Skip to content

domain.enums.permission

src.domain.enums.permission

Permission components for RBAC authorization.

This module defines Resource and Action enums used for permission checks. Permissions are expressed as resource:action pairs (e.g., "accounts:read").

Reference
  • docs/architecture/authorization-architecture.md
Usage

from src.domain.enums import Resource, Action

Permission check

allowed = await authz.check_permission( user_id=user.id, resource=Resource.ACCOUNTS, action=Action.WRITE, )

FastAPI dependency

@router.get("/accounts") async def list_accounts( _: None = Depends(require_permission(Resource.ACCOUNTS, Action.READ)), ): ...

Classes

Resource

Bases: str, Enum

Resources that can be protected by authorization.

Each resource represents a domain concept that users can access. Used with Action enum to form permission checks.

String Enum

Inherits from str for easy serialization and Casbin compatibility. Values are lowercase to match Casbin policy format.

Resource Categories

User Domain: - ACCOUNTS: Financial accounts - TRANSACTIONS: Transaction history - PROVIDERS: Brokerage connections - SESSIONS: Login sessions

Admin Domain: - USERS: User management - ADMIN: Administrative functions - SECURITY: Security settings

Source code in src/domain/enums/permission.py 
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
class Resource(str, Enum):
    """Resources that can be protected by authorization.

    Each resource represents a domain concept that users can access.
    Used with Action enum to form permission checks.

    String Enum:
        Inherits from str for easy serialization and Casbin compatibility.
        Values are lowercase to match Casbin policy format.

    Resource Categories:
        User Domain:
            - ACCOUNTS: Financial accounts
            - TRANSACTIONS: Transaction history
            - PROVIDERS: Brokerage connections
            - SESSIONS: Login sessions

        Admin Domain:
            - USERS: User management
            - ADMIN: Administrative functions
            - SECURITY: Security settings
    """

    # User domain resources
    ACCOUNTS = "accounts"
    """Financial accounts (bank, brokerage, etc.)."""

    TRANSACTIONS = "transactions"
    """Transaction history and details."""

    PROVIDERS = "providers"
    """Brokerage provider connections."""

    SESSIONS = "sessions"
    """User login sessions."""

    # Admin domain resources
    USERS = "users"
    """User management (admin only)."""

    ADMIN = "admin"
    """Administrative functions (admin only)."""

    SECURITY = "security"
    """Security settings like token rotation (admin only)."""

    @classmethod
    def values(cls) -> list[str]:
        """Get all resource values as strings.

        Returns:
            list[str]: List of resource values.
        """
        return [resource.value for resource in cls]
Attributes
ACCOUNTS class-attribute instance-attribute 
ACCOUNTS = 'accounts'

Financial accounts (bank, brokerage, etc.).

TRANSACTIONS class-attribute instance-attribute 
TRANSACTIONS = 'transactions'

Transaction history and details.

PROVIDERS class-attribute instance-attribute 
PROVIDERS = 'providers'

Brokerage provider connections.

SESSIONS class-attribute instance-attribute 
SESSIONS = 'sessions'

User login sessions.

USERS class-attribute instance-attribute 
USERS = 'users'

User management (admin only).

ADMIN class-attribute instance-attribute 
ADMIN = 'admin'

Administrative functions (admin only).

SECURITY class-attribute instance-attribute 
SECURITY = 'security'

Security settings like token rotation (admin only).

Functions
values classmethod 
values() -> list[str]

Get all resource values as strings.

Returns:

Type Description
list[str]

list[str]: List of resource values.
Source code in src/domain/enums/permission.py 
76
77
78
79
80
81
82
83
@classmethod
def values(cls) -> list[str]:
    """Get all resource values as strings.

    Returns:
        list[str]: List of resource values.
    """
    return [resource.value for resource in cls]

Action

Bases: str, Enum

Actions that can be performed on resources.

Combined with Resource to form permission checks. Currently supports read/write; can be extended for granular control.

String Enum

Inherits from str for easy serialization and Casbin compatibility. Values are lowercase to match Casbin policy format.

Action Semantics

READ: View, list, get operations (safe, no side effects) WRITE: Create, update, delete operations (modifies state)

Future Extensions
  • DELETE: Separate delete permission
  • MANAGE: Full control including delete
  • EXPORT: Data export permission
Source code in src/domain/enums/permission.py 
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
class Action(str, Enum):
    """Actions that can be performed on resources.

    Combined with Resource to form permission checks.
    Currently supports read/write; can be extended for granular control.

    String Enum:
        Inherits from str for easy serialization and Casbin compatibility.
        Values are lowercase to match Casbin policy format.

    Action Semantics:
        READ: View, list, get operations (safe, no side effects)
        WRITE: Create, update, delete operations (modifies state)

    Future Extensions:
        - DELETE: Separate delete permission
        - MANAGE: Full control including delete
        - EXPORT: Data export permission
    """

    READ = "read"
    """View/list access to resource."""

    WRITE = "write"
    """Create/update/delete access to resource."""

    @classmethod
    def values(cls) -> list[str]:
        """Get all action values as strings.

        Returns:
            list[str]: List of action values.
        """
        return [action.value for action in cls]
Attributes
READ class-attribute instance-attribute 
READ = 'read'

View/list access to resource.

WRITE class-attribute instance-attribute 
WRITE = 'write'

Create/update/delete access to resource.

Functions
values classmethod 
values() -> list[str]

Get all action values as strings.

Returns:

Type Description
list[str]

list[str]: List of action values.
Source code in src/domain/enums/permission.py 
112
113
114
115
116
117
118
119
@classmethod
def values(cls) -> list[str]:
    """Get all action values as strings.

    Returns:
        list[str]: List of action values.
    """
    return [action.value for action in cls]