Skip to content

API Reference - Subject

pypermission.service.subject.SubjectService

create(*, subject: str, db: Session) -> None classmethod

Create a new Subject.

Parameters:

Name Type Description Default
subject str

The SubjectID of the Subject to create.

 required
db Session

The SQLAlchemy session.

 required

Raises:

Type Description
PyPermissionError

If a Subject with the given SubjectID already exists or subject is empty string.

delete(*, subject: str, db: Session) -> None classmethod

Delete an existing Subject.

Parameters:

Name Type Description Default
subject str

The SubjectID to delete.

 required
db Session

The SQLAlchemy session.

 required

Raises:

Type Description
PyPermissionError

If a Subject with the given SubjectID does not exist or subject is empty string.

list(*, db: Session) -> tuple[str, ...] classmethod

Get all Subjects.

Parameters:

Name Type Description Default
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
tuple[str, ...]

A tuple containing all SubjectIDs.

assign_role(*, subject: str, role: str, db: Session) -> None classmethod

Assign a Subject to a Role.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
role str

The target RoleID.

 required
db Session

The SQLAlchemy session.

 required

Raises:

Type Description
PyPermissionError

If subject is empty string. If role is empty string. If the Subject does not exist. If the Role does not exist. If the Subject was assigned to Role before. TODO

deassign_role(*, subject: str, role: str, db: Session) -> None classmethod

Deassign a Subject from a Role.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
role str

The target RoleID.

 required
db Session

The SQLAlchemy session.

 required

Raises:

Type Description
PyPermissionError

If subject is empty string. If role is empty string. If the Subject does not exist. If the Role does not exist. If the Subject is not assigned to the Role. TODO

roles(*, subject: str, include_ascendant_roles: bool = False, db: Session) -> tuple[str, ...] classmethod

Get all Roles assigned to a Subject.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
include_ascendant_roles bool

Include all ascendant Roles.

 False
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
tuple[str, ...]

A tuple containing all assigned RoleIDs.

Raises:

Type Description
PyPermissionError

If subject is empty string. If the target Subject does not exist.

check_permission(*, subject: str, permission: Permission, db: Session) -> bool classmethod

Check if a Subject has access to a specific Permission via its Role hierarchy.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
permission Permission

The Permission to check for.

 required
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
bool

True if the Permission is granted.

Raises:

Type Description
PyPermissionError

If subject is empty string. If the target Subject does not exist. TODO

assert_permission(*, subject: str, permission: Permission, db: Session) -> None classmethod

Asserts that a Subject has access to a specific Permission via its Role hierarchy.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
permission Permission

The Permission to check for.

 required
db Session

The SQLAlchemy session.

 required

Raises:

Type Description
PyPermissionNotGrantedError

If the Permission is not granted.
PyPermissionError

If subject is empty string. If the target Subject does not exist.

permissions(*, subject: str, db: Session) -> tuple[Permission, ...] classmethod

Get all Permissions a Subject has access to via its Role hierarchy.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
tuple[Permission, ...]

A tuple containing all granted Permissions.

Raises:

Type Description
PyPermissionError

If subject is empty string. If the target Subject does not exist.

policies(*, subject: str, db: Session) -> tuple[Policy, ...] classmethod

Get all Policies associated to a Subject via its Role hierarchy.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
tuple[Policies, ...]

A tuple containing all granted Policies.

Raises:

Type Description
PyPermissionError

If subject is empty string. If the target Subject does not exist.

actions_on_resource(*, subject: str, resource_type: str, resource_id: str, inherited: bool = True, db: Session) -> tuple[str, ...] classmethod

Get all Actions granted to a Subject on a specific Resource.

Parameters:

Name Type Description Default
subject str

The target SubjectID.

 required
resource_type str

The ResourceType of the Resource.

 required
resource_id str

The ResourceID of the Resource.

 required
inherited bool

Whether to include inherited Actions from Role hierarchies.

 True
db Session

The SQLAlchemy session.

 required

Returns:

Type Description
tuple[str, ...]

A tuple containing all granted Action values.

Raises:

Type Description
PyPermissionError

If subject is empty string. If resource_type is empty string. If the target Subject does not exist.