Create grant procedure for grant roles validating

This commit is contained in:
Dita Aji Pratama 2025-08-07 11:40:27 +07:00
parent 43626ebec3
commit 988f793598
2 changed files with 16 additions and 0 deletions

View File

@ -11,6 +11,7 @@ from scripts import loggorilla, saltedkey, googly, tokenguard, s
import procedure.validation as procedure_validation
import procedure.webmail as procedure_webmail
import procedure.grant as procedure_grant
class auth:

15
procedure/grant.py Normal file
View File

@ -0,0 +1,15 @@
def is_grant_allowed(my_roles, target_roles, allowed_grant):
allowed = {
role
for r in my_roles
for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
}
return all(role in allowed for role in target_roles)
def get_disallowed_roles(my_roles, target_roles, allowed_grant):
allowed = {
role
for r in my_roles
for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
}
return [r for r in target_roles if r not in allowed]