Spaces:
Paused
Paused
| from enum import Enum | |
| class PluginPermission(str, Enum): | |
| """ | |
| Granular permissions for plugins. | |
| Plugins must explicitly request these capabilities. | |
| """ | |
| # Core | |
| READ_ONLY = "READ_ONLY" # Basic safe read operations | |
| READ_DATA = "READ_DATA" # Broader data read (e.g., active user counts) | |
| WRITE_DATA = "WRITE_DATA" # Generic write access (Dangerous) | |
| # Domains | |
| READ_USER = "READ_USER" # Read user details (PII warning) | |
| WRITE_USER = "WRITE_USER" # Modify user data | |
| READ_CASE = "READ_CASE" | |
| WRITE_CASE = "WRITE_CASE" | |
| # System | |
| NETWORK_ACCESS = "NETWORK_ACCESS" # Allow outbound HTTP calls | |
| FILE_ACCESS = "FILE_ACCESS" # Allow filesystem read/write (Restricted dirs) | |
| def validate_permissions(requested: list[str]) -> list[str]: | |
| """ | |
| Validate and return allowed permissions. | |
| could filter out unknown or forbidden permissions. | |
| """ | |
| valid = [] | |
| for p in requested: | |
| try: | |
| # Check if it's a valid enum | |
| PluginPermission(p) | |
| valid.append(p) | |
| except ValueError: | |
| pass | |
| return valid | |