Consider to add roles and permission #454
Master-Y0da
started this conversation in
Ideas
Replies: 2 comments 7 replies
-
Hi Ivar, Thank you for the suggestion! However, this is not something I plan to implement for now. I think it would be better if another library implements this kind of logic, possibly by leaning on FastAPI Users. |
Beta Was this translation helpful? Give feedback.
7 replies
-
I've worked on this a little more and made a simple on a RBAC system: from fastapi_users import models
from pydantic import Field, BaseModel
from typing import List
# Permission model
class Permission(BaseModel):
resource: str
action: str
# Group model
class Group(BaseModel):
name: str
permissions: List[Permission] = []
# User model with group and permission fields
class User(models.BaseUser):
groups: List[Group] = []
permissions: List[Permission] = []
denied_permissions: List[Permission] = []
# RBAC library
class RBAC:
@staticmethod
def has_permission(user: User, permission_str: str) -> bool:
"""
Check if the user has the given permission, taking into account denied permissions.
"""
resource, action = permission_str.split(":")
# Check if the user has the permission denied directly
if Permission(resource=resource, action=action) in user.denied_permissions:
return False
# Check if the user has the permission directly
if Permission(resource=resource, action=action) in user.permissions:
return True
# Check if the user has the permission through any of their groups
for group in user.groups:
if Permission(resource=resource, action=action) in group.permissions:
return True
return False
@staticmethod
def add_permission_to_group(group: Group, permission_str: str):
"""
Add a permission to a group.
"""
resource, action = permission_str.split(":")
permission = Permission(resource=resource, action=action)
group.permissions.append(permission)
@staticmethod
def add_permission_to_user(user: User, permission_str: str):
"""
Add a permission to a user, overriding group permissions.
"""
resource, action = permission_str.split(":")
permission = Permission(resource=resource, action=action)
user.permissions.append(permission)
# Remove the permission from denied permissions, if it was previously denied
if permission in user.denied_permissions:
user.denied_permissions.remove(permission)
@staticmethod
def remove_permission_from_group(group: Group, permission_str: str):
"""
Remove a permission from a group.
"""
resource, action = permission_str.split(":")
permission = Permission(resource=resource, action=action)
if permission in group.permissions:
group.permissions.remove(permission)
@staticmethod
def remove_permission_from_user(user: User, permission_str: str):
"""
Remove a permission from a user, overriding group permissions.
"""
resource, action = permission_str.split(":")
permission = Permission(resource=resource, action=action)
if permission in user.permissions:
user.permissions.remove(permission)
# Remove the permission from denied permissions, if it was previously denied
if permission in user.denied_permissions:
user.denied_permissions.remove(permission)
@staticmethod
def deny_permission_to_user(user: User, permission_str: str):
"""
Deny a permission to a user, overriding group permissions.
"""
resource, action = permission_str.split(":")
permission = Permission(resource=resource, action=action)
user.denied_permissions.append(permission)
# Remove the permission from permissions, if it was previously granted
if permission in user.permissions:
user.permissions.remove(permission) What are your thoughts on this instead? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Woul be great if you can add this feature!!!
Beta Was this translation helpful? Give feedback.
All reactions