bayesline.api.PermissionsApi

bayesline.api.PermissionsApi#

class bayesline.api.PermissionsApi#

Abstract base class for synchronous ACL-based permissionining API operations.

__init__()#

Methods

`__init__`()
`add_user_to_group`(group_id, user_id)	Add a user to a group.
`assign_role`(user_id, role_type)	Assign a role to a user.
`check_permission`(resource_id, ...)	Check if the current user has the required permission for a resource.
`create_group`(name, description)	Create a new user group.
`delete_group`(group_id)	Delete a user group.
`get_accessible_resources`(resource_type, ...)	Get all resources the current user can access with the required permission.
`get_user_permissions`([resource_type, ...])	Get the current user's permissions for resources.
`grant_permission`(resource_id, ...)	Grant permission to a principal for a resource.
`list_group_members`(group_id)	List members of a group.
`list_groups`()	List all groups the current user can see.
`list_user_roles`([user_id])	List roles assigned to a user.
`remove_user_from_group`(group_id, user_id)	Remove a user from a group.
`revoke_permission`(resource_id, ...)	Revoke permission from a principal for a resource.
`revoke_role`(user_id, role_type)	Revoke a role from a user.
`update_group`(group_id, description)	Update a group's description.
`update_permission`(resource_id, ...)	Update permission level for a principal on a resource.

abstract get_user_permissions(resource_type: ResourceType | None = None, resource_ids: Sequence[int] | None = None) → UserPermissionsSummary#

Get the current user’s permissions for resources.

Parameters#

resource_typeResourceType | None, default=None: Specific resource type to check. If None, returns permissions for all accessible resources.
resource_idsSequence[int] | None, default=None: Specific resource IDs to check. If None, returns permissions for all accessible resources.

Returns#

UserPermissionsSummary: Summary of the user’s permissions.

abstract check_permission(resource_id: int, required_permission: PermissionLevel) → bool#

Check if the current user has the required permission for a resource.

Parameters#

resource_idint: The ID of the resource to check.
required_permissionPermissionLevel: The required permission level.

Returns#

bool: True if the user has the required permission, False otherwise.

abstract get_accessible_resources(resource_type: ResourceType, required_permission: PermissionLevel) → Sequence[int]#

Get all resources the current user can access with the required permission.

Parameters#

resource_typeResourceType: The type of resources to check.
required_permissionPermissionLevel: The minimum permission level required.

Returns#

Sequence[int]: List of resource IDs the user can access.

abstract grant_permission(resource_id: int, principal_type: PrincipalType, principal_id: str, permission_level: PermissionLevel) → None#

Grant permission to a principal for a resource.

The current user must have ADMIN permission on the resource.

Parameters#

resource_idint: The ID of the resource.
principal_typePrincipalType: The type of principal (user, group, role).
principal_idstr: The ID of the principal.
permission_levelPermissionLevel: The permission level to grant.

Raises#

PermissionDeniedError: If the current user doesn’t have ADMIN permission on the resource.

abstract revoke_permission(resource_id: int, principal_type: PrincipalType, principal_id: str) → None#

Revoke permission from a principal for a resource.

The current user must have ADMIN permission on the resource.

Parameters#

resource_idint: The ID of the resource.
principal_typePrincipalType: The type of principal (user, group, role).
principal_idstr: The ID of the principal.

Raises#

PermissionDeniedError: If the current user doesn’t have ADMIN permission on the resource.

abstract update_permission(resource_id: int, principal_type: PrincipalType, principal_id: str, permission_level: PermissionLevel) → None#

Update permission level for a principal on a resource.

The current user must have ADMIN permission on the resource.

Parameters#

resource_idint: The ID of the resource.
principal_typePrincipalType: The type of principal (user, group, role).
principal_idstr: The ID of the principal.
permission_levelPermissionLevel: The new permission level.

Raises#

PermissionDeniedError: If the current user doesn’t have ADMIN permission on the resource.

abstract create_group(name: str, description: str) → int#

Create a new user group.

Parameters#

namestr: The name of the group.
descriptionstr: A description of the group.

Returns#

int: The ID of the created group.

abstract update_group(group_id: int, description: str) → None#

Update a group’s description.

The current user must be the creator of the group or have admin role.

Parameters#

group_idint: The ID of the group.
descriptionstr: The new description.

Raises#

PermissionDeniedError: If the current user doesn’t have permission to update the group.

abstract delete_group(group_id: int) → None#

Delete a user group.

The current user must be the creator of the group or have admin role.

Parameters#

group_idint: The ID of the group to delete.

Raises#

PermissionDeniedError: If the current user doesn’t have permission to delete the group.

abstract add_user_to_group(group_id: int, user_id: str) → None#

Add a user to a group.

The current user must be the creator of the group or have admin role.

Parameters#

group_idint: The ID of the group.
user_idstr: The ID of the user to add.

Raises#

PermissionDeniedError: If the current user doesn’t have permission to manage the group.

abstract remove_user_from_group(group_id: int, user_id: str) → None#

Remove a user from a group.

The current user must be the creator of the group or have admin role.

Parameters#

group_idint: The ID of the group.
user_idstr: The ID of the user to remove.

Raises#

PermissionDeniedError: If the current user doesn’t have permission to manage the group.

abstract list_groups() → Sequence[UserGroup]#

List all groups the current user can see.

Returns#

Sequence[UserGroup]: List of groups the user can see (created by them or they’re members of).

abstract list_group_members(group_id: int) → Sequence[GroupMembership]#

List members of a group.

The current user must be a member of the group, the creator, or have admin role.

Parameters#

group_idint: The ID of the group.

Returns#

Sequence[GroupMembership]: List of group memberships.

Raises#

PermissionDeniedError: If the current user doesn’t have permission to view group members.

abstract assign_role(user_id: str, role_type: RoleType) → None#

Assign a role to a user.

Only users with ADMIN role can assign roles.

Parameters#

user_idstr: The ID of the user.
role_typeRoleType: The role to assign.

Raises#

PermissionDeniedError: If the current user doesn’t have ADMIN role.

abstract revoke_role(user_id: str, role_type: RoleType) → None#

Revoke a role from a user.

Only users with ADMIN role can revoke roles.

Parameters#

user_idstr: The ID of the user.
role_typeRoleType: The role to revoke.

Raises#

PermissionDeniedError: If the current user doesn’t have ADMIN role.

abstract list_user_roles(user_id: str | None = None) → Sequence[UserRole]#

List roles assigned to a user.

Parameters#

user_idstr | None, default=None: The ID of the user. If None, lists roles for the current user.

Returns#

Sequence[UserRole]: List of user role assignments.

Raises#

PermissionDeniedError: If trying to view another user’s roles without ADMIN permission.

bayesline.api.PermissionsApi

Contents

bayesline.api.PermissionsApi#

Parameters#

Returns#

Parameters#

Returns#

Parameters#

Returns#

Parameters#

Raises#

Parameters#

Raises#

Parameters#

Raises#

Parameters#

Returns#

Parameters#

Raises#

Parameters#

Raises#

Parameters#

Raises#

Parameters#

Raises#

Returns#

Parameters#

Returns#

Raises#

Parameters#

Raises#

Parameters#

Raises#

Parameters#

Returns#

Raises#