docs: create permissions page

Author: alexeev-prog

CHANGELOG.md

@@ -1,3 +1,9 @@
+commit 67ffad744371c275a3ed28809861063b606cf52f
+Author: alexeev-prog <[email protected]>
+Date:   Sat Nov 23 19:36:20 2024 +0700
+
+    Update Changelog
+
 commit b508da83b02db558deab7c7c4bca59fa3545a046
 Author: alexeev-prog <[email protected]>
 Date:   Sat Nov 23 19:35:45 2024 +0700

README.md

@@ -41,8 +41,7 @@ Welcome to **EchoNext**, where innovation meets simplicity! Are you tired of the
 
 **Imagine** a lightweight framework that empowers you to create modern web applications with lightning speed and flexibility. With EchoNext, you're not just coding; you're building a masterpiece!
 
- > Last unstable version: 0.6.9 alpha
- > Last stable version: 0.5.9 alpha
+ > Last stable version: 0.6.9 alpha
 
  > Next Big Update: ASYNC & unicorn support
 
@@ -771,6 +770,7 @@ Extended documentation and framework specifications are available at the followi
 5. [Request/Response](./docs/en/requests_responses.md)
 6. [Localization i18n/l10n](./docs/en/i18n_locales.md)
 7. [Security](./docs/en/security.md)
+8. [Permissions & rights](./docs/en/permissions.md)
 
 ### Russian / Русский
 
@@ -781,6 +781,7 @@ Extended documentation and framework specifications are available at the followi
 5. [Request/Response](./docs/ru/requests_responses.md)
 6. [Локализация i18n/l10n](./docs/ru/i18n_locales.md)
 7. [Безопасность](./docs/ru/security.md)
+8. [Разрешения и права](./docs/ru/permissions.md)
 
 ## 💬 Support
 If you encounter any issues or have questions about pyEchoNext, please:

docs/en/permissions.md

@@ -0,0 +1,97 @@
+# pyEchoNext / Permissions and Rights
+
+---
+
+in pyEchoNext you can create an additional layer of abstraction, in the form of policies, permissions, roles. For example, this way you can create user and administrator roles, introduce restrictions, and much more.
+
+The `pyechonext.permissions` module is responsible for this. It has the following classes:
+
++ Permission - permission,
++ Role - a role,
++ Resource - a resource,
++ AccessControlRule - access control rule,
++ Policy - policy,
++ AttributeBasedPolicy - attribute restriction policy,
++ AgeRestrictionsABP - age attribute restriction policy,
++ User - user,
++ DefaultPermissionChecker - rights checking class,
++ UserController - user controller
+
+Usage example:
+
+```python
+from pyechonext.permissions import (
+Permission,
+Role,
+Resource,
+AccessControlRule,
+Policy,
+AgeRestrictionsABP,
+User,
+DefaultPermissionChecker,
+UserController,
+)
+
+view_users_perm = Permission("view_users")
+edit_users_perm = Permission("edit_users")
+
+admin_role = Role("admin")
+admin_role.add_permission(view_users_perm)
+admin_role.add_permission(edit_users_perm)
+
+user_role = Role("user")
+user_role.add_permission(view_users_perm)
+
+user_resource = Resource("UserResource")
+
+policy = Policy()
+policy.add_rule(AccessControlRule(admin_role, view_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(admin_role, edit_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(user_role, view_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(user_role, edit_users_perm, user_resource, False))
+
+age_policy = AgeRestrictionsABP(conditions={"age": 18}, rules=policy.rules)
+age_policy.add_rule(AccessControlRule(user_role, view_users_perm, user_resource, True))
+
+admin_user = User("admin", attributes={"age": 30})
+admin_user.add_role(admin_role)
+
+young_user = User("john_doe", attributes={"age": 17})
+young_user.add_role(user_role)
+
+permission_checker = DefaultPermissionChecker(policy)
+user_controller = UserController(permission_checker)
+
+
+def test_controller():
+"""Test Controller"""
+assert user_controller.view_users(admin_user, user_resource) == (
+"200 OK",
+"User edit form",
+)
+assert user_controller.edit_users(admin_user, user_resource) == (
+"200 OK",
+"User edit form",
+)
+assert user_controller.edit_users(young_user, user_resource) == (
+"403 Forbidden",
+"You do not have permission to edit users.",
+)
+
+
+def test_age_policy():
+"""Test Age Policy"""
+assert age_policy.evaluate(young_user, user_resource, view_users_perm) == False
+assert age_policy.evaluate(admin_user, user_resource, view_users_perm) == True
+
+
+test_controller()
+test_age_policy()
+```
+
+---
+
+[Contents](./index.md)
+
+
+

docs/ru/permissions.md

@@ -0,0 +1,97 @@
+# pyEchoNext / Разрешения и права
+
+---
+
+в pyEchoNext вы можете создать дополнительный слой абстракции, в виде политик, разрешений, ролей. Например, так можно создавать роли пользователей, администраторов, вводить ограничения и многое другое.
+
+За это отвечает модуль `pyechonext.permissions`. Он имеет следующие классы:
+
+ + Permission - разрешение,
+ + Role - роль,
+ + Resource - ресурс,
+ + AccessControlRule - правило контроля доступа,
+ + Policy - политика,
+ + AttributeBasedPolicy - политика ограничения по атрибутам,
+ + AgeRestrictionsABP - политика ограничения по атрибуту возраста,
+ + User - пользователь,
+ + DefaultPermissionChecker - класс проверки прав,
+ + UserController - контроллер пользователей
+
+Пример использования:
+
+```python
+from pyechonext.permissions import (
+	Permission,
+	Role,
+	Resource,
+	AccessControlRule,
+	Policy,
+	AgeRestrictionsABP,
+	User,
+	DefaultPermissionChecker,
+	UserController,
+)
+
+view_users_perm = Permission("view_users")
+edit_users_perm = Permission("edit_users")
+
+admin_role = Role("admin")
+admin_role.add_permission(view_users_perm)
+admin_role.add_permission(edit_users_perm)
+
+user_role = Role("user")
+user_role.add_permission(view_users_perm)
+
+user_resource = Resource("UserResource")
+
+policy = Policy()
+policy.add_rule(AccessControlRule(admin_role, view_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(admin_role, edit_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(user_role, view_users_perm, user_resource, True))
+policy.add_rule(AccessControlRule(user_role, edit_users_perm, user_resource, False))
+
+age_policy = AgeRestrictionsABP(conditions={"age": 18}, rules=policy.rules)
+age_policy.add_rule(AccessControlRule(user_role, view_users_perm, user_resource, True))
+
+admin_user = User("admin", attributes={"age": 30})
+admin_user.add_role(admin_role)
+
+young_user = User("john_doe", attributes={"age": 17})
+young_user.add_role(user_role)
+
+permission_checker = DefaultPermissionChecker(policy)
+user_controller = UserController(permission_checker)
+
+
+def test_controller():
+	"""Test Controller"""
+	assert user_controller.view_users(admin_user, user_resource) == (
+		"200 OK",
+		"User edit form",
+	)
+	assert user_controller.edit_users(admin_user, user_resource) == (
+		"200 OK",
+		"User edit form",
+	)
+	assert user_controller.edit_users(young_user, user_resource) == (
+		"403 Forbidden",
+		"You do not have permission to edit users.",
+	)
+
+
+def test_age_policy():
+	"""Test Age Policy"""
+	assert age_policy.evaluate(young_user, user_resource, view_users_perm) == False
+	assert age_policy.evaluate(admin_user, user_resource, view_users_perm) == True
+
+
+test_controller()
+test_age_policy()
+```
+
+---
+
+[Содержание](./index.md)
+
+
+

pyechonext/app.py

@@ -307,7 +307,7 @@ def _serve_static_file(
 		:returns:	response
 		:rtype:		Response
 		"""
-		print(f"Serve sttic file by path: {request.path}")
+		print(f"Serve static file by path: {request.path}")
 		response.content_type = self.static_files_manager.get_file_type(request.path)
 		response.body = self.static_files_manager.serve_static_file(
 			_prepare_url(request.path)