""" Tool Permissions Permission control for tool execution. """ from enum import Enum from typing import Set, Dict, Optional, List class ToolPermission(str, Enum): """Tool permissions""" EXECUTE = "tool:execute" CONFIGURE = "tool:configure" ENABLE = "tool:enable" DISABLE = "tool:disable" VIEW = "tool:view" class ToolPermissionChecker: """Tool permission checker""" def __init__(self): self._user_permissions: Dict[str, Set[ToolPermission]] = {} self._tool_roles: Dict[str, Set[str]] = {} # tool_name -> required_roles self._role_permissions: Dict[str, Set[ToolPermission]] = { "admin": { ToolPermission.EXECUTE, ToolPermission.CONFIGURE, ToolPermission.ENABLE, ToolPermission.DISABLE, ToolPermission.VIEW, }, "user": {ToolPermission.EXECUTE, ToolPermission.VIEW}, "guest": {ToolPermission.VIEW}, } def set_user_permissions( self, user_id: str, permissions: Set[ToolPermission], ) -> None: """Set user permissions directly""" self._user_permissions[user_id] = permissions def set_user_role(self, user_id: str, role: str) -> None: """Set user role""" if role in self._role_permissions: self._user_permissions[user_id] = self._role_permissions[role].copy() def set_tool_roles( self, tool_name: str, required_roles: Set[str], ) -> None: """Set tool required roles""" self._tool_roles[tool_name] = required_roles def can_execute(self, user_id: str, tool_name: str) -> bool: """Check if user can execute tool""" if ToolPermission.EXECUTE in self._user_permissions.get(user_id, set()): return True required_roles = self._tool_roles.get(tool_name, set()) if not required_roles: return True user_perms = self._user_permissions.get(user_id, set()) for role in required_roles: if role in self._role_permissions: if self._role_permissions[role] & user_perms: return True return False def can_configure(self, user_id: str, tool_name: str) -> bool: """Check if user can configure tool""" return ToolPermission.CONFIGURE in self._user_permissions.get(user_id, set()) def can_enable(self, user_id: str, tool_name: str) -> bool: """Check if user can enable tool""" return ToolPermission.ENABLE in self._user_permissions.get(user_id, set()) def can_disable(self, user_id: str, tool_name: str) -> bool: """Check if user can disable tool""" return ToolPermission.DISABLE in self._user_permissions.get(user_id, set()) def can_view(self, user_id: str, tool_name: str) -> bool: """Check if user can view tool""" return ToolPermission.VIEW in self._user_permissions.get(user_id, set()) # Global permission checker _permission_checker: Optional[ToolPermissionChecker] = None def get_permission_checker() -> ToolPermissionChecker: """Get global permission checker""" global _permission_checker if _permission_checker is None: _permission_checker = ToolPermissionChecker() return _permission_checker