as their key drawbacks, are taken into account in this work, and an access control algorithm is suggested that uses a connection to the internal database of the project in which the extension is embedded, as compared to the existing practices of hard-coding access control rules into the codebase of the project. This paper contains 55 pages, 14 pictures, 5 tables, 8 source code extracts, 31 references, 2 appendices. Keywords: RBAC, Flask, Python, library, API

Full text (added May 18, 2020)

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses