How to tackle complex authorization logic (and don't go crazy)

Managing complex authorization logic can be a nightmare. Without a framework to help you, it can soon end up in a mess of if-else statements and partial solutions that will only give you a headache.

One day, I found myself in that exact situation. I decided to tackle the problem, and that's how I came across the concept of "policy-based authorization" or ABAC. While there are available libraries for this, I found them of little help for a large, legacy codebase that is monolithic at its core.

In my talk, I will share my experience in thinking about this problem and how to use ABAC to implement a custom solution that fits your needs. I will outline the main components of my solution and show how it can be applied to Django views and FastAPI endpoints.