def revoke_permission(user, permission_name):
"""
Revoke a specified permission from a user.
Permissions are only revoked if they are in the scope any of the user's
roles. If the permission is out of scope, a RolePermissionScopeException
is raised.
"""
roles = get_user_roles(user)
for role in roles:
if permission_name in role.permission_names_list():
permission = get_permission(permission_name)
user.user_permissions.remove(permission)
return
raise RolePermissionScopeException("This permission isn't in the scope of "
"any of this user's roles.")
def grant_permission(user, permission_name):
"""
Grant a user a specified permission.
Permissions are only granted if they are in the scope any of the
user's roles. If the permission is out of scope,
a RolePermissionScopeException is raised.
"""
roles = get_user_roles(user)
for role in roles:
if permission_name in role.permission_names_list():
permission = get_permission(permission_name)
user.user_permissions.add(permission)
return
raise RolePermissionScopeException("This permission isn't in the scope of "
"any of this user's roles.")