reshut.authorization

allow_anonymous(func)

Indicates that a handler does not require Authorization.

Parameters:

func (Callable[..., Any]) – The handler function.

Return type:

Callable[..., Any]

Returns:

The handler function (not wrapped.)

allow_claim(func, claim_name, claim_check=None, is_required=False)

Adds an ALLOW claim rule to a handler.

When at least one ALLOW claim rule is defined on a handler, then access is denied if at least one of the allowed claims is not presented.

Parameters:

  • func (Callable[..., Any]) – The handler function.

  • claim_name (str) – Claim name.

  • claim_check (Union[Any, Callable[[Any], bool], None]) – Optional literal value that the claim must present, or a ClaimEvaluator that checks the claim is a match.

  • is_required (bool) – Optional boolean indicating that the claim is required, forming a “REQUIRED claim rule”.

Return type:

Callable[..., Any]

Returns:

The handler function (not wrapped.)

deny_claim(func, claim_name, claim_check=None)

Adds a DENY claim rule to a handler.

When any presented claim matches a DENY claim rule, then access is denied.

Parameters:

  • func (Callable[..., Any]) – The handler function.

  • claim_name (str) – Claim name.

  • claim_check (Union[Any, Callable[[Any], bool], None]) – Optional literal value that the claim must NOT present, or a ClaimEvaluator that checks the claim is a match.

Return type:

Callable[..., Any]

Returns:

The handler function (not wrapped.)

require_claim(func, claim_name, claim_check=None)

Adds a REQUIRED claim rule to a handler.

When all required claims are presented, then access is granted.

Parameters:

  • func (Callable[..., Any]) – The handler function.

  • claim_name (str) – Claim name.

  • claim_check (Union[Any, Callable[[Any], bool], None]) – Optional literal value that the claim must present, or a ClaimEvaluator that checks the claim is a match.

Return type:

Callable[..., Any]

Returns:

The handler function (not wrapped.)