Spaces:
Paused
Paused
File size: 1,123 Bytes
8b58456 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | from enum import Enum
class PluginPermission(str, Enum):
"""
Granular permissions for plugins.
Plugins must explicitly request these capabilities.
"""
# Core
READ_ONLY = "READ_ONLY" # Basic safe read operations
READ_DATA = "READ_DATA" # Broader data read (e.g., active user counts)
WRITE_DATA = "WRITE_DATA" # Generic write access (Dangerous)
# Domains
READ_USER = "READ_USER" # Read user details (PII warning)
WRITE_USER = "WRITE_USER" # Modify user data
READ_CASE = "READ_CASE"
WRITE_CASE = "WRITE_CASE"
# System
NETWORK_ACCESS = "NETWORK_ACCESS" # Allow outbound HTTP calls
FILE_ACCESS = "FILE_ACCESS" # Allow filesystem read/write (Restricted dirs)
def validate_permissions(requested: list[str]) -> list[str]:
"""
Validate and return allowed permissions.
could filter out unknown or forbidden permissions.
"""
valid = []
for p in requested:
try:
# Check if it's a valid enum
PluginPermission(p)
valid.append(p)
except ValueError:
pass
return valid
|