def role_has_permission(role, permission):
if role is None:
return False
if not Roles.has_value(role):
raise RoleDoesNotExistError('Role {} does not exist'.format(role))
roles = get_roles_with_permissions()
permissions = roles.get(role)
return permission in permissions
def get_roles_for_permission(permission):
if not Permissions.has_value(permission):
raise PermissionDoesNotExistError('Permission {} does not exist'.format(permission))
roles_for_permissions = set()
roles = get_roles_with_permissions()
for role in roles:
permissions = roles.get(role)
if permission in permissions:
roles_for_permissions.add(role)
return roles_for_permissions
