I'm building a small RESTful API using Python and FastAPI and I need to handle authorizations to some of the resources in this API (api.foo.co/things/restricted/
, I want /restricted
to be accessed only by some users/groups/something else).
Is there any "best practice" or a known way/pattern to implement authorizations in FastAPI? I wanted to create a table in my RDBMS where I can store group/user permissions based on a given list like [things.restricted.read, things.restricted.write...]
and create a simple middleware that checks this list every time a call has been made but I think there are some cleaner solutions, I hope.
I saw that this problem could be solved using Casbin and PyCasbin but I'm trying to see if there are also other solutions to this problem, instead of using a new dependency in my project.