-
Notifications
You must be signed in to change notification settings - Fork 1
/
policy.py
33 lines (25 loc) · 936 Bytes
/
policy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
from abc import ABC, abstractmethod
class Policy(ABC):
"""
An abstract class to ensure that the current user matches the configured security policies.
"""
@abstractmethod
def validate_user(self, user: str, **kwargs) -> (bool, str):
raise NotImplementedError
class RoleBasedPolicy(Policy):
"""
An Policy class where the user roles must be enforced to grant access to the requested action.
All the configured roles must be granted to the current user in order to allow the execution.
"""
def __init__(
self,
roles: list[str],
):
self.roles = roles
def get_roles(self):
self.roles
def validate_user(self, user: str, **kwargs) -> (bool, str):
rm = kwargs.get("role_manager")
result = rm.has_roles_for_user(user, self.roles)
explain = "" if result else f"Requires roles {self.roles}"
return (result, explain)