usso 0.28.17__py3-none-any.whl → 0.28.19__py3-none-any.whl

usso/auth/authorization.py

@@ -1,4 +1,5 @@
 import fnmatch
+import logging
 from urllib.parse import parse_qs, urlparse
 
 PRIVILEGE_LEVELS = {
@@ -136,7 +137,7 @@ def is_authorized(
         return False
 
     if requested_action:
-        user_level = PRIVILEGE_LEVELS.get(user_action or "*", 999)
+        user_level = PRIVILEGE_LEVELS.get(user_action or "read", 10)
         req_level = PRIVILEGE_LEVELS.get(requested_action, 0)
         return user_level >= req_level
 
@@ -181,3 +182,41 @@ def check_access(
             print(f"auth failed {filter}, {scope}")
 
     return False
+
+
+def is_subset_scope(*, subset_scope: str, super_scope: str) -> bool:
+    child_action, child_path, child_filters = parse_scope(subset_scope)
+    parent_action, parent_path, parent_filters = parse_scope(super_scope)
+
+    # 1. Compare privilege levels
+    child_level = PRIVILEGE_LEVELS.get(child_action or "read", 10)
+    parent_level = PRIVILEGE_LEVELS.get(parent_action or "read", 10)
+    if parent_level < child_level:
+        return False
+
+    # 2. Compare path
+    child_path_str = "/".join(child_path)
+    parent_path_str = "/".join(parent_path)
+    if not is_path_match(parent_path_str, child_path_str):
+        return False
+
+    # 3. Compare filters: parent_filters ⊆ child_filters
+    for k, v in parent_filters.items():
+        if child_filters.get(k) != v:
+            return False
+
+    logging.error(f"{parent_level}, {child_level}")
+
+    return True
+
+
+def has_subset_scope(
+    *, subset_scope: str, user_scopes: list[str] | str | None
+) -> bool:
+    user_scopes = user_scopes or []
+    if isinstance(user_scopes, str):
+        user_scopes = [user_scopes]
+    for user_scope in user_scopes:
+        if is_subset_scope(subset_scope=subset_scope, super_scope=user_scope):
+            return True
+    return False

usso/models/user.py

@@ -46,7 +46,6 @@ class UserData(BaseModel):
         nbf: int | None = None,
         exp: int | None = None,
         jti: str | None = None,
-
         token_type: TokenType | None = None,
         session_id: str | None = None,
         tenant_id: str | None = None,

{usso-0.28.17.dist-info → usso-0.28.19.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: usso
-Version: 0.28.17
+Version: 0.28.19
 Summary: A plug-and-play client for integrating universal single sign-on (SSO) with Python frameworks, enabling secure and seamless authentication across microservices.
 Author-email: Mahdi Kiani <mahdikiany@gmail.com>
 Maintainer-email: Mahdi Kiani <mahdikiany@gmail.com>

{usso-0.28.17.dist-info → usso-0.28.19.dist-info}/RECORD

@@ -2,7 +2,7 @@ usso/__init__.py,sha256=t3tYcw4qtGFpk7iakXTqEj5RlzIc8D2fs0I3FZcOmGs,571
 usso/exceptions.py,sha256=cBzmMCwpNQKMjCUXO3bCcFwZJQQvbvJ5RxTH987ZlCI,1012
 usso/auth/__init__.py,sha256=Dthv-iZTgsHTGcJrkJsnAtDCbRR5dNCx0Ut7MufoAXY,270
 usso/auth/api_key.py,sha256=EIW9yCOu52EzF9I16yOmBHtIJQAXZ6YhMwJUsBtuWVA,1162
-usso/auth/authorization.py,sha256=HuNBgz0RSPMevPAhZdqsCpp-Uz1MrDM37KvC5utVwqU,5489
+usso/auth/authorization.py,sha256=d96LmgzhbvV_9P6qx6jmFzIo8Zb1c96pLYOKFasgs2g,6733
 usso/auth/client.py,sha256=WFB7I9_fzr_P-oK_elaiCe5EIZZ9kY_LkkJls6BGWZk,2645
 usso/auth/config.py,sha256=SQMr6Y0zJFA9jvx8UKKv6PPJ0GVBzlwKXfAhwQn2fjU,3750
 usso/integrations/django/__init__.py,sha256=dKpbffHS5ouGtW6ooI2ivzjPmH_1rOBny85htR-KqrY,97
@@ -10,7 +10,7 @@ usso/integrations/django/middleware.py,sha256=AZKYZ4UPNmyxcD3ANgp0y_fdrFvVQdHBqy
 usso/integrations/fastapi/__init__.py,sha256=ohToiqutHu3Okr8naunssDkamj1OdiG4OpPdBW0rt7U,204
 usso/integrations/fastapi/dependency.py,sha256=Cq-rkCrmNIC8OT1OkdMxfIEkmQkl_pwqV7N7CiNnDSA,2801
 usso/integrations/fastapi/handler.py,sha256=MNDoBYdySumFsBgVw-xir3jXXH63KehFXKCh-pNnNZQ,386
-usso/models/user.py,sha256=eVZD1roaXkHiyO_fmMVoIAoE8AVvot4RTySJcYMe2uw,3760
+usso/models/user.py,sha256=YD109KyK0W7LWIH-bXYgtJ53b7Ipb9tLLhwXvwQWyrs,3759
 usso/session/__init__.py,sha256=tE4qWUdSI7iN_pywm47Mg8NKOTBa2nCNwCy3wCZWRmU,124
 usso/session/async_session.py,sha256=eQQh2DXiaHdballRjePa8GSI9GmGsxNDU7vTfwh8mRQ,3971
 usso/session/base_session.py,sha256=O3tEltMhlwkEz1GGbjE4iXPwSlLaUW2juUt9RDSLrHI,2559
@@ -18,9 +18,9 @@ usso/session/session.py,sha256=briCgDMoF-b59H6Aie_Lmjy4qnPBBSmKnVhAwef34F0,1637
 usso/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 usso/utils/method_utils.py,sha256=1NMN4le04PWXDSJZK-nf7q2IFqOMkwYcCnslFXAzlH8,355
 usso/utils/string_utils.py,sha256=7tziAa2Cwa7xhwM_NF4DSY3BHoqVaWgJ21VuV8LvhrY,253
-usso-0.28.17.dist-info/licenses/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
-usso-0.28.17.dist-info/METADATA,sha256=j97abEMXXA2AWZiEXErWj2Yb5XmGSHv-JH-yyDWZaiQ,5061
-usso-0.28.17.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-usso-0.28.17.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
-usso-0.28.17.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
-usso-0.28.17.dist-info/RECORD,,
+usso-0.28.19.dist-info/licenses/LICENSE.txt,sha256=ceC9ZJOV9H6CtQDcYmHOS46NA3dHJ_WD4J9blH513pc,1081
+usso-0.28.19.dist-info/METADATA,sha256=_8qTZuFRlgRKD2xa3v67GYxIamrCGZKYmkoxiiE-P1E,5061
+usso-0.28.19.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+usso-0.28.19.dist-info/entry_points.txt,sha256=4Zgpm5ELaAWPf0jPGJFz1_X69H7un8ycT3WdGoJ0Vvk,35
+usso-0.28.19.dist-info/top_level.txt,sha256=g9Jf6h1Oyidh0vPiFni7UHInTJjSvu6cUalpLTIvthg,5
+usso-0.28.19.dist-info/RECORD,,