Skip to content

structs

Action

Bases: Vertex

A vertex type representing an action on a resource.

Source code in src/permission_graph/structs.py 
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
class Action(Vertex):
    """A vertex type representing an action on a resource."""

    vtype: str = Field(default="action")
    resource_type: str
    resource: str

    @property
    def id(self) -> str:
        return f"{self.vtype}:{self.resource_type}:{self.resource}:{self.name}"

    @classmethod
    def from_id(cls, vertex_id: str) -> Self:
        vtype, resource_type, resource, name = vertex_id.split(":")
        return cls(vtype=vtype, resource_type=resource_type, resource=resource, name=name)

Actor

Bases: Vertex

A vertex type representing an actor.

Source code in src/permission_graph/structs.py 
61
62
63
64
class Actor(Vertex):
    """A vertex type representing an actor."""

    vtype: str = Field(default="actor")

EdgeType

Bases: Enum

Type for edges.

Values

  • ALLOW: allow an actor to take an action
  • DENY: deny an actor from taking an action
  • MEMBER_OF: indicate membership in a collection
Source code in src/permission_graph/structs.py 
106
107
108
109
110
111
112
113
114
115
116
117
118
class EdgeType(Enum):
    """Type for edges.

    Values

    - `ALLOW`: allow an actor to take an action
    - `DENY`: deny an actor from taking an action
    - `MEMBER_OF`: indicate membership in a collection
    """

    ALLOW = "ALLOW"
    DENY = "DENY"
    MEMBER_OF = "MEMBER_OF"

Effect

Bases: Enum

The effect of a permission policy.

Values

  • ALLOW: action is allowed
  • DENY: action is not allowed
Source code in src/permission_graph/structs.py 
134
135
136
137
138
139
140
141
142
143
144
class Effect(Enum):
    """The effect of a permission policy.

    Values

    - `ALLOW`: action is allowed
    - `DENY`: action is not allowed
    """

    ALLOW = "ALLOW"
    DENY = "DENY"

Group

Bases: Vertex

A vertex type representing a group of Actors.

Source code in src/permission_graph/structs.py 
67
68
69
70
class Group(Vertex):
    """A vertex type representing a group of Actors."""

    vtype: str = Field(default="group")

PermissionPolicy

Bases: BaseModel

A permission policy statement.

PermissionPolicy objects represent a permission statement linking a user to an action.

Attributes:

Name Type Description
action Action

The policy's action
actor Actor

The policy's actor
resource Resource

The resource being acted upon
resourceType ResourceType

The resource type of the resource being acted upon
Source code in src/permission_graph/structs.py 
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
class PermissionPolicy(BaseModel):
    """A permission policy statement.

    PermissionPolicy objects represent a permission statement linking a user
    to an action.

    Attributes:
        action: The policy's action
        actor: The policy's actor
        resource: The resource being acted upon
        resourceType: The resource type of the resource being acted upon
    """

    action: Action
    actor: Actor
    group: Group | None
    resource: Resource
    resourceType: ResourceType

Resource

Bases: Vertex

A vertex type representing a resource.

Source code in src/permission_graph/structs.py 
73
74
75
76
77
78
79
80
81
82
83
84
85
86
class Resource(Vertex):
    """A vertex type representing a resource."""

    vtype: str = Field(default="resource")
    resource_type: str

    @property
    def id(self) -> str:
        return f"{self.vtype}:{self.resource_type}:{self.name}"

    @classmethod
    def from_id(cls, vertex_id: str) -> Self:
        vtype, resource_type, name = vertex_id.split(":")
        return cls(vtype=vtype, resource_type=resource_type, name=name)

ResourceType

Bases: Vertex

A vertex type representing resource types.

Source code in src/permission_graph/structs.py 
49
50
51
52
53
54
55
56
57
58
class ResourceType(Vertex):
    """A vertex type representing resource types."""

    vtype: str = Field(default="resource_type")
    actions: list[str]

    @classmethod
    def from_id(cls, vertex_id: str, actions):
        vtype, name = vertex_id.split(":")
        return cls(vtype=vtype, name=name, actions=actions)

TieBreakerPolicy

Bases: Enum

Policy for breaking ties in permissions graph.

Values

  • ANY_ALLOW: allow if any of the candidate paths allow the action
  • ALL_ALLOW: allow only if all of the candidate paths allow the action
Source code in src/permission_graph/structs.py 
121
122
123
124
125
126
127
128
129
130
131
class TieBreakerPolicy(Enum):
    """Policy for breaking ties in permissions graph.

    Values

    - `ANY_ALLOW`: allow if any of the candidate paths allow the action
    - `ALL_ALLOW`: allow only if all of the candidate paths allow the action
    """

    ANY_ALLOW = "ANY_ALLOW"
    ALL_ALLOW = "ALL_ALLOW"

Vertex

Bases: BaseModel

A vertex in the permission graph.

Source code in src/permission_graph/structs.py 
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
class Vertex(BaseModel):
    """A vertex in the permission graph."""

    vtype: str
    name: str

    @property
    def id(self) -> str:
        return f"{self.vtype}:{self.name}"

    @classmethod
    def from_id(cls, vertex_id: str) -> str:
        """Return an instance of this class from a vertex id."""
        vtype, name = vertex_id.split(":")
        return cls(vtype=vtype, name=name)

    @staticmethod
    def factory(vertex_id: str, **kwargs) -> Self:
        """Return a vertex object given vtype and vertex_id.

        Args:
            vtype: The type of the vertex (`user`, `action`, `group`, `resource`)
            vertex_id: The id of the vertex
        """
        vtype_map = {"actor": Actor, "resource": Resource, "action": Action, "group": Group}
        vtype = vertex_id.split(":")[0]
        return vtype_map[vtype].from_id(vertex_id, **kwargs)

factory(vertex_id, **kwargs) staticmethod

Return a vertex object given vtype and vertex_id.

Parameters:

Name Type Description Default
vtype

The type of the vertex (user, action, group, resource)

 required
vertex_id str

The id of the vertex

 required
Source code in src/permission_graph/structs.py 
36
37
38
39
40
41
42
43
44
45
46
@staticmethod
def factory(vertex_id: str, **kwargs) -> Self:
    """Return a vertex object given vtype and vertex_id.

    Args:
        vtype: The type of the vertex (`user`, `action`, `group`, `resource`)
        vertex_id: The id of the vertex
    """
    vtype_map = {"actor": Actor, "resource": Resource, "action": Action, "group": Group}
    vtype = vertex_id.split(":")[0]
    return vtype_map[vtype].from_id(vertex_id, **kwargs)

from_id(vertex_id) classmethod

Return an instance of this class from a vertex id.

Source code in src/permission_graph/structs.py 
30
31
32
33
34
@classmethod
def from_id(cls, vertex_id: str) -> str:
    """Return an instance of this class from a vertex id."""
    vtype, name = vertex_id.split(":")
    return cls(vtype=vtype, name=name)