Create grant procedure for grant roles validating

2025-08-07 11:40:27 +07:00 · 2025-08-07 11:40:27 +07:00 · 988f793598
commit 988f793598
parent 43626ebec3
2 changed files with 16 additions and 0 deletions
--- a/modules/api/auth.py
+++ b/modules/api/auth.py
@ -11,6 +11,7 @@ from    scripts             	import loggorilla, saltedkey, googly, tokenguard, s

 import  procedure.validation	as procedure_validation
 import  procedure.webmail	as procedure_webmail
+import  procedure.grant		as procedure_grant

 class auth:

--- a/procedure/grant.py
+++ b/procedure/grant.py
@ -0,0 +1,15 @@
+def is_grant_allowed(my_roles, target_roles, allowed_grant):
+    allowed = {
+        role
+        for r in my_roles
+        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
+    }
+    return all(role in allowed for role in target_roles)
+
+def get_disallowed_roles(my_roles, target_roles, allowed_grant):
+    allowed = {
+        role
+        for r in my_roles
+        for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
+    }
+    return [r for r in target_roles if r not in allowed]