API Reference - Role
pypermission.service.role.RoleService
create(*, role: str, db: Session) -> None
classmethod
Create a new Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The RoleID of the Role to create. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If a Role with the given RoleID already exists. |
delete(*, role: str, db: Session) -> None
classmethod
Delete an existing Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The RoleID to delete. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If a Role with the given RoleID does not exist. |
list(*, db: Session) -> tuple[str, ...]
classmethod
Get all Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all RoleIDs. |
add_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None
classmethod
Add a parent-child hierarchy between two Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
parent_role
|
str
|
The parent RoleID. |
required |
child_role
|
str
|
The child RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If arguments |
remove_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None
classmethod
Remove a parent-child hierarchy between two Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
parent_role
|
str
|
The parent RoleID. |
required |
child_role
|
str
|
The child RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If arguments |
parents(*, role: str, db: Session) -> tuple[str, ...]
classmethod
Get all parent Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all parent RoleIDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
children(*, role: str, db: Session) -> tuple[str, ...]
classmethod
Get all child Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all child RoleIDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
ancestors(*, role: str, db: Session) -> tuple[str, ...]
classmethod
Get all ancestor Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all ancestor RoleIDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
descendants(*, role: str, db: Session) -> tuple[str, ...]
classmethod
Get all descending Roles.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all descending RoleIDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
subjects(*, role: str, include_descendant_subjects: bool = False, db: Session) -> tuple[str, ...]
classmethod
Get all Subjects assigned to a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
include_descendant_subjects
|
bool
|
Include all Subjects for descendant Roles. |
False
|
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all assigned SubjectIDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
grant_permission(*, role: str, permission: Permission, db: Session) -> None
classmethod
Grant a Permission to a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. If the Permission was granted before. TODO |
revoke_permission(*, role: str, permission: Permission, db: Session) -> None
classmethod
Revoke a Permission from a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target Role ID. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. If the Permission was not granted before. TODO |
check_permission(*, role: str, permission: Permission, db: Session) -> bool
classmethod
Check if a Role has a Permission.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
permission
|
Permission
|
The Permission to check for. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
bool
|
True if the Permission is granted. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
assert_permission(*, role: str, permission: Permission, db: Session) -> None
classmethod
Check if a Role has a Permission.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
permission
|
Permission
|
The Permission to check for. |
required |
db
|
Session
|
The SQLAlchemy session. |
required |
Raises:
| Type | Description |
|---|---|
PyPermissionNotGrantedError
|
If the Permission is not granted. |
PyPermissionError
|
If the target Role does not exist. |
permissions(*, role: str, inherited: bool = True, db: Session) -> tuple[Permission, ...]
classmethod
Get all granted Permissions for a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
inherited
|
bool
|
Includes all Permissions inherited by ancestor Roles. |
True
|
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[Permission, ...]
|
A tuple containing all granted Permissions. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If the target Role does not exist. |
policies(*, role: str, inherited: bool = True, db: Session) -> tuple[Policy, ...]
classmethod
Get all granted Policies for a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
inherited
|
bool
|
Includes all Policies inherited by ancestor Roles. |
True
|
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[Policies, ...]
|
A tuple containing all granted Policies. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If |
actions_on_resource(*, role: str, resource_type: str, resource_id: str, inherited: bool = True, db: Session) -> tuple[str, ...]
classmethod
Get all Actions granted on a Resource for a Role.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
role
|
str
|
The target RoleID. |
required |
resource_type
|
str
|
The ResourceType to check. |
required |
resource_id
|
str
|
The ResourceID to check. |
required |
inherited
|
bool
|
Includes all Actions inherited by ancestor Roles. |
True
|
db
|
Session
|
The SQLAlchemy session. |
required |
Returns:
| Type | Description |
|---|---|
tuple[str, ...]
|
A tuple containing all granted action IDs. |
Raises:
| Type | Description |
|---|---|
PyPermissionError
|
If |