Catalyst / admin/Syanpse-Vanguard 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / Syanpse-Vanguard

public
Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
Syanpse-Vanguard / synapse-vanguard-v3 / sv / auth / deps.py 684 B · main
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
"""RBAC guard used on every protected endpoint. Usage:

    @app.get("/v1/search")
    async def search(user: User = Depends(requires(Permission.LOG_READ))): ...
"""
from __future__ import annotations

from fastapi import Depends, HTTPException, status

from sv.auth.rbac import Permission, can
from sv.auth.session import User, current_user


def requires(permission: Permission):
    async def _dep(user: User = Depends(current_user)) -> User:
        if not can(user.role, permission):
            raise HTTPException(
                status.HTTP_403_FORBIDDEN,
                f"role {user.role.value} lacks {permission.value}",
            )
        return user

    return _dep