API Reference - Role

`pypermission.service.role.RoleService`

`create(*, role: str, db: Session) -> None` `classmethod`

Create a new Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The RoleID of the Role to create.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If a Role with the given RoleID already exists.

`delete(*, role: str, db: Session) -> None` `classmethod`

Delete an existing Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The RoleID to delete.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If a Role with the given RoleID does not exist.

`list(*, db: Session) -> tuple[str, ...]` `classmethod`

Get all Roles.

Parameters:

Name	Type	Description	Default
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all RoleIDs.

`add_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None` `classmethod`

Add a parent-child Hierarchy between two Roles.

Parameters:

Name	Type	Description	Default
`parent_role`	`str`	The parent RoleID.	required
`child_role`	`str`	The child RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If the `parent_role` or `child_role` is an empty string. If `parent_role` and `child_role` are identical. If one or both Roles do not exist in the system. If adding the Hierarchy would create a cycle in the RBAC Hierarchy. If the Hierarchy already exists.

`remove_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None` `classmethod`

Remove a parent-child Hierarchy between two Roles.

Parameters:

Name	Type	Description	Default
`parent_role`	`str`	The parent RoleID.	required
`child_role`	`str`	The child RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If the `parent_role` or `child_role` is an empty string. If `parent_role` and `child_role` are identical. If one or both Roles do not exist in the system. If the Hierarchy does not exist.

`parents(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

Get all parent Roles.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all parent RoleIDs.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`children(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

Get all child Roles.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all child RoleIDs.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`ascendants(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

Get all ascendants Roles.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all ascendant RoleIDs.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`descendants(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

Get all descending Roles.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all descending RoleIDs.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`subjects(*, role: str, include_descendant_subjects: bool = False, db: Session) -> tuple[str, ...]` `classmethod`

Get all Subjects assigned to a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`include_descendant_subjects`	`bool`	Include all Subjects for descendant Roles.	`False`
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all assigned SubjectIDs.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`grant_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

Grant a Permission to a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist. If the Permission is already granted to the Role (duplicate policy).

`revoke_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

Revoke a Permission from a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist. If the permission was not granted to the role (policy does not exist).

`check_permission(*, role: str, permission: Permission, db: Session) -> bool` `classmethod`

Check if a Role has a Permission.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`permission`	`Permission`	The Permission to check for.	required
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`bool`	True if the Permission is granted.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`assert_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

Check if a Role has a Permission.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`permission`	`Permission`	The Permission to check for.	required
`db`	`Session`	The SQLAlchemy session.	required

Raises:

Type	Description
`PermissionNotGrantedError`	If the Permission is not granted (including inherited permissions).
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`permissions(*, role: str, inherited: bool = True, db: Session) -> tuple[Permission, ...]` `classmethod`

Get all granted Permissions for a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`inherited`	`bool`	Includes all Permissions inherited by ascendant Roles.	`True`
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[Permission, ...]`	A tuple containing all granted Permissions.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`policies(*, role: str, inherited: bool = True, db: Session) -> tuple[Policy, ...]` `classmethod`

Get all granted Policies for a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`inherited`	`bool`	Includes all Policies inherited by ascendant Roles.	`True`
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[Policies, ...]`	A tuple containing all granted Policies.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the target Role does not exist.

`actions_on_resource(*, role: str, resource_type: str, resource_id: str, inherited: bool = True, db: Session) -> tuple[str, ...]` `classmethod`

Get all Actions granted on a Resource for a Role.

Parameters:

Name	Type	Description	Default
`role`	`str`	The target RoleID.	required
`resource_type`	`str`	The ResourceType to check.	required
`resource_id`	`str`	The ResourceID to check.	required
`inherited`	`bool`	Includes all Actions inherited by ascendant Roles.	`True`
`db`	`Session`	The SQLAlchemy session.	required

Returns:

Type	Description
`tuple[str, ...]`	A tuple containing all granted Actions.

Raises:

Type	Description
`PyPermissionError`	If `role` is an empty string. If the ResourceType is an empty string. If the target Role does not exist.

API Reference - Role

pypermission.service.role.RoleService

create(*, role: str, db: Session) -> None classmethod

delete(*, role: str, db: Session) -> None classmethod

list(*, db: Session) -> tuple[str, ...] classmethod

add_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None classmethod

remove_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None classmethod

parents(*, role: str, db: Session) -> tuple[str, ...] classmethod

children(*, role: str, db: Session) -> tuple[str, ...] classmethod

ascendants(*, role: str, db: Session) -> tuple[str, ...] classmethod

descendants(*, role: str, db: Session) -> tuple[str, ...] classmethod

subjects(*, role: str, include_descendant_subjects: bool = False, db: Session) -> tuple[str, ...] classmethod

grant_permission(*, role: str, permission: Permission, db: Session) -> None classmethod

revoke_permission(*, role: str, permission: Permission, db: Session) -> None classmethod

check_permission(*, role: str, permission: Permission, db: Session) -> bool classmethod

assert_permission(*, role: str, permission: Permission, db: Session) -> None classmethod

permissions(*, role: str, inherited: bool = True, db: Session) -> tuple[Permission, ...] classmethod

policies(*, role: str, inherited: bool = True, db: Session) -> tuple[Policy, ...] classmethod

actions_on_resource(*, role: str, resource_type: str, resource_id: str, inherited: bool = True, db: Session) -> tuple[str, ...] classmethod

`pypermission.service.role.RoleService`

`create(*, role: str, db: Session) -> None` `classmethod`

`delete(*, role: str, db: Session) -> None` `classmethod`

`list(*, db: Session) -> tuple[str, ...]` `classmethod`

`add_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None` `classmethod`

`remove_hierarchy(*, parent_role: str, child_role: str, db: Session) -> None` `classmethod`

`parents(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

`children(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

`ascendants(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

`descendants(*, role: str, db: Session) -> tuple[str, ...]` `classmethod`

`subjects(*, role: str, include_descendant_subjects: bool = False, db: Session) -> tuple[str, ...]` `classmethod`

`grant_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

`revoke_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

`check_permission(*, role: str, permission: Permission, db: Session) -> bool` `classmethod`

`assert_permission(*, role: str, permission: Permission, db: Session) -> None` `classmethod`

`permissions(*, role: str, inherited: bool = True, db: Session) -> tuple[Permission, ...]` `classmethod`

`policies(*, role: str, inherited: bool = True, db: Session) -> tuple[Policy, ...]` `classmethod`

`actions_on_resource(*, role: str, resource_type: str, resource_id: str, inherited: bool = True, db: Session) -> tuple[str, ...]` `classmethod`