syft-permissions

pip install syft-permissions

from syft_permissions import (
    ACLService,            # Core permission engine
    ACLRequest,            # Permission request object
    AccessLevel,           # Enum: READ, CREATE, WRITE, ADMIN
    User,                  # User representation
    RuleSet,               # Collection of permission rules
    Rule,                  # Individual permission rule
    Access,                # Access specification
    PERMISSION_FILE_NAME,  # "syftperm.yaml"
)

from syft_permissions import ACLService, RuleSet
from pathlib import Path

# Initialize the ACL service
service = ACLService(root_path=Path("/path/to/datasite"))

from syft_permissions import ACLRequest, AccessLevel, User

# Create a permission request
request = ACLRequest(
    user=User(email="[email protected]"),
    path=Path("/path/to/file.csv"),
    access_level=AccessLevel.READ
)

# Check if access is granted
result = service.check_access(request)
if result.granted:
    print("Access granted!")
else:
    print(f"Access denied: {result.reason}")

from syft_permissions import RuleSet, Rule, Access, AccessLevel

# Create a ruleset
ruleset = RuleSet(
    rules=[
        Rule(
            pattern="**/*.csv",
            access=Access(
                read=["[email protected]"],
                write=["[email protected]"],
                admin=["[email protected]"]
            )
        ),
        Rule(
            pattern="public/**",
            access=Access(
                read=["*"],  # Everyone can read
                write=["[email protected]"]
            )
        )
    ]
)

# Save to syftperm.yaml
ruleset_path = Path("/path/to/folder") / PERMISSION_FILE_NAME
ruleset.save(ruleset_path)

from syft_permissions import AccessLevel

# Access levels in hierarchy (each includes all lower levels)
print(AccessLevel.READ)    # Lowest level
print(AccessLevel.CREATE)  # Includes READ
print(AccessLevel.WRITE)   # Includes READ + CREATE
print(AccessLevel.ADMIN)   # Highest level, includes all

# Check access level hierarchy
if AccessLevel.WRITE >= AccessLevel.READ:
    print("Write access includes read permissions")

rules:
  - pattern: "**/*.csv"
    access:
      read:
        - [email protected]
        - [email protected]
      write:
        - [email protected]
  
  - pattern: "public/**"
    access:
      read:
        - "*"  # Everyone
      create:
        - [email protected]
      write:
        - [email protected]

from syft_permissions import ACLService, RuleSet

class CustomACLService(ACLService):
    def check_access(self, request: ACLRequest) -> ACLResult:
        # Add custom logic before checking
        if request.user.email.endswith("@trusted-domain.com"):
            # Grant automatic access to trusted domain
            return ACLResult(granted=True)
        
        # Fall back to standard ACL checking
        return super().check_access(request)