Skip to content

Role Based Permission Checker

role_based_permission_checker

Role-based permission checker implementation.

RoleBasedPermissionChecker

Grants permissions based on a static role-to-permission mapping.

Parameters:

Name Type Description Default
role_permissions dict[str, list[Permission]]

A dictionary mapping role names (str) to the list
of :class:Permission values that role is allowed.

required
Source code in src/forging_blocks/domain/permissions/role_based_permission_checker.py
class RoleBasedPermissionChecker:
    """Grants permissions based on a static role-to-permission mapping.

    Args:
        role_permissions: A dictionary mapping role names (``str``) to the list
            of :class:`Permission` values that role is allowed.
    """

    __match_args__ = ("_role_permissions",)

    def __init__(self, role_permissions: dict[str, list[Permission]]) -> None:
        self._role_permissions = role_permissions

    async def check(self, context: AuthorizationContext, permission: Permission) -> bool:
        if not context.roles:
            return False
        for role in context.roles:
            allowed = self._role_permissions.get(role)
            if allowed is not None and permission in allowed:
                return True
        return False