16 lines
537 B
Python
16 lines
537 B
Python
def is_grant_allowed(my_roles, target_roles, allowed_grant):
|
|
allowed = {
|
|
role
|
|
for r in my_roles
|
|
for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
|
|
}
|
|
return all(role in allowed for role in target_roles)
|
|
|
|
def get_disallowed_roles(my_roles, target_roles, allowed_grant):
|
|
allowed = {
|
|
role
|
|
for r in my_roles
|
|
for role in next((g['allowed'] for g in allowed_grant if g['roles'] == r), [])
|
|
}
|
|
return [r for r in target_roles if r not in allowed]
|