Skip to content

Permission Patterns

Self-service edits

Allow users to edit their own profile while administrators can edit any profile.

from general_manager.manager import GeneralManager
from general_manager.measurement import Measurement
from general_manager.permission.manager_based_permission import (
    AdditiveManagerPermission,
    OverrideManagerPermission,
)

class Profile(GeneralManager):
    user: User

    class Permission(AdditiveManagerPermission):
        __read__ = ["isAuthenticated"]
        __update__ = ["isAdmin", "isSelf"]

Hierarchical approval

Chain permissions using __based_on__ for nested workflows.

class WorkPackage(GeneralManager):
    project: Project

    class Permission(AdditiveManagerPermission):
        __based_on__ = "project"
        __update__ = ["isProjectManager", "isWorkPackageOwner"]

Attribute visibility

Hide sensitive attributes from unauthorised users by returning None.

class Contract(GeneralManager):
    total_value: Measurement

    class Permission(OverrideManagerPermission):
        total_value = {
            "read": ["isFinanceTeam"],
        }

Unauthorised users still receive the object but the restricted field resolves to None in GraphQL.