Files
JARVIS/backend/app/tools/permissions.py

104 lines
3.3 KiB
Python
Raw Permalink Normal View History

"""
Tool Permissions
Permission control for tool execution.
"""
from enum import Enum
from typing import Set, Dict, Optional, List
class ToolPermission(str, Enum):
"""Tool permissions"""
EXECUTE = "tool:execute"
CONFIGURE = "tool:configure"
ENABLE = "tool:enable"
DISABLE = "tool:disable"
VIEW = "tool:view"
class ToolPermissionChecker:
"""Tool permission checker"""
def __init__(self):
self._user_permissions: Dict[str, Set[ToolPermission]] = {}
self._tool_roles: Dict[str, Set[str]] = {} # tool_name -> required_roles
self._role_permissions: Dict[str, Set[ToolPermission]] = {
"admin": {
ToolPermission.EXECUTE,
ToolPermission.CONFIGURE,
ToolPermission.ENABLE,
ToolPermission.DISABLE,
ToolPermission.VIEW,
},
"user": {ToolPermission.EXECUTE, ToolPermission.VIEW},
"guest": {ToolPermission.VIEW},
}
def set_user_permissions(
self,
user_id: str,
permissions: Set[ToolPermission],
) -> None:
"""Set user permissions directly"""
self._user_permissions[user_id] = permissions
def set_user_role(self, user_id: str, role: str) -> None:
"""Set user role"""
if role in self._role_permissions:
self._user_permissions[user_id] = self._role_permissions[role].copy()
def set_tool_roles(
self,
tool_name: str,
required_roles: Set[str],
) -> None:
"""Set tool required roles"""
self._tool_roles[tool_name] = required_roles
def can_execute(self, user_id: str, tool_name: str) -> bool:
"""Check if user can execute tool"""
if ToolPermission.EXECUTE in self._user_permissions.get(user_id, set()):
return True
required_roles = self._tool_roles.get(tool_name, set())
if not required_roles:
return True
user_perms = self._user_permissions.get(user_id, set())
for role in required_roles:
if role in self._role_permissions:
if self._role_permissions[role] & user_perms:
return True
return False
def can_configure(self, user_id: str, tool_name: str) -> bool:
"""Check if user can configure tool"""
return ToolPermission.CONFIGURE in self._user_permissions.get(user_id, set())
def can_enable(self, user_id: str, tool_name: str) -> bool:
"""Check if user can enable tool"""
return ToolPermission.ENABLE in self._user_permissions.get(user_id, set())
def can_disable(self, user_id: str, tool_name: str) -> bool:
"""Check if user can disable tool"""
return ToolPermission.DISABLE in self._user_permissions.get(user_id, set())
def can_view(self, user_id: str, tool_name: str) -> bool:
"""Check if user can view tool"""
return ToolPermission.VIEW in self._user_permissions.get(user_id, set())
# Global permission checker
_permission_checker: Optional[ToolPermissionChecker] = None
def get_permission_checker() -> ToolPermissionChecker:
"""Get global permission checker"""
global _permission_checker
if _permission_checker is None:
_permission_checker = ToolPermissionChecker()
return _permission_checker