def explain_denied(self, member_name, resource_names, roles=None,
permission_names=None):
"""List possibilities to grant access which is currently denied."""
roles = [] if roles is None else roles
permission_names = [] if permission_names is None else permission_names
if not oneof(roles != [], permission_names != []):
raise Exception('Either roles or permission names must be set')
request = explain_pb2.ExplainDeniedRequest(
member=member_name,
resources=resource_names,
roles=roles,
permissions=permission_names)
return self.stub.ExplainDenied(request, metadata=self.metadata())
def explain_granted(self, member_name, resource_name, role=None,
permission=None):
"""Provide data on all possibilities on
how a member has access to a resources."""
if not oneof(role is not None, permission is not None):
raise Exception('Either role or permission name must be set')
request = explain_pb2.ExplainGrantedRequest()
if role is not None:
request.role = role
else:
request.permission = permission
request.resource = resource_name
request.member = member_name
return self.stub.ExplainGranted(request, metadata=self.metadata())