""" User Context and Permission Module Handles permission checks for API key authentication """ from typing import Optional def check_permission(user_scopes: list, required_scope: str) -> bool: """ Check if user has required permission Args: user_scopes: List of scopes user has required_scope: Scope needed for this operation Returns: True if user has permission """ # Admin has all permissions if 'admin' in user_scopes: return True # Check specific scope return required_scope in user_scopes # Scope requirements for each tool SCOPE_REQUIREMENTS = { # Order operations 'create_order': 'orders:write', 'fetch_orders': 'orders:read', 'update_order': 'orders:write', 'delete_order': 'orders:write', 'search_orders': 'orders:read', 'get_order_details': 'orders:read', 'count_orders': 'orders:read', 'get_incomplete_orders': 'orders:read', # Driver operations 'create_driver': 'drivers:write', 'fetch_drivers': 'drivers:read', 'update_driver': 'drivers:write', 'delete_driver': 'drivers:write', 'search_drivers': 'drivers:read', 'get_driver_details': 'drivers:read', 'count_drivers': 'drivers:read', 'get_available_drivers': 'drivers:read', # Assignment operations 'create_assignment': 'assignments:manage', 'auto_assign_order': 'assignments:manage', 'intelligent_assign_order': 'assignments:manage', 'get_assignment_details': 'assignments:manage', 'update_assignment': 'assignments:manage', 'unassign_order': 'assignments:manage', 'complete_delivery': 'assignments:manage', 'fail_delivery': 'assignments:manage', # Routing (public - no scope required) 'geocode_address': None, 'calculate_route': None, 'calculate_intelligent_route': None, # Dangerous operations (admin only) 'delete_all_orders': 'admin', 'delete_all_drivers': 'admin', } def get_required_scope(tool_name: str) -> Optional[str]: """ Get the scope required for a tool Args: tool_name: Name of the tool Returns: Required scope or None if tool is public """ return SCOPE_REQUIREMENTS.get(tool_name, 'admin')