From 988f793598e7b3c087524be79d040802b96fb7d7 Mon Sep 17 00:00:00 2001
From: Dita Aji Pratama <ditaajipratama@protonmail.com>
Date: Thu, 7 Aug 2025 11:40:27 +0700
Subject: [PATCH] Create grant procedure for grant roles validating

---
 modules/api/auth.py |  1 +
 procedure/grant.py  | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 procedure/grant.py

diff --git a/modules/api/auth.py b/modules/api/auth.py
index 76cc49b..4921c3c 100644
--- a/modules/api/auth.py
+++ b/modules/api/auth.py
@@ -11,6 +11,7 @@ from    scripts             	import loggorilla, saltedkey, googly, tokenguard, s
 
 import  procedure.validation	as procedure_validation
 import  procedure.webmail	as procedure_webmail
+import  procedure.grant		as procedure_grant
 
 class auth:
 
diff --git a/procedure/grant.py b/procedure/grant.py
new file mode 100644
index 0000000..ef9d90d
--- /dev/null
+++ b/procedure/grant.py
@@ -0,0 +1,15 @@
+def is_grant_allowed(my_roles, target_roles, allowed_grant):
+    allowed = {
+        role
+        for r in my_roles
+        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
+    }
+    return all(role in allowed for role in target_roles)
+
+def get_disallowed_roles(my_roles, target_roles, allowed_grant):
+    allowed = {
+        role
+        for r in my_roles
+        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
+    }
+    return [r for r in target_roles if r not in allowed]