""" RBAC helper functions for resource access control. Provides convenient functions for checking permissions in feature modules. """ import logging from typing import Optional from modules.datamodels.datamodelUam import User, AccessLevel from modules.datamodels.datamodelRbac import AccessRuleContext from modules.security.rbac import RbacClass from modules.connectors.connectorDbPostgre import DatabaseConnector logger = logging.getLogger(__name__) def checkResourceAccess( RbacInstance: RbacClass, currentUser: User, resourcePath: str ) -> bool: """ Check if user has access to a resource. Args: RbacInstance: RbacClass instance currentUser: Current user object resourcePath: Resource path (e.g., "ai.model.anthropic", "ai.action.jira") Returns: True if user has view permission for the resource, False otherwise """ try: permissions = RbacInstance.getUserPermissions( currentUser, AccessRuleContext.RESOURCE, resourcePath ) return permissions.view except Exception as e: logger.error(f"Error checking resource access for {resourcePath}: {e}") return False def checkUiAccess( RbacInstance: RbacClass, currentUser: User, uiPath: str ) -> bool: """ Check if user has access to a UI element. Args: RbacInstance: RbacClass instance currentUser: Current user object uiPath: UI path (e.g., "playground.voice.settings", "chatbot.search") Returns: True if user has view permission for the UI element, False otherwise """ try: permissions = RbacInstance.getUserPermissions( currentUser, AccessRuleContext.UI, uiPath ) return permissions.view except Exception as e: logger.error(f"Error checking UI access for {uiPath}: {e}") return False def checkDataAccess( RbacInstance: RbacClass, currentUser: User, tableName: str, operation: str = "read" ) -> bool: """ Check if user has access to a data table for a specific operation. Args: RbacInstance: RbacClass instance currentUser: Current user object tableName: Table name (e.g., "UserInDB", "Mandate") operation: Operation to check ("read", "create", "update", "delete") Returns: True if user has permission for the operation, False otherwise """ try: permissions = RbacInstance.getUserPermissions( currentUser, AccessRuleContext.DATA, tableName ) if operation == "read": return permissions.read != AccessLevel.NONE elif operation == "create": return permissions.create != AccessLevel.NONE elif operation == "update": return permissions.update != AccessLevel.NONE elif operation == "delete": return permissions.delete != AccessLevel.NONE else: logger.warning(f"Unknown operation: {operation}") return False except Exception as e: logger.error(f"Error checking data access for {tableName}: {e}") return False def getResourcePermissions( RbacInstance: RbacClass, currentUser: User, resourcePath: str ) -> dict: """ Get full permissions for a resource. Args: RbacInstance: RbacClass instance currentUser: Current user object resourcePath: Resource path (e.g., "ai.model.anthropic") Returns: Dictionary with permission information """ try: permissions = RbacInstance.getUserPermissions( currentUser, AccessRuleContext.RESOURCE, resourcePath ) return { "view": permissions.view, "hasAccess": permissions.view } except Exception as e: logger.error(f"Error getting resource permissions for {resourcePath}: {e}") return { "view": False, "hasAccess": False } def getUiPermissions( RbacInstance: RbacClass, currentUser: User, uiPath: str ) -> dict: """ Get full permissions for a UI element. Args: RbacInstance: RbacClass instance currentUser: Current user object uiPath: UI path (e.g., "playground.voice.settings") Returns: Dictionary with permission information """ try: permissions = RbacInstance.getUserPermissions( currentUser, AccessRuleContext.UI, uiPath ) return { "view": permissions.view, "hasAccess": permissions.view } except Exception as e: logger.error(f"Error getting UI permissions for {uiPath}: {e}") return { "view": False, "hasAccess": False }