Skip to content

BasePermission class

This is the reference for the main object BasePermission that contains all the parameters, attributes and functions.

esmerald.BasePermission

BasePermission class object. The entry-point for all permissions used by `Esmerald.

When creating a permission or a set of permissions for the application, those must inherit from the BasePermission and implement the has_permission.

Example

from esmerald import BasePermission, Request
from esmerald.types import APIGateHandler


class IsProjectAllowed(BasePermission):
    '''
    Permission to validate if has access to a given project
    '''

    async def has_permission(self, request: "Request", apiview: "APIGateHandler"):
        allow_project = request.headers.get("allow_access")
        return bool(allow_project)

has_permission 

has_permission(request, apiview)

Mandatory functionality and entry-point for verifying if the resource is available or not.

The has_permission can be both sync and async depending of the needs of application.

PARAMETER DESCRIPTION
request

The request object being passed through the request.

TYPE: Request

apiview

A handler usually corresponding the level where the permission is placed.

TYPE: APIGateHandler

RETURNS DESCRIPTION
bool

Boolean indicating if has or not permission to access the specific resource.

Example with async

from esmerald import BasePermission, Request
from esmerald.types import APIGateHandler


class IsProjectAllowed(BasePermission):
    '''
    Permission to validate if has access to a given project
    '''

    async def has_permission(self, request: "Request", apiview: "APIGateHandler") -> bool:
        allow_project = request.headers.get("allow_access")
        return bool(allow_project)

Example with sync

from esmerald import BasePermission, Request
from esmerald.types import APIGateHandler


class IsProjectAllowed(BasePermission):
    '''
    Permission to validate if has access to a given project
    '''

    def has_permission(self, request: "Request", apiview: "APIGateHandler") -> bool:
        allow_project = request.headers.get("allow_access")
        return bool(allow_project)
Source code in esmerald/permissions/base.py 
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
def has_permission(
    self,
    request: Annotated[
        "Request",
        Doc(
            """
            The request object being passed through the request.
            """
        ),
    ],
    apiview: Annotated[
        "APIGateHandler",
        Doc(
            """
            A [handler](https://esmerald.dev/routing/handlers/) usually
            corresponding the [level](https://esmerald.dev/application/levels/)
            where the permission is placed.
            """
        ),
    ],
) -> bool:
    """
    **Mandatory** functionality and entry-point for verifying
    if the resource is available or not.

    The `has_permission` can be both `sync` and `async` depending
    of the needs of application.

    Returns:
        Boolean indicating if has or not permission to access the specific resource.

    **Example with `async`**

    ```python
    from esmerald import BasePermission, Request
    from esmerald.types import APIGateHandler


    class IsProjectAllowed(BasePermission):
        '''
        Permission to validate if has access to a given project
        '''

        async def has_permission(self, request: "Request", apiview: "APIGateHandler") -> bool:
            allow_project = request.headers.get("allow_access")
            return bool(allow_project)
    ```

    **Example with `sync`**

    ```python
    from esmerald import BasePermission, Request
    from esmerald.types import APIGateHandler


    class IsProjectAllowed(BasePermission):
        '''
        Permission to validate if has access to a given project
        '''

        def has_permission(self, request: "Request", apiview: "APIGateHandler") -> bool:
            allow_project = request.headers.get("allow_access")
            return bool(allow_project)
    ```
    """
    return True