Spaces:
Paused
Paused
File size: 3,379 Bytes
4a2ab42 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | """
Role-Based Access Control (RBAC) for Zenith Fraud Detection Platform
"""
from enum import Enum
class Permission(str, Enum):
# Case permissions
VIEW_CASES = "view_cases"
CREATE_CASES = "create_cases"
EDIT_CASES = "edit_cases"
DELETE_CASES = "delete_cases"
CLOSE_CASES = "close_cases"
# Transaction permissions
VIEW_TRANSACTIONS = "view_transactions"
UPLOAD_TRANSACTIONS = "upload_transactions"
EDIT_TRANSACTIONS = "edit_transactions"
# Evidence permissions
VIEW_EVIDENCE = "view_evidence"
UPLOAD_EVIDENCE = "upload_evidence"
DELETE_EVIDENCE = "delete_evidence"
# User permissions
MANAGE_USERS = "manage_users"
VIEW_USERS = "view_users"
# System permissions
VIEW_REPORTS = "view_reports"
MANAGE_SYSTEM = "manage_system"
VIEW_AUDIT = "view_audit"
# Role definitions
ROLE_PERMISSIONS: dict[str, list[str]] = {
"viewer": [
Permission.VIEW_CASES,
Permission.VIEW_TRANSACTIONS,
Permission.VIEW_EVIDENCE,
Permission.VIEW_REPORTS,
],
"analyst": [
Permission.VIEW_CASES,
Permission.CREATE_CASES,
Permission.EDIT_CASES,
Permission.VIEW_TRANSACTIONS,
Permission.UPLOAD_TRANSACTIONS,
Permission.EDIT_TRANSACTIONS,
Permission.VIEW_EVIDENCE,
Permission.UPLOAD_EVIDENCE,
Permission.VIEW_REPORTS,
Permission.VIEW_AUDIT,
],
"investigator": [
Permission.VIEW_CASES,
Permission.CREATE_CASES,
Permission.EDIT_CASES,
Permission.CLOSE_CASES,
Permission.DELETE_CASES,
Permission.VIEW_TRANSACTIONS,
Permission.UPLOAD_TRANSACTIONS,
Permission.EDIT_TRANSACTIONS,
Permission.VIEW_EVIDENCE,
Permission.UPLOAD_EVIDENCE,
Permission.DELETE_EVIDENCE,
Permission.VIEW_REPORTS,
Permission.VIEW_AUDIT,
],
"manager": [
Permission.VIEW_CASES,
Permission.CREATE_CASES,
Permission.EDIT_CASES,
Permission.CLOSE_CASES,
Permission.DELETE_CASES,
Permission.VIEW_TRANSACTIONS,
Permission.UPLOAD_TRANSACTIONS,
Permission.EDIT_TRANSACTIONS,
Permission.VIEW_EVIDENCE,
Permission.UPLOAD_EVIDENCE,
Permission.DELETE_EVIDENCE,
Permission.MANAGE_USERS,
Permission.VIEW_USERS,
Permission.VIEW_REPORTS,
Permission.VIEW_AUDIT,
],
"admin": [
Permission.VIEW_CASES,
Permission.CREATE_CASES,
Permission.EDIT_CASES,
Permission.CLOSE_CASES,
Permission.DELETE_CASES,
Permission.VIEW_TRANSACTIONS,
Permission.UPLOAD_TRANSACTIONS,
Permission.EDIT_TRANSACTIONS,
Permission.VIEW_EVIDENCE,
Permission.UPLOAD_EVIDENCE,
Permission.DELETE_EVIDENCE,
Permission.MANAGE_USERS,
Permission.VIEW_USERS,
Permission.MANAGE_SYSTEM,
Permission.VIEW_REPORTS,
Permission.VIEW_AUDIT,
],
}
def has_permission(user_role: str, permission: str) -> bool:
"""Check if a user role has a specific permission"""
if user_role not in ROLE_PERMISSIONS:
return False
return permission in ROLE_PERMISSIONS[user_role]
def get_role_permissions(role: str) -> list[str]:
"""Get all permissions for a role"""
return ROLE_PERMISSIONS.get(role, [])
|