in src/services/rbac_service.py [0:0]
def is_allowed(self, customer: str, role: str, permission: Permission
) -> bool:
"""
Tells whether the given permission is allowed by the role inside
customer
:param customer:
:param role:
:param permission: target permission
:return:
"""
role = self.get_role(customer, role)
if not role or role.has_expired:
return False
it = chain.from_iterable(
policy.permissions for policy in self.iter_role_policies(role)
)
for user_permission in it:
if self.does_permission_match(permission.value, user_permission):
return True
return False