github-starred/flowsint
2
0
Fork 0
mirror of https://github.com/reconurge/flowsint.git synced 2026-04-30 19:29:26 -05:00
Code Issues 229 Packages Projects Releases 11 Wiki Activity
Files
9d163b80f7d2cfeb530dc11b8a0f953ac188686d
flowsint/flowsint-api/app/security/permissions.py
dextmorgn 295d9ade8a feat: permission
2025-09-18 13:47:14 +02:00

34 lines
1.0 KiB
Python
Raw Blame History

from fastapi import HTTPException
from flowsint_core.core.models import InvestigationUserRole
from flowsint_core.core.types import Role
def can_user(roles: list[Role], actions: list[str]) -> bool:
"""
Vérifie si au moins un rôle de la liste autorise au moins une action de la liste.
"""
for role in roles:
for action in actions:
if role == Role.OWNER:
return True
if role == Role.EDITOR and action in ["read", "create", "update"]:
return True
if role == Role.VIEWER and action == "read":
return True
return False
from fastapi import HTTPException
def check_investigation_permission(user_id: str, investigation_id: str, actions: list[str], db):
role_entry = (
db.query(InvestigationUserRole)
.filter_by(user_id=user_id, investigation_id=investigation_id)
.first()
)
if not role_entry or not can_user(role_entry.roles, actions):
raise HTTPException(status_code=403, detail="Forbidden")
return True
Reference in New Issue View Git Blame Copy Permalink