104 lines
3.3 KiB
Python
104 lines
3.3 KiB
Python
"""
|
|
Tool Permissions
|
|
|
|
Permission control for tool execution.
|
|
"""
|
|
|
|
from enum import Enum
|
|
from typing import Set, Dict, Optional, List
|
|
|
|
|
|
class ToolPermission(str, Enum):
|
|
"""Tool permissions"""
|
|
|
|
EXECUTE = "tool:execute"
|
|
CONFIGURE = "tool:configure"
|
|
ENABLE = "tool:enable"
|
|
DISABLE = "tool:disable"
|
|
VIEW = "tool:view"
|
|
|
|
|
|
class ToolPermissionChecker:
|
|
"""Tool permission checker"""
|
|
|
|
def __init__(self):
|
|
self._user_permissions: Dict[str, Set[ToolPermission]] = {}
|
|
self._tool_roles: Dict[str, Set[str]] = {} # tool_name -> required_roles
|
|
self._role_permissions: Dict[str, Set[ToolPermission]] = {
|
|
"admin": {
|
|
ToolPermission.EXECUTE,
|
|
ToolPermission.CONFIGURE,
|
|
ToolPermission.ENABLE,
|
|
ToolPermission.DISABLE,
|
|
ToolPermission.VIEW,
|
|
},
|
|
"user": {ToolPermission.EXECUTE, ToolPermission.VIEW},
|
|
"guest": {ToolPermission.VIEW},
|
|
}
|
|
|
|
def set_user_permissions(
|
|
self,
|
|
user_id: str,
|
|
permissions: Set[ToolPermission],
|
|
) -> None:
|
|
"""Set user permissions directly"""
|
|
self._user_permissions[user_id] = permissions
|
|
|
|
def set_user_role(self, user_id: str, role: str) -> None:
|
|
"""Set user role"""
|
|
if role in self._role_permissions:
|
|
self._user_permissions[user_id] = self._role_permissions[role].copy()
|
|
|
|
def set_tool_roles(
|
|
self,
|
|
tool_name: str,
|
|
required_roles: Set[str],
|
|
) -> None:
|
|
"""Set tool required roles"""
|
|
self._tool_roles[tool_name] = required_roles
|
|
|
|
def can_execute(self, user_id: str, tool_name: str) -> bool:
|
|
"""Check if user can execute tool"""
|
|
if ToolPermission.EXECUTE in self._user_permissions.get(user_id, set()):
|
|
return True
|
|
|
|
required_roles = self._tool_roles.get(tool_name, set())
|
|
if not required_roles:
|
|
return True
|
|
|
|
user_perms = self._user_permissions.get(user_id, set())
|
|
for role in required_roles:
|
|
if role in self._role_permissions:
|
|
if self._role_permissions[role] & user_perms:
|
|
return True
|
|
|
|
return False
|
|
|
|
def can_configure(self, user_id: str, tool_name: str) -> bool:
|
|
"""Check if user can configure tool"""
|
|
return ToolPermission.CONFIGURE in self._user_permissions.get(user_id, set())
|
|
|
|
def can_enable(self, user_id: str, tool_name: str) -> bool:
|
|
"""Check if user can enable tool"""
|
|
return ToolPermission.ENABLE in self._user_permissions.get(user_id, set())
|
|
|
|
def can_disable(self, user_id: str, tool_name: str) -> bool:
|
|
"""Check if user can disable tool"""
|
|
return ToolPermission.DISABLE in self._user_permissions.get(user_id, set())
|
|
|
|
def can_view(self, user_id: str, tool_name: str) -> bool:
|
|
"""Check if user can view tool"""
|
|
return ToolPermission.VIEW in self._user_permissions.get(user_id, set())
|
|
|
|
|
|
# Global permission checker
|
|
_permission_checker: Optional[ToolPermissionChecker] = None
|
|
|
|
|
|
def get_permission_checker() -> ToolPermissionChecker:
|
|
"""Get global permission checker"""
|
|
global _permission_checker
|
|
if _permission_checker is None:
|
|
_permission_checker = ToolPermissionChecker()
|
|
return _permission_checker
|