LeoVasanko/passkey-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow specifying multiple permissions.

Browse Source
This commit is contained in:
Leo Vasanko
2025-08-30 16:47:38 -06:00
parent cb17a332a3
commit 16de7b5f1f
3 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
passkey/fastapi/authz.py
View File

@@ -12,23 +12,24 @@ from ..globals import db
from ..util.tokens import session_key
async def verify(auth: str | None, perm: str | None):
"""Validate session token and optional permission.
async def verify(auth: str | None, perms: list[str] | None):
"""Validate session token and optional list of required permissions.
Returns the Session object on success. Raises HTTPException on failure.
401: unauthenticated / invalid session
403: missing required permission
403: one or more required permissions missing
"""
if not auth:
raise HTTPException(status_code=401, detail="Authentication required")
session = await get_session(auth)
if perm:
if perms:
ctx = await db.instance.get_session_context(session_key(auth))
if not ctx:
raise HTTPException(status_code=401, detail="Session not found")
role_perms = set(ctx.role.permissions or [])
org_perms = set(ctx.org.permissions or []) if ctx.org else set()
if perm not in role_perms and perm not in org_perms:
available = set(ctx.role.permissions or []) | (
set(ctx.org.permissions or []) if ctx.org else set()
)
if any(p not in available for p in perms):
raise HTTPException(status_code=403, detail="Permission required")
return session