add read-the-docs documentation

.readthedocs.yaml

@@ -0,0 +1,18 @@
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+version: 2
+
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.10"
+
+sphinx:
+   configuration: docs/conf.py
+
+python:
+   install:
+     - requirements: docs/requirements.txt
+     - method: pip
+       path: .

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2017 Mara contributors
+Copyright (c) 2017-2022 Mara contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -7,15 +7,15 @@
 
 Default ACL implementation for mara with the following design choices:
 
-- Authentication of users is handled externally, e.g. through a [Oauth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy). 
+- Authentication of users is handled externally, e.g. through a [OAuth2 Proxy](https://github.com/oauth2-proxy/oauth2-proxy). 
   An upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
 - Each user is assigned a single role.
 - Permissions are not based on urls, but on application-defined "resources". 
   Thus, checking of permissions needs to be done in the application.
 
 The ACL provides a single UI for both user and permission management. 
 Users can be added / removed and their roles can be changed like this:
-![User management](https://github.com/mara/mara-acl/raw/master/docs/users-and-roles.gif)
+![User management](https://github.com/mara/mara-acl/raw/master/docs/_static/users-and-roles.gif)
 
 New roles are created by moving a user to a new role.
 
@@ -25,12 +25,12 @@ Permissions can be set for
 - an individual resource, a group of resources or "All" resources.
 
 Individual users inherit permissions from their role, and permissions on higher levels overwrite permissions on lower levels:
-![User management](https://github.com/mara/mara-acl/raw/master/docs/permissions.gif)
+![User management](https://github.com/mara/mara-acl/raw/master/docs/_static/permissions.gif)
 
 
 Each new user that is authenticated is automatically created 
 with a default role in the acl:
-![User management](https://github.com/mara/mara-acl/raw/master/docs/automatic-user-creation.png)
+![User management](https://github.com/mara/mara-acl/raw/master/docs/_static/automatic-user-creation.png)
 
 This behavior can be switched off (so that only invited users can join). See [config.py](https://github.com/mara/mara-acl/blob/master/mara_acl/config.py) for details. 
 

docs/Makefile

@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/authentication.md

@@ -0,0 +1,16 @@
+Authentication
+==============
+
+The authentication process is handled externally. By default, an upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
+
+OAuth2 proxy
+------------
+
+See [OAuth2 Proxy Docs](https://oauth2-proxy.github.io/oauth2-proxy/docs/) how to install and configure it.
+
+Make sure that the E-Mail address of the user account is passed to the app and make sure that the HTTP header is correctly configured in [`mara_acl.config.email_http_header`](config.rst).
+
+Microsoft MSAL
+--------------
+
+When you want to use Microsoft authentication via the [Microsoft MSAL](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) library you have the additional option to use the extension [Mara ACL MSAL](https://github.com/leo-schick/mara-acl-msal). Take a look at the GitHub repository readme for more information.

docs/changes.md

@@ -0,0 +1,2 @@
+```{include} ../CHANGELOG.md
+```

docs/conf.py

@@ -0,0 +1,61 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'Mara ACL'
+copyright = '2017-2022, Mara contributors'
+author = 'Mara contributors'
+
+# The full version, including alpha/beta/rc tags
+release = '2.1.1'
+version = '2.1'
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    'sphinx.ext.autodoc',
+    'myst_parser',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'alabaster'
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+html_favicon = "_static/favicon.ico"
+html_logo = "_static/mara-animal.jpg"
+html_title = f"Mara ACL Documentation ({version})" 

docs/config.rst

@@ -0,0 +1,37 @@
+Configuration
+=============
+
+
+Mara Configuration Values
+-------------------------
+
+The following configuration values are used by this module. They are defined as python functions in ``mara_acl.config``
+and can be changed with the `monkey patch`_ from `Mara App`_. An example can be found `here <https://github.com/mara/mara-example-project-1/blob/master/app/local_setup.py.example>`_.
+
+.. _monkey patch: https://github.com/mara/mara-app/blob/master/mara_app/monkey_patch.py
+.. _Mara App: https://github.com/mara/mara-app
+
+
+.. module:: mara_acl.config
+
+.. autofunction:: resources
+
+|
+
+.. autofunction:: role_for_new_user
+
+|
+
+.. autofunction:: initial_permissions
+
+|
+
+.. autofunction:: email_http_header
+
+|
+
+.. autofunction:: require_email_http_header
+
+|
+
+.. autofunction:: whitelisted_uris

docs/index.rst

@@ -0,0 +1,39 @@
+.. rst-class:: hide-header
+
+Mara ACL documentation
+======================
+
+Welcome to Mara ACL’s documentation. This is one of the core modules of the `Mara Framework <https://github.com/mara>`_
+offering simple ACL user permission management.
+
+It uses a simple design:
+
+* Authentication of users is handled externally, e.g. through a `OAuth2 Proxy <https://github.com/oauth2-proxy/oauth2-proxy>`_. An upstream authentication app manages authentication and then adds a http header identifying the user to each authenticated request.
+* Each user is assigned a single role.
+* Permissions are not based on urls, but on application-defined "resources". Thus, checking of permissions needs to be done in the application.
+
+
+User's Guide
+------------
+
+This part of the documentation focuses on step-by-step instructions how to use this extension.
+
+.. toctree::
+   :maxdepth: 2
+
+   installation
+   authentication
+   user-and-permission-management
+   config
+
+
+Additional Notes
+----------------
+
+Legal information and changelog are here for the interested.
+
+.. toctree::
+   :maxdepth: 2
+
+   license
+   changes

docs/installation.md

@@ -0,0 +1,35 @@
+Installation
+============
+
+Python Version
+--------------
+
+We recommend using the latest version of Python. Mara supports Python
+3.6 and newer.
+
+Dependencies
+------------
+
+These packages will be installed automatically when installing Mara ACL.
+
+* [Mara DB] implements database integration withing the Mara Framework.
+* [Mara Page] the basics for UI pages based on Flask.
+
+[Mara DB]: https://github.com/mara/mara-db
+[Mara Page]: https://github.com/mara/mara-page
+
+
+Install Mara ACL
+----------------
+
+To use the library directly, use pip:
+
+``` bash
+$ pip install mara-acl
+```
+
+or
+
+``` bash
+$ pip install git+https://github.com/mara/mara-acl.git
+```

docs/license.rst

@@ -0,0 +1,11 @@
+License
+=======
+
+MIT Source License
+---------------------------
+
+The MIT license applies to all files in the Mara repository
+and source distribution. This includes Mara's source code, the
+examples, and tests, as well as the documentation.
+
+.. include:: ../LICENSE

docs/requirements.txt

@@ -0,0 +1,2 @@
+sphinx==4.5.0
+myst-parser==0.18.0

docs/user-and-permission-management.md

@@ -0,0 +1,30 @@
+User and permission management
+==============================
+
+The module provides a single UI for both user and permission management. 
+Users can be added / removed and their roles can be changed like this:
+![User management](https://github.com/mara/mara-acl/raw/master/docs/users-and-roles.gif)
+
+
+Automatic user creation
+-----------------------
+
+Each new user that is authenticated is automatically created 
+with a default role in the acl:
+![User management](https://github.com/mara/mara-acl/raw/master/docs/automatic-user-creation.png)
+
+This behavior can be switched off (so that only invited users can join). See [config](config.rst) for details.
+
+
+Managing permissions for users and roles
+----------------------------------------
+
+New roles are created by moving a user to a new role.
+
+Permissions can be set for 
+
+- an individual user or a whole role,
+- an individual resource, a group of resources or "All" resources.
+
+Individual users inherit permissions from their role, and permissions on higher levels overwrite permissions on lower levels:
+![User management](https://github.com/mara/mara-acl/raw/master/docs/permissions.gif)

mara_acl/config.py

@@ -38,6 +38,7 @@ def require_email_http_header() -> str:
     """
     return True
 
+
 def whitelisted_uris() -> [str]:
     """Which uris to exclude from the acl"""
     return []