|
|
""" |
|
|
User Context and Permission Module |
|
|
Handles permission checks for API key authentication |
|
|
""" |
|
|
|
|
|
from typing import Optional |
|
|
|
|
|
|
|
|
def check_permission(user_scopes: list, required_scope: str) -> bool: |
|
|
""" |
|
|
Check if user has required permission |
|
|
|
|
|
Args: |
|
|
user_scopes: List of scopes user has |
|
|
required_scope: Scope needed for this operation |
|
|
|
|
|
Returns: |
|
|
True if user has permission |
|
|
""" |
|
|
|
|
|
if 'admin' in user_scopes: |
|
|
return True |
|
|
|
|
|
|
|
|
return required_scope in user_scopes |
|
|
|
|
|
|
|
|
|
|
|
SCOPE_REQUIREMENTS = { |
|
|
|
|
|
'create_order': 'orders:write', |
|
|
'fetch_orders': 'orders:read', |
|
|
'update_order': 'orders:write', |
|
|
'delete_order': 'orders:write', |
|
|
'search_orders': 'orders:read', |
|
|
'get_order_details': 'orders:read', |
|
|
'count_orders': 'orders:read', |
|
|
'get_incomplete_orders': 'orders:read', |
|
|
|
|
|
|
|
|
'create_driver': 'drivers:write', |
|
|
'fetch_drivers': 'drivers:read', |
|
|
'update_driver': 'drivers:write', |
|
|
'delete_driver': 'drivers:write', |
|
|
'search_drivers': 'drivers:read', |
|
|
'get_driver_details': 'drivers:read', |
|
|
'count_drivers': 'drivers:read', |
|
|
'get_available_drivers': 'drivers:read', |
|
|
|
|
|
|
|
|
'create_assignment': 'assignments:manage', |
|
|
'auto_assign_order': 'assignments:manage', |
|
|
'intelligent_assign_order': 'assignments:manage', |
|
|
'get_assignment_details': 'assignments:manage', |
|
|
'update_assignment': 'assignments:manage', |
|
|
'unassign_order': 'assignments:manage', |
|
|
'complete_delivery': 'assignments:manage', |
|
|
'fail_delivery': 'assignments:manage', |
|
|
|
|
|
|
|
|
'geocode_address': None, |
|
|
'calculate_route': None, |
|
|
'calculate_intelligent_route': None, |
|
|
|
|
|
|
|
|
'delete_all_orders': 'admin', |
|
|
'delete_all_drivers': 'admin', |
|
|
} |
|
|
|
|
|
|
|
|
def get_required_scope(tool_name: str) -> Optional[str]: |
|
|
""" |
|
|
Get the scope required for a tool |
|
|
|
|
|
Args: |
|
|
tool_name: Name of the tool |
|
|
|
|
|
Returns: |
|
|
Required scope or None if tool is public |
|
|
""" |
|
|
return SCOPE_REQUIREMENTS.get(tool_name, 'admin') |
|
|
|
