Source code for structum_lab.plugins.auth.rbac

# Role-Based Access Control (RBAC)
# SPDX-License-Identifier: Apache-2.0

"""
RBAC utilities for permission checking.
"""

from structum_lab.auth.interfaces import UserInterface



[docs]
class RoleChecker:
    """Helper for checking roles and permissions."""


[docs]
    @staticmethod
    def has_role(user: UserInterface, role: str) -> bool:
        """Check if user has specific role."""
        return role in user.roles



[docs]
    @staticmethod
    def has_any_role(user: UserInterface, roles: list[str]) -> bool:
        """Check if user has any of the specified roles."""
        return any(r in user.roles for r in roles)



[docs]
    @staticmethod
    def check_permission(user: UserInterface, permission: str) -> bool:
        """Check permission (delegates to user object)."""
        return user.has_permission(permission)