admin / Syanpse-Vanguard
public
Syanpse-Vanguard / synapse-vanguard-v3 / sv / auth / deps.py
684 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | """RBAC guard used on every protected endpoint. Usage: @app.get("/v1/search") async def search(user: User = Depends(requires(Permission.LOG_READ))): ... """ from __future__ import annotations from fastapi import Depends, HTTPException, status from sv.auth.rbac import Permission, can from sv.auth.session import User, current_user def requires(permission: Permission): async def _dep(user: User = Depends(current_user)) -> User: if not can(user.role, permission): raise HTTPException( status.HTTP_403_FORBIDDEN, f"role {user.role.value} lacks {permission.value}", ) return user return _dep |