🔍 Code Extractor

function get_user_permissions

Maturity: 52

Retrieves all permissions for a user by aggregating permissions from their assigned roles, with fallback to default USER role permissions.

File:
/tf/active/vicechatdev/CDocs/config/permissions.py
Lines:
71 - 101
Complexity:
simple

Purpose

This function serves as a permission resolution mechanism in a role-based access control (RBAC) system. It takes a user object and returns a deduplicated list of all permissions granted through the user's roles. If the user has no roles assigned, it defaults to USER role permissions. If the user object is None or falsy, it returns an empty list. This is typically used for authorization checks to determine what actions a user can perform in the application.

Source Code

def get_user_permissions(user: Any) -> List[str]:
    """
    Get all permissions for a user based on their roles.
    
    Parameters
    ----------
    user : Any
        The user to get permissions for
        
    Returns
    -------
    List[str]
        List of permission types the user has
    """
    if not user:
        return []
        
    # Get all user roles
    user_roles = user.roles if hasattr(user, 'roles') else []
    
    # If no roles, fall back to USER role
    if not user_roles:
        return settings.ROLE_PERMISSIONS.get('USER', [])
        
    # Combine permissions from all roles
    all_permissions = set()
    for role in user_roles:
        if role in settings.ROLE_PERMISSIONS:
            all_permissions.update(settings.ROLE_PERMISSIONS[role])
    
    return list(all_permissions)

Parameters

Name Type Default Kind
user Any - positional_or_keyword

Parameter Details

user: A user object that may contain a 'roles' attribute. Expected to be any object type (duck-typed) that potentially has a 'roles' attribute containing an iterable of role names (strings). Can be None or falsy, in which case an empty permission list is returned. The roles should correspond to keys in settings.ROLE_PERMISSIONS dictionary.

Return Value

Type: List[str]

Returns a List[str] containing unique permission strings that the user has access to. Each string represents a permission type (e.g., 'read', 'write', 'admin'). The list is deduplicated using a set internally, so no duplicate permissions are returned even if multiple roles grant the same permission. Returns an empty list if user is None/falsy, or returns default USER role permissions if user has no roles assigned.

Dependencies

  • typing
  • CDocs.config

Required Imports

from typing import List, Any
from CDocs.config import settings

Usage Example

# Assuming settings.ROLE_PERMISSIONS is configured:
# settings.ROLE_PERMISSIONS = {
#     'USER': ['read', 'comment'],
#     'EDITOR': ['read', 'write', 'comment'],
#     'ADMIN': ['read', 'write', 'delete', 'comment']
# }

from typing import List, Any
from CDocs.config import settings

# Example user object with roles
class User:
    def __init__(self, roles):
        self.roles = roles

user_with_roles = User(roles=['USER', 'EDITOR'])
permissions = get_user_permissions(user_with_roles)
print(permissions)  # Output: ['read', 'write', 'comment']

# User with no roles (fallback to USER)
user_no_roles = User(roles=[])
permissions = get_user_permissions(user_no_roles)
print(permissions)  # Output: ['read', 'comment']

# No user provided
permissions = get_user_permissions(None)
print(permissions)  # Output: []

Best Practices

  • Ensure settings.ROLE_PERMISSIONS is properly configured before calling this function, including a 'USER' key for fallback behavior
  • The function uses duck typing for the user parameter, so ensure your user objects have a 'roles' attribute if they should have non-default permissions
  • Role names in user.roles should exactly match keys in settings.ROLE_PERMISSIONS (case-sensitive)
  • The function deduplicates permissions automatically, so overlapping permissions across roles are handled correctly
  • Consider caching the results of this function if called frequently for the same user to improve performance
  • Handle the empty list return value appropriately when user is None or has no valid roles

Tags

authorization permissions rbac role-based-access-control security user-management access-control roles

Similar Components

AI-powered semantic similarity - components with related functionality:

  • function user_has_permission 70.1% similar

    Validates whether a user has one or more specified permissions based on their assigned roles and a role-permission mapping configuration.

    From: /tf/active/vicechatdev/CDocs/config/permissions.py

  • function check_document_permission 62.7% similar

    Validates whether a user has specific permission(s) to access or modify a document based on their roles, ownership status, and configured role permissions.

    From: /tf/active/vicechatdev/CDocs/config/permissions.py

  • function user_has_permission_for_resource 58.5% similar

    Checks if a user has a specific permission for a resource, considering both general permissions and resource-specific ownership/creator rights.

    From: /tf/active/vicechatdev/CDocs/config/permissions.py

  • function get_user_pending_approvals 52.6% similar

    Retrieves all pending approval assignments for a specific user, with optional filtering by completion status and date range, returning structured approval data for UI display.

    From: /tf/active/vicechatdev/CDocs/controllers/approval_controller.py

  • function get_user_pending_approvals_v1 52.0% similar

    Retrieves a filtered list of approval cycles pending action from a specific user, ensuring the user has current approval authority for each returned item.

    From: /tf/active/vicechatdev/CDocs/controllers/approval_controller_bis.py
← Back to Browse