-
Notifications
You must be signed in to change notification settings - Fork 73
Access Control
Thomas Pollet edited this page Mar 8, 2026
·
21 revisions
- Applies to: Flask and FastAPI
- Best examples:
examples/authentication/demo_auth.py,examples/authentication/demo_jwt.py,examples/mini_examples/ex16_perm.py - Related pages: Endpoint Decorators, CORS, Input Validation
SAFRS does not impose a single security model. Instead, it gives you several control points:
- app-wide middleware or framework auth
- model-level decorators
- relationship-level controls
- permission hooks such as
_s_check_perm
Relevant mechanisms include:
decoratorscustom_decorators- relationship-level decorators
- relationship-level
http_methods _s_check_perm
For FastAPI, prefer dependencies and middleware rather than Flask-only decorator patterns.
- Home
- Installation
- Quickstart (Flask)
- Quickstart (FastAPI)
- JSON:API Basics
- Relationships and Includes
- Filtering
- Sorting, Pagination, and Sparse Fieldsets
- Content Types and Errors
- Bulk Requests
- RPC / Custom Methods
- Customization
- Security and Access Control
- Stateless Endpoints / JABase
- Performance
- Examples
- Existing Databases (Legacy)
- PostGIS / GeoAlchemy2
- Docker / Deployment
- Troubleshooting
- Reference: SAFRSBase
- Reference: SAFRSBase Customization