def explain_denied(self, member_name, resource_names, roles=None, permission_names=None): """List possibilities to grant access which is currently denied.""" roles = [] if roles is None else roles permission_names = [] if permission_names is None else permission_names if not oneof(roles != [], permission_names != []): raise Exception('Either roles or permission names must be set') request = explain_pb2.ExplainDeniedRequest( member=member_name, resources=resource_names, roles=roles, permissions=permission_names) return self.stub.ExplainDenied(request, metadata=self.metadata())
def explain_granted(self, member_name, resource_name, role=None, permission=None): """Provide data on all possibilities on how a member has access to a resources.""" if not oneof(role is not None, permission is not None): raise Exception('Either role or permission name must be set') request = explain_pb2.ExplainGrantedRequest() if role is not None: request.role = role else: request.permission = permission request.resource = resource_name request.member = member_name return self.stub.ExplainGranted(request, metadata=self.metadata())