Skip to content

BasePermission class

This is the reference for the main object BasePermission that contains all the parameters, attributes and functions.

ravyn.BasePermission

The abstract base class for all permissions used by Ravyn.

Subclasses must inherit from BasePermission and override the has_permission method to implement specific authorization logic.

has_permission 

has_permission(request, controller)

Mandatory functionality and entry-point for verifying if the resource is available or not.

The has_permission can be both sync and async depending of the needs of application.

PARAMETER DESCRIPTION
request

The request object being passed through the request.

TYPE: Request

controller

A handler usually corresponding the level where the permission is placed.

TYPE: APIGateHandler

RETURNS DESCRIPTION
bool

Boolean indicating if has or not permission to access the specific resource.

Example with async

from ravyn import BasePermission, Request
from ravyn.types import APIGateHandler


class IsProjectAllowed(BasePermission):
    '''
    Permission to validate if has access to a given project
    '''

    async def has_permission(self, request: "Request", controller: "APIGateHandler") -> bool:
        allow_project = request.headers.get("allow_access")
        return bool(allow_project)

Example with sync

from ravyn import BasePermission, Request
from ravyn.types import APIGateHandler


class IsProjectAllowed(BasePermission):
    '''
    Permission to validate if has access to a given project
    '''

    def has_permission(self, request: "Request", controller: "APIGateHandler") -> bool:
        allow_project = request.headers.get("allow_access")
        return bool(allow_project)
Source code in ravyn/permissions/base.py 
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
def has_permission(
    self,
    request: Annotated[
        "Request",
        Doc(
            """
            The request object being passed through the request.
            """
        ),
    ],
    controller: Annotated[
        "APIGateHandler",
        Doc(
            """
            A [handler](https://ravyn.dev/routing/handlers/) usually
            corresponding the [level](https://ravyn.dev/application/levels/)
            where the permission is placed.
            """
        ),
    ],
) -> bool:
    """
    **Mandatory** functionality and entry-point for verifying
    if the resource is available or not.

    The `has_permission` can be both `sync` and `async` depending
    of the needs of application.

    Returns:
        Boolean indicating if has or not permission to access the specific resource.

    **Example with `async`**

    ```python
    from ravyn import BasePermission, Request
    from ravyn.types import APIGateHandler


    class IsProjectAllowed(BasePermission):
        '''
        Permission to validate if has access to a given project
        '''

        async def has_permission(self, request: "Request", controller: "APIGateHandler") -> bool:
            allow_project = request.headers.get("allow_access")
            return bool(allow_project)
    ```

    **Example with `sync`**

    ```python
    from ravyn import BasePermission, Request
    from ravyn.types import APIGateHandler


    class IsProjectAllowed(BasePermission):
        '''
        Permission to validate if has access to a given project
        '''

        def has_permission(self, request: "Request", controller: "APIGateHandler") -> bool:
            allow_project = request.headers.get("allow_access")
            return bool(allow_project)
    ```
    """
    return True